1 /**********************************************************************
3 * Copyright (c) 2005-2013 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * Implementation of RFC 4357 (GOST R 34.10) Publick key method *
8 * Requires OpenSSL 1.0.0+ for compilation *
9 **********************************************************************/
10 #include <openssl/evp.h>
11 #include <openssl/objects.h>
12 #include <openssl/ec.h>
13 #include <openssl/err.h>
14 #include <openssl/x509v3.h> /* For string_to_hex */
15 #include <openssl/opensslv.h> /* For OPENSSL_VERSION_MAJOR */
20 #include "e_gost_err.h"
23 #ifdef OPENSSL_VERSION_MAJOR
25 #define ossl3_const const
28 /* -----init, cleanup, copy - uniform for all algs --------------*/
29 /* Allocates new gost_pmeth_data structure and assigns it as data */
30 static int pkey_gost_init(EVP_PKEY_CTX *ctx)
32 struct gost_pmeth_data *data;
33 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
35 data = OPENSSL_malloc(sizeof(*data));
38 memset(data, 0, sizeof(*data));
39 if (pkey && EVP_PKEY_get0(pkey)) {
40 switch (EVP_PKEY_base_id(pkey)) {
41 case NID_id_GostR3410_2001:
42 case NID_id_GostR3410_2012_256:
43 case NID_id_GostR3410_2012_512:
45 const EC_GROUP *group =
46 EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey));
48 data->sign_param_nid = EC_GROUP_get_curve_name(group);
58 EVP_PKEY_CTX_set_data(ctx, data);
62 /* Copies contents of gost_pmeth_data structure */
63 static int pkey_gost_copy(EVP_PKEY_CTX *dst, ossl3_const EVP_PKEY_CTX *src)
65 struct gost_pmeth_data *dst_data, *src_data;
66 if (!pkey_gost_init(dst)) {
69 src_data = EVP_PKEY_CTX_get_data(src);
70 dst_data = EVP_PKEY_CTX_get_data(dst);
71 if (!src_data || !dst_data)
74 *dst_data = *src_data;
79 /* Frees up gost_pmeth_data structure */
80 static void pkey_gost_cleanup(EVP_PKEY_CTX *ctx)
82 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
88 /* --------------------- control functions ------------------------------*/
89 static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
91 struct gost_pmeth_data *pctx =
92 (struct gost_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
97 case EVP_PKEY_CTRL_MD:
99 EVP_PKEY *key = EVP_PKEY_CTX_get0_pkey(ctx);
100 int pkey_nid = (key == NULL) ? NID_undef : EVP_PKEY_base_id(key);
102 OPENSSL_assert(p2 != NULL);
104 switch (EVP_MD_type((const EVP_MD *)p2)) {
105 case NID_id_GostR3411_94:
106 if (pkey_nid == NID_id_GostR3410_2001
107 || pkey_nid == NID_id_GostR3410_94) {
108 pctx->md = (EVP_MD *)p2;
113 case NID_id_GostR3411_2012_256:
114 if (pkey_nid == NID_id_GostR3410_2012_256) {
115 pctx->md = (EVP_MD *)p2;
120 case NID_id_GostR3411_2012_512:
121 if (pkey_nid == NID_id_GostR3410_2012_512) {
122 pctx->md = (EVP_MD *)p2;
128 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
132 case EVP_PKEY_CTRL_GET_MD:
133 *(const EVP_MD **)p2 = pctx->md;
136 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
137 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
138 case EVP_PKEY_CTRL_PKCS7_SIGN:
139 case EVP_PKEY_CTRL_DIGESTINIT:
140 #ifndef OPENSSL_NO_CMS
141 case EVP_PKEY_CTRL_CMS_ENCRYPT:
142 case EVP_PKEY_CTRL_CMS_DECRYPT:
143 case EVP_PKEY_CTRL_CMS_SIGN:
147 case EVP_PKEY_CTRL_GOST_PARAMSET:
148 pctx->sign_param_nid = (int)p1;
150 case EVP_PKEY_CTRL_SET_IV:
151 if (p1 > sizeof(pctx->shared_ukm) || !p2) {
152 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_UKM_NOT_SET);
155 memcpy(pctx->shared_ukm, p2, (int)p1);
156 pctx->shared_ukm_size = p1;
158 case EVP_PKEY_CTRL_SET_VKO:
160 case 0: /* switch to KEG */
161 case NID_id_GostR3411_2012_256:
162 case NID_id_GostR3411_2012_512:
165 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
168 pctx->vko_dgst_nid = p1;
170 case EVP_PKEY_CTRL_CIPHER:
172 case NID_magma_ctr_acpkm:
173 case NID_magma_ctr_acpkm_omac:
175 pctx->cipher_nid = NID_magma_ctr;
177 case NID_kuznyechik_ctr_acpkm:
178 case NID_kuznyechik_ctr_acpkm_omac:
179 case NID_kuznyechik_ctr:
180 pctx->cipher_nid = NID_kuznyechik_ctr;
183 pctx->cipher_nid = p1;
187 case EVP_PKEY_CTRL_PEER_KEY:
188 if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
190 if (p1 == 2) /* TLS: peer key used? */
191 return pctx->peer_key_used;
192 if (p1 == 3) /* TLS: peer key used! */
193 return (pctx->peer_key_used = 1);
197 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_CTRL_CALL_FAILED);
201 static int pkey_gost_ec_ctrl_str_common(EVP_PKEY_CTX *ctx,
202 const char *type, const char *value)
204 if (0 == strcmp(type, ukm_ctrl_string)) {
205 unsigned char ukm_buf[32], *tmp = NULL;
207 tmp = OPENSSL_hexstr2buf(value, &len);
213 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_CTRL_CALL_FAILED);
216 memcpy(ukm_buf, tmp, len);
219 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_IV, len, ukm_buf);
220 } else if (strcmp(type, vko_ctrl_string) == 0) {
221 int bits = atoi(value);
222 int vko_dgst_nid = 0;
225 vko_dgst_nid = NID_id_GostR3411_2012_256;
226 else if (bits == 512)
227 vko_dgst_nid = NID_id_GostR3411_2012_512;
228 else if (bits != 0) {
229 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_INVALID_DIGEST_TYPE);
232 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_VKO, vko_dgst_nid, NULL);
237 static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx,
238 const char *type, const char *value)
240 if (strcmp(type, param_ctrl_string) == 0) {
246 if (strlen(value) == 1) {
247 switch (toupper((unsigned char)value[0])) {
249 param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
252 param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
255 param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
258 param_nid = NID_id_GostR3410_2001_TestParamSet;
263 } else if ((strlen(value) == 2)
264 && (toupper((unsigned char)value[0]) == 'X')) {
265 switch (toupper((unsigned char)value[1])) {
267 param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
270 param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet;
275 } else if ((strlen(value) == 3)
276 && (toupper((unsigned char)value[0]) == 'T')
277 && (toupper((unsigned char)value[1]) == 'C')) {
278 switch (toupper((unsigned char)value[2])) {
280 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetA;
283 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetB;
286 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetC;
289 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetD;
295 R3410_ec_params *p = R3410_2001_paramset;
296 param_nid = OBJ_txt2nid(value);
297 if (param_nid == NID_undef) {
300 for (; p->nid != NID_undef; p++) {
301 if (p->nid == param_nid)
304 if (p->nid == NID_undef) {
305 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_256,
306 GOST_R_INVALID_PARAMSET);
311 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
315 return pkey_gost_ec_ctrl_str_common(ctx, type, value);
318 static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx,
319 const char *type, const char *value)
321 int param_nid = NID_undef;
323 if (strcmp(type, param_ctrl_string))
324 return pkey_gost_ec_ctrl_str_common(ctx, type, value);
329 if (strlen(value) == 1) {
330 switch (toupper((unsigned char)value[0])) {
332 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetA;
336 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetB;
340 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetC;
347 R3410_ec_params *p = R3410_2012_512_paramset;
348 param_nid = OBJ_txt2nid(value);
349 if (param_nid == NID_undef)
352 while (p->nid != NID_undef && p->nid != param_nid)
355 if (p->nid == NID_undef) {
356 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_512,
357 GOST_R_INVALID_PARAMSET);
362 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL);
365 /* --------------------- key generation --------------------------------*/
367 static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
372 static int pkey_gost2001_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
374 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
377 if (!data || data->sign_param_nid == NID_undef) {
378 GOSTerr(GOST_F_PKEY_GOST2001_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
383 if (!fill_GOST_EC_params(ec, data->sign_param_nid)
384 || !EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec)) {
391 static int pkey_gost2012_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
393 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
397 if (!data || data->sign_param_nid == NID_undef) {
398 GOSTerr(GOST_F_PKEY_GOST2012_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
403 if (!fill_GOST_EC_params(ec, data->sign_param_nid)) {
408 switch (data->sign_param_nid) {
409 case NID_id_tc26_gost_3410_2012_512_paramSetA:
410 case NID_id_tc26_gost_3410_2012_512_paramSetB:
411 case NID_id_tc26_gost_3410_2012_512_paramSetC:
412 case NID_id_tc26_gost_3410_2012_512_paramSetTest:
414 (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0;
417 case NID_id_GostR3410_2001_CryptoPro_A_ParamSet:
418 case NID_id_GostR3410_2001_CryptoPro_B_ParamSet:
419 case NID_id_GostR3410_2001_CryptoPro_C_ParamSet:
420 case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet:
421 case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet:
422 case NID_id_GostR3410_2001_TestParamSet:
423 case NID_id_tc26_gost_3410_2012_256_paramSetA:
424 case NID_id_tc26_gost_3410_2012_256_paramSetB:
425 case NID_id_tc26_gost_3410_2012_256_paramSetC:
426 case NID_id_tc26_gost_3410_2012_256_paramSetD:
428 (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_256, ec)) ? 1 : 0;
441 /* ----------- keygen callbacks --------------------------------------*/
442 /* Generates GOST_R3410 2001 key and assigns it using specified type */
443 static int pkey_gost2001cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
446 if (!pkey_gost2001_paramgen(ctx, pkey))
448 ec = EVP_PKEY_get0(pkey);
453 /* Generates GOST_R3410 2012 key and assigns it using specified type */
454 static int pkey_gost2012cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
456 if (!pkey_gost2012_paramgen(ctx, pkey))
459 gost_ec_keygen(EVP_PKEY_get0(pkey));
463 /* ----------- sign callbacks --------------------------------------*/
465 * Packs signature according to Cryptopro rules
466 * and frees up ECDSA_SIG structure
468 int pack_sign_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
470 const BIGNUM *sig_r = NULL, *sig_s = NULL;
471 ECDSA_SIG_get0(s, &sig_r, &sig_s);
473 memset(sig, 0, *siglen);
474 store_bignum(sig_s, sig, order);
475 store_bignum(sig_r, sig + order, order);
480 static int pkey_gost_ec_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
481 size_t *siglen, const unsigned char *tbs,
484 ECDSA_SIG *unpacked_sig = NULL;
485 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
493 switch (EVP_PKEY_base_id(pkey)) {
494 case NID_id_GostR3410_2001:
495 case NID_id_GostR3410_2012_256:
498 case NID_id_GostR3410_2012_512:
509 unpacked_sig = gost_ec_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
513 return pack_sign_cp(unpacked_sig, order / 2, sig, siglen);
516 /* ------------------- verify callbacks ---------------------------*/
517 /* Unpack signature according to cryptopro rules */
518 ECDSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen)
521 BIGNUM *r = NULL, *s = NULL;
523 sig = ECDSA_SIG_new();
525 GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
528 s = BN_bin2bn(sigbuf, siglen / 2, NULL);
529 r = BN_bin2bn(sigbuf + siglen / 2, siglen / 2, NULL);
530 ECDSA_SIG_set0(sig, r, s);
534 static int pkey_gost_ec_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
535 size_t siglen, const unsigned char *tbs,
539 EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
540 ECDSA_SIG *s = (sig) ? unpack_cp_signature(sig, siglen) : NULL;
544 fprintf(stderr, "R=");
545 BN_print_fp(stderr, ECDSA_SIG_get0_r(s));
546 fprintf(stderr, "\nS=");
547 BN_print_fp(stderr, ECDSA_SIG_get0_s(s));
548 fprintf(stderr, "\n");
551 ok = gost_ec_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
556 /* ------------- encrypt init -------------------------------------*/
557 /* Generates ephermeral key */
558 static int pkey_gost_encrypt_init(EVP_PKEY_CTX *ctx)
563 /* --------------- Derive init ------------------------------------*/
564 static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx)
569 /* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/
570 static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
572 struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
573 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
577 memset(data, 0, sizeof(*data));
579 data->mac_param_nid = NID_undef;
582 struct gost_mac_key *key = EVP_PKEY_get0(pkey);
584 data->mac_param_nid = key->mac_param_nid;
585 data->mac_size = key->mac_size;
589 EVP_PKEY_CTX_set_data(ctx, data);
593 static int pkey_gost_omac_init(EVP_PKEY_CTX *ctx, size_t mac_size)
595 struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
596 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
600 memset(data, 0, sizeof(*data));
601 data->mac_size = mac_size;
602 data->mac_param_nid = NID_undef;
605 struct gost_mac_key *key = EVP_PKEY_get0(pkey);
607 data->mac_param_nid = key->mac_param_nid;
608 data->mac_size = key->mac_size;
612 EVP_PKEY_CTX_set_data(ctx, data);
616 static int pkey_gost_magma_mac_init(EVP_PKEY_CTX *ctx)
618 return pkey_gost_omac_init(ctx, 8);
621 static int pkey_gost_grasshopper_mac_init(EVP_PKEY_CTX *ctx)
623 return pkey_gost_omac_init(ctx, 16);
626 static void pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
628 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
633 static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, ossl3_const EVP_PKEY_CTX *src)
635 struct gost_mac_pmeth_data *dst_data, *src_data;
636 if (!pkey_gost_mac_init(dst)) {
639 src_data = EVP_PKEY_CTX_get_data(src);
640 dst_data = EVP_PKEY_CTX_get_data(dst);
641 if (!src_data || !dst_data)
644 *dst_data = *src_data;
648 static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
650 struct gost_mac_pmeth_data *data =
651 (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
654 case EVP_PKEY_CTRL_MD:
656 int nid = EVP_MD_type((const EVP_MD *)p2);
657 if (nid != NID_id_Gost28147_89_MAC && nid != NID_gost_mac_12) {
658 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
659 GOST_R_INVALID_DIGEST_TYPE);
662 data->md = (EVP_MD *)p2;
666 case EVP_PKEY_CTRL_GET_MD:
667 *(const EVP_MD **)p2 = data->md;
670 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
671 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
672 case EVP_PKEY_CTRL_PKCS7_SIGN:
674 case EVP_PKEY_CTRL_SET_MAC_KEY:
676 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
680 memcpy(data->key, p2, 32);
683 case EVP_PKEY_CTRL_GOST_PARAMSET:
685 struct gost_cipher_info *param = p2;
686 data->mac_param_nid = param->nid;
689 case EVP_PKEY_CTRL_DIGESTINIT:
691 EVP_MD_CTX *mctx = p2;
692 if (!data->key_set) {
693 struct gost_mac_key *key;
694 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
696 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
697 GOST_R_MAC_KEY_NOT_SET);
700 key = EVP_PKEY_get0(pkey);
702 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
703 GOST_R_MAC_KEY_NOT_SET);
706 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
707 (mctx, EVP_MD_CTRL_SET_KEY, 0, key);
709 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
710 (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key));
713 case EVP_PKEY_CTRL_MAC_LEN:
715 if (p1 < 1 || p1 > 8) {
717 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_SIZE);
727 static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
728 const char *type, const char *value)
730 if (strcmp(type, key_ctrl_string) == 0) {
731 if (strlen(value) != 32) {
732 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
733 GOST_R_INVALID_MAC_KEY_LENGTH);
736 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
739 if (strcmp(type, hexkey_ctrl_string) == 0) {
742 unsigned char *keybuf = string_to_hex(value, &keylen);
743 if (!keybuf || keylen != 32) {
744 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
745 GOST_R_INVALID_MAC_KEY_LENGTH);
746 OPENSSL_free(keybuf);
749 ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
750 OPENSSL_free(keybuf);
754 if (!strcmp(type, maclen_ctrl_string)) {
756 long size = strtol(value, &endptr, 10);
757 if (*endptr != '\0') {
758 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE);
761 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL);
763 if (strcmp(type, param_ctrl_string) == 0) {
764 ASN1_OBJECT *obj = OBJ_txt2obj(value, 0);
765 const struct gost_cipher_info *param = NULL;
767 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
771 param = get_encryption_params(obj);
772 ASN1_OBJECT_free(obj);
774 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
779 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, 0,
785 static int pkey_gost_omac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2, size_t max_size)
787 struct gost_mac_pmeth_data *data =
788 (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
791 case EVP_PKEY_CTRL_MD:
793 int nid = EVP_MD_type((const EVP_MD *)p2);
794 if (nid != NID_magma_mac && nid != NID_grasshopper_mac
795 && nid != NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac /* FIXME beldmit */
796 && nid != NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac) {
797 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
798 GOST_R_INVALID_DIGEST_TYPE);
801 data->md = (EVP_MD *)p2;
805 case EVP_PKEY_CTRL_GET_MD:
806 *(const EVP_MD **)p2 = data->md;
809 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
810 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
811 case EVP_PKEY_CTRL_PKCS7_SIGN:
813 case EVP_PKEY_CTRL_SET_MAC_KEY:
815 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
819 memcpy(data->key, p2, 32);
822 case EVP_PKEY_CTRL_DIGESTINIT:
824 EVP_MD_CTX *mctx = p2;
825 if (!data->key_set) {
826 struct gost_mac_key *key;
827 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
829 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
830 GOST_R_MAC_KEY_NOT_SET);
833 key = EVP_PKEY_get0(pkey);
835 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
836 GOST_R_MAC_KEY_NOT_SET);
839 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
840 (mctx, EVP_MD_CTRL_SET_KEY, 0, key);
842 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
843 (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key));
846 case EVP_PKEY_CTRL_MAC_LEN:
848 if (p1 < 1 || p1 > max_size) {
850 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_SIZE);
860 static int pkey_gost_magma_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
862 return pkey_gost_omac_ctrl(ctx, type, p1, p2, 8);
865 static int pkey_gost_grasshopper_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
867 return pkey_gost_omac_ctrl(ctx, type, p1, p2, 16);
870 static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx,
871 const char *type, const char *value, size_t max_size)
873 if (strcmp(type, key_ctrl_string) == 0) {
874 if (strlen(value) != 32) {
875 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR,
876 GOST_R_INVALID_MAC_KEY_LENGTH);
879 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
882 if (strcmp(type, hexkey_ctrl_string) == 0) {
885 unsigned char *keybuf = string_to_hex(value, &keylen);
886 if (!keybuf || keylen != 32) {
887 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR,
888 GOST_R_INVALID_MAC_KEY_LENGTH);
889 OPENSSL_free(keybuf);
892 ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
893 OPENSSL_free(keybuf);
897 if (!strcmp(type, maclen_ctrl_string)) {
899 long size = strtol(value, &endptr, 10);
900 if (*endptr != '\0') {
901 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE);
904 return pkey_gost_omac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL, max_size);
909 static int pkey_gost_magma_mac_ctrl_str(EVP_PKEY_CTX *ctx,
910 const char *type, const char *value)
912 return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
915 static int pkey_gost_grasshopper_mac_ctrl_str(EVP_PKEY_CTX *ctx,
916 const char *type, const char *value)
918 return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
921 static int pkey_gost_mac_keygen_base(EVP_PKEY_CTX *ctx,
922 EVP_PKEY *pkey, int mac_nid)
924 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
925 struct gost_mac_key *keydata;
926 if (!data || !data->key_set) {
927 GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN_BASE, GOST_R_MAC_KEY_NOT_SET);
930 keydata = OPENSSL_malloc(sizeof(struct gost_mac_key));
933 memcpy(keydata->key, data->key, 32);
934 keydata->mac_param_nid = data->mac_param_nid;
935 keydata->mac_size = data->mac_size;
936 EVP_PKEY_assign(pkey, mac_nid, keydata);
940 static int pkey_gost_mac_keygen_12(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
942 return pkey_gost_mac_keygen_base(ctx, pkey, NID_gost_mac_12);
945 static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
947 return pkey_gost_mac_keygen_base(ctx, pkey, NID_id_Gost28147_89_MAC);
950 static int pkey_gost_magma_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
952 return pkey_gost_mac_keygen_base(ctx, pkey, NID_magma_mac);
955 static int pkey_gost_grasshopper_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
957 return pkey_gost_mac_keygen_base(ctx, pkey, NID_grasshopper_mac);
960 static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
962 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
965 pkey_gost_mac_init(ctx);
968 data = EVP_PKEY_CTX_get_data(ctx);
970 GOSTerr(GOST_F_PKEY_GOST_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
977 static int pkey_gost_magma_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
979 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
982 pkey_gost_omac_init(ctx, 4);
985 data = EVP_PKEY_CTX_get_data(ctx);
987 GOSTerr(GOST_F_PKEY_GOST_MAGMA_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
994 static int pkey_gost_grasshopper_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
996 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
999 pkey_gost_omac_init(ctx, 8);
1002 data = EVP_PKEY_CTX_get_data(ctx);
1004 GOSTerr(GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
1011 static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
1012 size_t *siglen, EVP_MD_CTX *mctx)
1014 unsigned int tmpsiglen;
1016 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
1020 tmpsiglen = *siglen; /* for platforms where sizeof(int) !=
1024 *siglen = data->mac_size;
1028 EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
1029 (mctx, EVP_MD_CTRL_XOF_LEN, data->mac_size, NULL);
1030 ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
1031 *siglen = data->mac_size;
1035 /* ----------- misc callbacks -------------------------------------*/
1037 /* Callback for both EVP_PKEY_check() and EVP_PKEY_public_check. */
1038 static int pkey_gost_check(EVP_PKEY *pkey)
1040 return EC_KEY_check_key(EVP_PKEY_get0(pkey));
1043 /* ----------------------------------------------------------------*/
1044 int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
1046 *pmeth = EVP_PKEY_meth_new(id, flags);
1051 case NID_id_GostR3410_2001:
1052 EVP_PKEY_meth_set_ctrl(*pmeth,
1053 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
1054 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
1055 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
1057 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2001cp_keygen);
1059 EVP_PKEY_meth_set_encrypt(*pmeth,
1060 pkey_gost_encrypt_init,
1062 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
1063 EVP_PKEY_meth_set_derive(*pmeth,
1064 pkey_gost_derive_init, pkey_gost_ec_derive);
1065 EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
1066 pkey_gost2001_paramgen);
1067 EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
1068 EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
1070 case NID_id_GostR3410_2012_256:
1071 EVP_PKEY_meth_set_ctrl(*pmeth,
1072 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
1073 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
1074 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
1076 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
1078 EVP_PKEY_meth_set_encrypt(*pmeth,
1079 pkey_gost_encrypt_init,
1081 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
1082 EVP_PKEY_meth_set_derive(*pmeth,
1083 pkey_gost_derive_init, pkey_gost_ec_derive);
1084 EVP_PKEY_meth_set_paramgen(*pmeth,
1085 pkey_gost_paramgen_init,
1086 pkey_gost2012_paramgen);
1087 EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
1088 EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
1090 case NID_id_GostR3410_2012_512:
1091 EVP_PKEY_meth_set_ctrl(*pmeth,
1092 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_512);
1093 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
1094 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
1096 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
1098 EVP_PKEY_meth_set_encrypt(*pmeth,
1099 pkey_gost_encrypt_init,
1101 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
1102 EVP_PKEY_meth_set_derive(*pmeth,
1103 pkey_gost_derive_init, pkey_gost_ec_derive);
1104 EVP_PKEY_meth_set_paramgen(*pmeth,
1105 pkey_gost_paramgen_init,
1106 pkey_gost2012_paramgen);
1107 EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
1108 EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
1110 case NID_id_Gost28147_89_MAC:
1111 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
1112 pkey_gost_mac_ctrl_str);
1113 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
1114 pkey_gost_mac_signctx);
1115 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen);
1116 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
1117 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1118 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1120 case NID_gost_mac_12:
1121 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
1122 pkey_gost_mac_ctrl_str);
1123 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
1124 pkey_gost_mac_signctx);
1125 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen_12);
1126 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
1127 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1128 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1131 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_magma_mac_ctrl,
1132 pkey_gost_magma_mac_ctrl_str);
1133 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_magma_mac_signctx_init,
1134 pkey_gost_mac_signctx);
1135 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_magma_mac_keygen);
1136 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_magma_mac_init);
1137 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1138 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1140 case NID_grasshopper_mac:
1141 case NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac: /* FIXME beldmit */
1142 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_grasshopper_mac_ctrl,
1143 pkey_gost_grasshopper_mac_ctrl_str);
1144 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_grasshopper_mac_signctx_init,
1145 pkey_gost_mac_signctx);
1146 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_grasshopper_mac_keygen);
1147 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_grasshopper_mac_init);
1148 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1149 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1151 default: /* Unsupported method */
1154 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
1155 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup);
1157 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy);
1159 * FIXME derive etc...
projects / openssl-gost / engine.git / blob