1 /**********************************************************************
3 * Copyright (c) 2005-2013 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * Implementation of RFC 4357 (GOST R 34.10) Publick key method *
8 * Requires OpenSSL 1.0.0+ for compilation *
9 **********************************************************************/
10 #include <openssl/evp.h>
11 #include <openssl/objects.h>
12 #include <openssl/ec.h>
13 #include <openssl/err.h>
14 #include <openssl/x509v3.h> /* For string_to_hex */
15 #include <openssl/opensslv.h> /* For OPENSSL_VERSION_MAJOR */
20 #include "e_gost_err.h"
23 #ifdef OPENSSL_VERSION_MAJOR
25 #define ossl3_const const
28 /* -----init, cleanup, copy - uniform for all algs --------------*/
29 /* Allocates new gost_pmeth_data structure and assigns it as data */
30 static int pkey_gost_init(EVP_PKEY_CTX *ctx)
32 struct gost_pmeth_data *data;
33 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
35 data = OPENSSL_malloc(sizeof(*data));
38 memset(data, 0, sizeof(*data));
39 if (pkey && EVP_PKEY_get0(pkey)) {
40 switch (EVP_PKEY_base_id(pkey)) {
41 case NID_id_GostR3410_2001:
42 case NID_id_GostR3410_2012_256:
43 case NID_id_GostR3410_2012_512:
45 const EC_GROUP *group =
46 EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey));
48 data->sign_param_nid = EC_GROUP_get_curve_name(group);
58 EVP_PKEY_CTX_set_data(ctx, data);
62 /* Copies contents of gost_pmeth_data structure */
63 static int pkey_gost_copy(EVP_PKEY_CTX *dst, ossl3_const EVP_PKEY_CTX *src)
65 struct gost_pmeth_data *dst_data, *src_data;
66 if (!pkey_gost_init(dst)) {
69 src_data = EVP_PKEY_CTX_get_data(src);
70 dst_data = EVP_PKEY_CTX_get_data(dst);
71 if (!src_data || !dst_data)
74 *dst_data = *src_data;
75 if (src_data->shared_ukm) {
76 dst_data->shared_ukm = NULL;
81 /* Frees up gost_pmeth_data structure */
82 static void pkey_gost_cleanup(EVP_PKEY_CTX *ctx)
84 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
87 OPENSSL_free(data->shared_ukm);
91 /* --------------------- control functions ------------------------------*/
92 static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
94 struct gost_pmeth_data *pctx =
95 (struct gost_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
100 case EVP_PKEY_CTRL_MD:
102 EVP_PKEY *key = EVP_PKEY_CTX_get0_pkey(ctx);
103 int pkey_nid = (key == NULL) ? NID_undef : EVP_PKEY_base_id(key);
105 OPENSSL_assert(p2 != NULL);
107 switch (EVP_MD_type((const EVP_MD *)p2)) {
108 case NID_id_GostR3411_94:
109 if (pkey_nid == NID_id_GostR3410_2001
110 || pkey_nid == NID_id_GostR3410_94) {
111 pctx->md = (EVP_MD *)p2;
116 case NID_id_GostR3411_2012_256:
117 if (pkey_nid == NID_id_GostR3410_2012_256) {
118 pctx->md = (EVP_MD *)p2;
123 case NID_id_GostR3411_2012_512:
124 if (pkey_nid == NID_id_GostR3410_2012_512) {
125 pctx->md = (EVP_MD *)p2;
131 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
135 case EVP_PKEY_CTRL_GET_MD:
136 *(const EVP_MD **)p2 = pctx->md;
139 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
140 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
141 case EVP_PKEY_CTRL_PKCS7_SIGN:
142 case EVP_PKEY_CTRL_DIGESTINIT:
143 #ifndef OPENSSL_NO_CMS
144 case EVP_PKEY_CTRL_CMS_ENCRYPT:
145 case EVP_PKEY_CTRL_CMS_DECRYPT:
146 case EVP_PKEY_CTRL_CMS_SIGN:
150 case EVP_PKEY_CTRL_GOST_PARAMSET:
151 pctx->sign_param_nid = (int)p1;
153 case EVP_PKEY_CTRL_SET_IV:
154 OPENSSL_assert(p2 != NULL);
155 pctx->shared_ukm = OPENSSL_malloc((int)p1);
156 if (pctx->shared_ukm == NULL) {
157 GOSTerr(GOST_F_PKEY_GOST_CTRL, ERR_R_MALLOC_FAILURE);
160 memcpy(pctx->shared_ukm, p2, (int)p1);
161 pctx->shared_ukm_size = p1;
163 case EVP_PKEY_CTRL_CIPHER:
164 pctx->cipher_nid = p1;
166 case EVP_PKEY_CTRL_PEER_KEY:
167 if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
169 if (p1 == 2) /* TLS: peer key used? */
170 return pctx->peer_key_used;
171 if (p1 == 3) /* TLS: peer key used! */
172 return (pctx->peer_key_used = 1);
176 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_CTRL_CALL_FAILED);
180 static int pkey_gost_ec_ctrl_str_common(EVP_PKEY_CTX *ctx,
181 const char *type, const char *value)
183 if (0 == strcmp(type, ukm_ctrl_string)) {
184 unsigned char ukm_buf[32], *tmp = NULL;
186 tmp = OPENSSL_hexstr2buf(value, &len);
192 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_COMMON, GOST_R_CTRL_CALL_FAILED);
195 memcpy(ukm_buf, tmp, len);
197 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_SET_IV, len, ukm_buf);
202 static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx,
203 const char *type, const char *value)
205 if (strcmp(type, param_ctrl_string) == 0) {
211 if (strlen(value) == 1) {
212 switch (toupper((unsigned char)value[0])) {
214 param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
217 param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
220 param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
223 param_nid = NID_id_GostR3410_2001_TestParamSet;
228 } else if ((strlen(value) == 2)
229 && (toupper((unsigned char)value[0]) == 'X')) {
230 switch (toupper((unsigned char)value[1])) {
232 param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
235 param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet;
240 } else if ((strlen(value) == 3)
241 && (toupper((unsigned char)value[0]) == 'T')
242 && (toupper((unsigned char)value[1]) == 'C')) {
243 switch (toupper((unsigned char)value[2])) {
245 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetA;
248 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetB;
251 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetC;
254 param_nid = NID_id_tc26_gost_3410_2012_256_paramSetD;
260 R3410_ec_params *p = R3410_2001_paramset;
261 param_nid = OBJ_txt2nid(value);
262 if (param_nid == NID_undef) {
265 for (; p->nid != NID_undef; p++) {
266 if (p->nid == param_nid)
269 if (p->nid == NID_undef) {
270 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_256,
271 GOST_R_INVALID_PARAMSET);
276 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
280 return pkey_gost_ec_ctrl_str_common(ctx, type, value);
283 static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx,
284 const char *type, const char *value)
286 int param_nid = NID_undef;
288 if (strcmp(type, param_ctrl_string))
289 return pkey_gost_ec_ctrl_str_common(ctx, type, value);
294 if (strlen(value) == 1) {
295 switch (toupper((unsigned char)value[0])) {
297 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetA;
301 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetB;
305 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetC;
312 R3410_ec_params *p = R3410_2012_512_paramset;
313 param_nid = OBJ_txt2nid(value);
314 if (param_nid == NID_undef)
317 while (p->nid != NID_undef && p->nid != param_nid)
320 if (p->nid == NID_undef) {
321 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_512,
322 GOST_R_INVALID_PARAMSET);
327 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL);
330 /* --------------------- key generation --------------------------------*/
332 static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
337 static int pkey_gost2001_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
339 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
342 if (!data || data->sign_param_nid == NID_undef) {
343 GOSTerr(GOST_F_PKEY_GOST2001_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
348 if (!fill_GOST_EC_params(ec, data->sign_param_nid)
349 || !EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec)) {
356 static int pkey_gost2012_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
358 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
362 if (!data || data->sign_param_nid == NID_undef) {
363 GOSTerr(GOST_F_PKEY_GOST2012_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
368 if (!fill_GOST_EC_params(ec, data->sign_param_nid)) {
373 switch (data->sign_param_nid) {
374 case NID_id_tc26_gost_3410_2012_512_paramSetA:
375 case NID_id_tc26_gost_3410_2012_512_paramSetB:
376 case NID_id_tc26_gost_3410_2012_512_paramSetC:
377 case NID_id_tc26_gost_3410_2012_512_paramSetTest:
379 (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0;
382 case NID_id_GostR3410_2001_CryptoPro_A_ParamSet:
383 case NID_id_GostR3410_2001_CryptoPro_B_ParamSet:
384 case NID_id_GostR3410_2001_CryptoPro_C_ParamSet:
385 case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet:
386 case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet:
387 case NID_id_GostR3410_2001_TestParamSet:
388 case NID_id_tc26_gost_3410_2012_256_paramSetA:
389 case NID_id_tc26_gost_3410_2012_256_paramSetB:
390 case NID_id_tc26_gost_3410_2012_256_paramSetC:
391 case NID_id_tc26_gost_3410_2012_256_paramSetD:
393 (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_256, ec)) ? 1 : 0;
406 /* ----------- keygen callbacks --------------------------------------*/
407 /* Generates GOST_R3410 2001 key and assigns it using specified type */
408 static int pkey_gost2001cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
411 if (!pkey_gost2001_paramgen(ctx, pkey))
413 ec = EVP_PKEY_get0(pkey);
418 /* Generates GOST_R3410 2012 key and assigns it using specified type */
419 static int pkey_gost2012cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
421 if (!pkey_gost2012_paramgen(ctx, pkey))
424 gost_ec_keygen(EVP_PKEY_get0(pkey));
428 /* ----------- sign callbacks --------------------------------------*/
430 * Packs signature according to Cryptopro rules
431 * and frees up ECDSA_SIG structure
433 int pack_sign_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
435 const BIGNUM *sig_r = NULL, *sig_s = NULL;
436 ECDSA_SIG_get0(s, &sig_r, &sig_s);
438 memset(sig, 0, *siglen);
439 store_bignum(sig_s, sig, order);
440 store_bignum(sig_r, sig + order, order);
445 static int pkey_gost_ec_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
446 size_t *siglen, const unsigned char *tbs,
449 ECDSA_SIG *unpacked_sig = NULL;
450 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
458 switch (EVP_PKEY_base_id(pkey)) {
459 case NID_id_GostR3410_2001:
460 case NID_id_GostR3410_2012_256:
463 case NID_id_GostR3410_2012_512:
474 unpacked_sig = gost_ec_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
478 return pack_sign_cp(unpacked_sig, order / 2, sig, siglen);
481 /* ------------------- verify callbacks ---------------------------*/
482 /* Unpack signature according to cryptopro rules */
483 ECDSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen)
486 BIGNUM *r = NULL, *s = NULL;
488 sig = ECDSA_SIG_new();
490 GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
493 s = BN_bin2bn(sigbuf, siglen / 2, NULL);
494 r = BN_bin2bn(sigbuf + siglen / 2, siglen / 2, NULL);
495 ECDSA_SIG_set0(sig, r, s);
499 static int pkey_gost_ec_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
500 size_t siglen, const unsigned char *tbs,
504 EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
505 ECDSA_SIG *s = (sig) ? unpack_cp_signature(sig, siglen) : NULL;
509 fprintf(stderr, "R=");
510 BN_print_fp(stderr, ECDSA_SIG_get0_r(s));
511 fprintf(stderr, "\nS=");
512 BN_print_fp(stderr, ECDSA_SIG_get0_s(s));
513 fprintf(stderr, "\n");
516 ok = gost_ec_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
521 /* ------------- encrypt init -------------------------------------*/
522 /* Generates ephermeral key */
523 static int pkey_gost_encrypt_init(EVP_PKEY_CTX *ctx)
528 /* --------------- Derive init ------------------------------------*/
529 static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx)
534 /* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/
535 static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
537 struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
538 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
542 memset(data, 0, sizeof(*data));
544 data->mac_param_nid = NID_undef;
547 struct gost_mac_key *key = EVP_PKEY_get0(pkey);
549 data->mac_param_nid = key->mac_param_nid;
550 data->mac_size = key->mac_size;
554 EVP_PKEY_CTX_set_data(ctx, data);
558 static int pkey_gost_omac_init(EVP_PKEY_CTX *ctx, size_t mac_size)
560 struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
561 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
565 memset(data, 0, sizeof(*data));
566 data->mac_size = mac_size;
567 data->mac_param_nid = NID_undef;
570 struct gost_mac_key *key = EVP_PKEY_get0(pkey);
572 data->mac_param_nid = key->mac_param_nid;
573 data->mac_size = key->mac_size;
577 EVP_PKEY_CTX_set_data(ctx, data);
581 static int pkey_gost_magma_mac_init(EVP_PKEY_CTX *ctx)
583 return pkey_gost_omac_init(ctx, 8);
586 static int pkey_gost_grasshopper_mac_init(EVP_PKEY_CTX *ctx)
588 return pkey_gost_omac_init(ctx, 16);
591 static void pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
593 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
598 static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, ossl3_const EVP_PKEY_CTX *src)
600 struct gost_mac_pmeth_data *dst_data, *src_data;
601 if (!pkey_gost_mac_init(dst)) {
604 src_data = EVP_PKEY_CTX_get_data(src);
605 dst_data = EVP_PKEY_CTX_get_data(dst);
606 if (!src_data || !dst_data)
609 *dst_data = *src_data;
613 static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
615 struct gost_mac_pmeth_data *data =
616 (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
619 case EVP_PKEY_CTRL_MD:
621 int nid = EVP_MD_type((const EVP_MD *)p2);
622 if (nid != NID_id_Gost28147_89_MAC && nid != NID_gost_mac_12) {
623 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
624 GOST_R_INVALID_DIGEST_TYPE);
627 data->md = (EVP_MD *)p2;
631 case EVP_PKEY_CTRL_GET_MD:
632 *(const EVP_MD **)p2 = data->md;
635 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
636 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
637 case EVP_PKEY_CTRL_PKCS7_SIGN:
639 case EVP_PKEY_CTRL_SET_MAC_KEY:
641 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
645 memcpy(data->key, p2, 32);
648 case EVP_PKEY_CTRL_GOST_PARAMSET:
650 struct gost_cipher_info *param = p2;
651 data->mac_param_nid = param->nid;
654 case EVP_PKEY_CTRL_DIGESTINIT:
656 EVP_MD_CTX *mctx = p2;
657 if (!data->key_set) {
658 struct gost_mac_key *key;
659 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
661 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
662 GOST_R_MAC_KEY_NOT_SET);
665 key = EVP_PKEY_get0(pkey);
667 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
668 GOST_R_MAC_KEY_NOT_SET);
671 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
672 (mctx, EVP_MD_CTRL_SET_KEY, 0, key);
674 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
675 (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key));
678 case EVP_PKEY_CTRL_MAC_LEN:
680 if (p1 < 1 || p1 > 8) {
682 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_SIZE);
692 static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
693 const char *type, const char *value)
695 if (strcmp(type, key_ctrl_string) == 0) {
696 if (strlen(value) != 32) {
697 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
698 GOST_R_INVALID_MAC_KEY_LENGTH);
701 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
704 if (strcmp(type, hexkey_ctrl_string) == 0) {
707 unsigned char *keybuf = string_to_hex(value, &keylen);
708 if (!keybuf || keylen != 32) {
709 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
710 GOST_R_INVALID_MAC_KEY_LENGTH);
711 OPENSSL_free(keybuf);
714 ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
715 OPENSSL_free(keybuf);
719 if (!strcmp(type, maclen_ctrl_string)) {
721 long size = strtol(value, &endptr, 10);
722 if (*endptr != '\0') {
723 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE);
726 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL);
728 if (strcmp(type, param_ctrl_string) == 0) {
729 ASN1_OBJECT *obj = OBJ_txt2obj(value, 0);
730 const struct gost_cipher_info *param = NULL;
732 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
736 param = get_encryption_params(obj);
737 ASN1_OBJECT_free(obj);
739 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
744 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, 0,
750 static int pkey_gost_omac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2, size_t max_size)
752 struct gost_mac_pmeth_data *data =
753 (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
756 case EVP_PKEY_CTRL_MD:
758 int nid = EVP_MD_type((const EVP_MD *)p2);
759 if (nid != NID_magma_mac && nid != NID_grasshopper_mac
760 && nid != NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac /* FIXME beldmit */
761 && nid != NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac) {
762 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
763 GOST_R_INVALID_DIGEST_TYPE);
766 data->md = (EVP_MD *)p2;
770 case EVP_PKEY_CTRL_GET_MD:
771 *(const EVP_MD **)p2 = data->md;
774 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
775 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
776 case EVP_PKEY_CTRL_PKCS7_SIGN:
778 case EVP_PKEY_CTRL_SET_MAC_KEY:
780 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
784 memcpy(data->key, p2, 32);
787 case EVP_PKEY_CTRL_DIGESTINIT:
789 EVP_MD_CTX *mctx = p2;
790 if (!data->key_set) {
791 struct gost_mac_key *key;
792 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
794 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
795 GOST_R_MAC_KEY_NOT_SET);
798 key = EVP_PKEY_get0(pkey);
800 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
801 GOST_R_MAC_KEY_NOT_SET);
804 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
805 (mctx, EVP_MD_CTRL_SET_KEY, 0, key);
807 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
808 (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key));
811 case EVP_PKEY_CTRL_MAC_LEN:
813 if (p1 < 1 || p1 > max_size) {
815 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_SIZE);
825 static int pkey_gost_magma_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
827 return pkey_gost_omac_ctrl(ctx, type, p1, p2, 8);
830 static int pkey_gost_grasshopper_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
832 return pkey_gost_omac_ctrl(ctx, type, p1, p2, 16);
835 static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx,
836 const char *type, const char *value, size_t max_size)
838 if (strcmp(type, key_ctrl_string) == 0) {
839 if (strlen(value) != 32) {
840 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR,
841 GOST_R_INVALID_MAC_KEY_LENGTH);
844 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
847 if (strcmp(type, hexkey_ctrl_string) == 0) {
850 unsigned char *keybuf = string_to_hex(value, &keylen);
851 if (!keybuf || keylen != 32) {
852 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR,
853 GOST_R_INVALID_MAC_KEY_LENGTH);
854 OPENSSL_free(keybuf);
857 ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
858 OPENSSL_free(keybuf);
862 if (!strcmp(type, maclen_ctrl_string)) {
864 long size = strtol(value, &endptr, 10);
865 if (*endptr != '\0') {
866 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE);
869 return pkey_gost_omac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL, max_size);
874 static int pkey_gost_magma_mac_ctrl_str(EVP_PKEY_CTX *ctx,
875 const char *type, const char *value)
877 return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
880 static int pkey_gost_grasshopper_mac_ctrl_str(EVP_PKEY_CTX *ctx,
881 const char *type, const char *value)
883 return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
886 static int pkey_gost_mac_keygen_base(EVP_PKEY_CTX *ctx,
887 EVP_PKEY *pkey, int mac_nid)
889 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
890 struct gost_mac_key *keydata;
891 if (!data || !data->key_set) {
892 GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN_BASE, GOST_R_MAC_KEY_NOT_SET);
895 keydata = OPENSSL_malloc(sizeof(struct gost_mac_key));
898 memcpy(keydata->key, data->key, 32);
899 keydata->mac_param_nid = data->mac_param_nid;
900 keydata->mac_size = data->mac_size;
901 EVP_PKEY_assign(pkey, mac_nid, keydata);
905 static int pkey_gost_mac_keygen_12(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
907 return pkey_gost_mac_keygen_base(ctx, pkey, NID_gost_mac_12);
910 static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
912 return pkey_gost_mac_keygen_base(ctx, pkey, NID_id_Gost28147_89_MAC);
915 static int pkey_gost_magma_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
917 return pkey_gost_mac_keygen_base(ctx, pkey, NID_magma_mac);
920 static int pkey_gost_grasshopper_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
922 return pkey_gost_mac_keygen_base(ctx, pkey, NID_grasshopper_mac);
925 static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
927 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
930 pkey_gost_mac_init(ctx);
933 data = EVP_PKEY_CTX_get_data(ctx);
935 GOSTerr(GOST_F_PKEY_GOST_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
942 static int pkey_gost_magma_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
944 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
947 pkey_gost_omac_init(ctx, 4);
950 data = EVP_PKEY_CTX_get_data(ctx);
952 GOSTerr(GOST_F_PKEY_GOST_MAGMA_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
959 static int pkey_gost_grasshopper_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
961 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
964 pkey_gost_omac_init(ctx, 8);
967 data = EVP_PKEY_CTX_get_data(ctx);
969 GOSTerr(GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
976 static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
977 size_t *siglen, EVP_MD_CTX *mctx)
979 unsigned int tmpsiglen;
981 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
985 tmpsiglen = *siglen; /* for platforms where sizeof(int) !=
989 *siglen = data->mac_size;
993 EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
994 (mctx, EVP_MD_CTRL_XOF_LEN, data->mac_size, NULL);
995 ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
996 *siglen = data->mac_size;
1000 /* ----------- misc callbacks -------------------------------------*/
1002 /* Callback for both EVP_PKEY_check() and EVP_PKEY_public_check. */
1003 static int pkey_gost_check(EVP_PKEY *pkey)
1005 return EC_KEY_check_key(EVP_PKEY_get0(pkey));
1008 /* ----------------------------------------------------------------*/
1009 int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
1011 *pmeth = EVP_PKEY_meth_new(id, flags);
1016 case NID_id_GostR3410_2001:
1017 EVP_PKEY_meth_set_ctrl(*pmeth,
1018 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
1019 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
1020 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
1022 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2001cp_keygen);
1024 EVP_PKEY_meth_set_encrypt(*pmeth,
1025 pkey_gost_encrypt_init,
1027 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
1028 EVP_PKEY_meth_set_derive(*pmeth,
1029 pkey_gost_derive_init, pkey_gost_ec_derive);
1030 EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
1031 pkey_gost2001_paramgen);
1032 EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
1033 EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
1035 case NID_id_GostR3410_2012_256:
1036 EVP_PKEY_meth_set_ctrl(*pmeth,
1037 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
1038 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
1039 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
1041 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
1043 EVP_PKEY_meth_set_encrypt(*pmeth,
1044 pkey_gost_encrypt_init,
1046 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
1047 EVP_PKEY_meth_set_derive(*pmeth,
1048 pkey_gost_derive_init, pkey_gost_ec_derive);
1049 EVP_PKEY_meth_set_paramgen(*pmeth,
1050 pkey_gost_paramgen_init,
1051 pkey_gost2012_paramgen);
1052 EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
1053 EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
1055 case NID_id_GostR3410_2012_512:
1056 EVP_PKEY_meth_set_ctrl(*pmeth,
1057 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_512);
1058 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
1059 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
1061 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
1063 EVP_PKEY_meth_set_encrypt(*pmeth,
1064 pkey_gost_encrypt_init,
1066 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
1067 EVP_PKEY_meth_set_derive(*pmeth,
1068 pkey_gost_derive_init, pkey_gost_ec_derive);
1069 EVP_PKEY_meth_set_paramgen(*pmeth,
1070 pkey_gost_paramgen_init,
1071 pkey_gost2012_paramgen);
1072 EVP_PKEY_meth_set_check(*pmeth, pkey_gost_check);
1073 EVP_PKEY_meth_set_public_check(*pmeth, pkey_gost_check);
1075 case NID_id_Gost28147_89_MAC:
1076 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
1077 pkey_gost_mac_ctrl_str);
1078 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
1079 pkey_gost_mac_signctx);
1080 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen);
1081 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
1082 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1083 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1085 case NID_gost_mac_12:
1086 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
1087 pkey_gost_mac_ctrl_str);
1088 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
1089 pkey_gost_mac_signctx);
1090 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen_12);
1091 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
1092 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1093 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1096 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_magma_mac_ctrl,
1097 pkey_gost_magma_mac_ctrl_str);
1098 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_magma_mac_signctx_init,
1099 pkey_gost_mac_signctx);
1100 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_magma_mac_keygen);
1101 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_magma_mac_init);
1102 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1103 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1105 case NID_grasshopper_mac:
1106 case NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac: /* FIXME beldmit */
1107 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_grasshopper_mac_ctrl,
1108 pkey_gost_grasshopper_mac_ctrl_str);
1109 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_grasshopper_mac_signctx_init,
1110 pkey_gost_mac_signctx);
1111 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_grasshopper_mac_keygen);
1112 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_grasshopper_mac_init);
1113 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1114 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1116 default: /* Unsupported method */
1119 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
1120 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup);
1122 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy);
1124 * FIXME derive etc...
projects / openssl-gost / engine.git / blob