1 /**********************************************************************
3 * Copyright (c) 2005-2013 Cryptocom LTD *
4 * This file is distributed under the same license as OpenSSL *
6 * Implementation of RFC 4357 (GOST R 34.10) Publick key method *
8 * Requires OpenSSL 1.0.0+ for compilation *
9 **********************************************************************/
10 #include <openssl/evp.h>
11 #include <openssl/objects.h>
12 #include <openssl/ec.h>
13 #include <openssl/err.h>
14 #include <openssl/x509v3.h> /* For string_to_hex */
19 #include "e_gost_err.h"
21 /* -----init, cleanup, copy - uniform for all algs --------------*/
22 /* Allocates new gost_pmeth_data structure and assigns it as data */
23 static int pkey_gost_init(EVP_PKEY_CTX *ctx)
25 struct gost_pmeth_data *data;
26 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
28 data = OPENSSL_malloc(sizeof(*data));
31 memset(data, 0, sizeof(*data));
32 if (pkey && EVP_PKEY_get0(pkey)) {
33 switch (EVP_PKEY_base_id(pkey)) {
34 case NID_id_GostR3410_2001:
35 case NID_id_GostR3410_2012_256:
36 case NID_id_GostR3410_2012_512:
38 const EC_GROUP *group =
39 EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey));
41 data->sign_param_nid = EC_GROUP_get_curve_name(group);
51 EVP_PKEY_CTX_set_data(ctx, data);
55 /* Copies contents of gost_pmeth_data structure */
56 static int pkey_gost_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
58 struct gost_pmeth_data *dst_data, *src_data;
59 if (!pkey_gost_init(dst)) {
62 src_data = EVP_PKEY_CTX_get_data(src);
63 dst_data = EVP_PKEY_CTX_get_data(dst);
64 if (!src_data || !dst_data)
67 *dst_data = *src_data;
68 if (src_data->shared_ukm) {
69 dst_data->shared_ukm = NULL;
74 /* Frees up gost_pmeth_data structure */
75 static void pkey_gost_cleanup(EVP_PKEY_CTX *ctx)
77 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
80 OPENSSL_free(data->shared_ukm);
84 /* --------------------- control functions ------------------------------*/
85 static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
87 struct gost_pmeth_data *pctx =
88 (struct gost_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
93 case EVP_PKEY_CTRL_MD:
95 EVP_PKEY *key = EVP_PKEY_CTX_get0_pkey(ctx);
96 int pkey_nid = (key == NULL) ? NID_undef : EVP_PKEY_base_id(key);
98 OPENSSL_assert(p2 != NULL);
100 switch (EVP_MD_type((const EVP_MD *)p2)) {
101 case NID_id_GostR3411_94:
102 if (pkey_nid == NID_id_GostR3410_2001
103 || pkey_nid == NID_id_GostR3410_94) {
104 pctx->md = (EVP_MD *)p2;
109 case NID_id_GostR3411_2012_256:
110 if (pkey_nid == NID_id_GostR3410_2012_256) {
111 pctx->md = (EVP_MD *)p2;
116 case NID_id_GostR3411_2012_512:
117 if (pkey_nid == NID_id_GostR3410_2012_512) {
118 pctx->md = (EVP_MD *)p2;
124 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
128 case EVP_PKEY_CTRL_GET_MD:
129 *(const EVP_MD **)p2 = pctx->md;
132 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
133 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
134 case EVP_PKEY_CTRL_PKCS7_SIGN:
135 case EVP_PKEY_CTRL_DIGESTINIT:
136 #ifndef OPENSSL_NO_CMS
137 case EVP_PKEY_CTRL_CMS_ENCRYPT:
138 case EVP_PKEY_CTRL_CMS_DECRYPT:
139 case EVP_PKEY_CTRL_CMS_SIGN:
143 case EVP_PKEY_CTRL_GOST_PARAMSET:
144 pctx->sign_param_nid = (int)p1;
146 case EVP_PKEY_CTRL_SET_IV:
147 OPENSSL_assert(p2 != NULL);
148 pctx->shared_ukm = OPENSSL_malloc((int)p1);
149 if (pctx->shared_ukm == NULL) {
150 GOSTerr(GOST_F_PKEY_GOST_CTRL, ERR_R_MALLOC_FAILURE);
153 memcpy(pctx->shared_ukm, p2, (int)p1);
154 pctx->shared_ukm_size = p1;
156 case EVP_PKEY_CTRL_CIPHER:
157 pctx->cipher_nid = p1;
159 case EVP_PKEY_CTRL_PEER_KEY:
160 if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
162 if (p1 == 2) /* TLS: peer key used? */
163 return pctx->peer_key_used;
164 if (p1 == 3) /* TLS: peer key used! */
165 return (pctx->peer_key_used = 1);
169 GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_CTRL_CALL_FAILED);
173 static int pkey_gost_ec_ctrl_str_256(EVP_PKEY_CTX *ctx,
174 const char *type, const char *value)
178 if (strcmp(type, param_ctrl_string) == 0) {
182 if (strlen(value) == 1) {
183 switch (toupper((unsigned char)value[0])) {
185 param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
188 param_nid = NID_id_GostR3410_2001_CryptoPro_B_ParamSet;
191 param_nid = NID_id_GostR3410_2001_CryptoPro_C_ParamSet;
194 param_nid = NID_id_GostR3410_2001_TestParamSet;
199 } else if ((strlen(value) == 2)
200 && (toupper((unsigned char)value[0]) == 'X')) {
201 switch (toupper((unsigned char)value[1])) {
203 param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
206 param_nid = NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet;
212 R3410_ec_params *p = R3410_2001_paramset;
213 param_nid = OBJ_txt2nid(value);
214 if (param_nid == NID_undef) {
217 for (; p->nid != NID_undef; p++) {
218 if (p->nid == param_nid)
221 if (p->nid == NID_undef) {
222 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_256,
223 GOST_R_INVALID_PARAMSET);
228 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET,
234 static int pkey_gost_ec_ctrl_str_512(EVP_PKEY_CTX *ctx,
235 const char *type, const char *value)
237 int param_nid = NID_undef;
239 if (strcmp(type, param_ctrl_string))
245 if (strlen(value) == 1) {
246 switch (toupper((unsigned char)value[0])) {
248 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetA;
252 param_nid = NID_id_tc26_gost_3410_2012_512_paramSetB;
259 R3410_ec_params *p = R3410_2012_512_paramset;
260 param_nid = OBJ_txt2nid(value);
261 if (param_nid == NID_undef)
264 while (p->nid != NID_undef && p->nid != param_nid)
267 if (p->nid == NID_undef) {
268 GOSTerr(GOST_F_PKEY_GOST_EC_CTRL_STR_512,
269 GOST_R_INVALID_PARAMSET);
274 return pkey_gost_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL);
277 /* --------------------- key generation --------------------------------*/
279 static int pkey_gost_paramgen_init(EVP_PKEY_CTX *ctx)
284 static int pkey_gost2001_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
286 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
289 if (!data || data->sign_param_nid == NID_undef) {
290 GOSTerr(GOST_F_PKEY_GOST2001_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
295 if (!fill_GOST_EC_params(ec, data->sign_param_nid)
296 || !EVP_PKEY_assign(pkey, NID_id_GostR3410_2001, ec)) {
303 static int pkey_gost2012_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
305 struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
309 if (!data || data->sign_param_nid == NID_undef) {
310 GOSTerr(GOST_F_PKEY_GOST2012_PARAMGEN, GOST_R_NO_PARAMETERS_SET);
315 if (!fill_GOST_EC_params(ec, data->sign_param_nid)) {
320 switch (data->sign_param_nid) {
321 case NID_id_tc26_gost_3410_2012_512_paramSetA:
322 case NID_id_tc26_gost_3410_2012_512_paramSetB:
324 (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0;
327 case NID_id_GostR3410_2001_CryptoPro_A_ParamSet:
328 case NID_id_GostR3410_2001_CryptoPro_B_ParamSet:
329 case NID_id_GostR3410_2001_CryptoPro_C_ParamSet:
330 case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet:
331 case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet:
332 case NID_id_GostR3410_2001_TestParamSet:
334 (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_256, ec)) ? 1 : 0;
347 /* ----------- keygen callbacks --------------------------------------*/
348 /* Generates GOST_R3410 2001 key and assigns it using specified type */
349 static int pkey_gost2001cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
352 if (!pkey_gost2001_paramgen(ctx, pkey))
354 ec = EVP_PKEY_get0(pkey);
359 /* Generates GOST_R3410 2012 key and assigns it using specified type */
360 static int pkey_gost2012cp_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
362 if (!pkey_gost2012_paramgen(ctx, pkey))
365 gost_ec_keygen(EVP_PKEY_get0(pkey));
369 /* ----------- sign callbacks --------------------------------------*/
371 * Packs signature according to Cryptopro rules
372 * and frees up ECDSA_SIG structure
374 int pack_sign_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
376 const BIGNUM *sig_r = NULL, *sig_s = NULL;
377 ECDSA_SIG_get0(s, &sig_r, &sig_s);
379 memset(sig, 0, *siglen);
380 store_bignum(sig_s, sig, order);
381 store_bignum(sig_r, sig + order, order);
386 static int pkey_gost_ec_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
387 size_t *siglen, const unsigned char *tbs,
390 ECDSA_SIG *unpacked_sig = NULL;
391 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
399 switch (EVP_PKEY_base_id(pkey)) {
400 case NID_id_GostR3410_2001:
401 case NID_id_GostR3410_2012_256:
404 case NID_id_GostR3410_2012_512:
415 unpacked_sig = gost_ec_sign(tbs, tbs_len, EVP_PKEY_get0(pkey));
419 return pack_sign_cp(unpacked_sig, order / 2, sig, siglen);
422 /* ------------------- verify callbacks ---------------------------*/
423 /* Unpack signature according to cryptopro rules */
424 ECDSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen)
427 BIGNUM *r = NULL, *s = NULL;
429 sig = ECDSA_SIG_new();
431 GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
434 s = BN_bin2bn(sigbuf, siglen / 2, NULL);
435 r = BN_bin2bn(sigbuf + siglen / 2, siglen / 2, NULL);
436 ECDSA_SIG_set0(sig, r, s);
440 static int pkey_gost_ec_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
441 size_t siglen, const unsigned char *tbs,
445 EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
446 ECDSA_SIG *s = (sig) ? unpack_cp_signature(sig, siglen) : NULL;
450 fprintf(stderr, "R=");
451 BN_print_fp(stderr, ECDSA_SIG_get0_r(s));
452 fprintf(stderr, "\nS=");
453 BN_print_fp(stderr, ECDSA_SIG_get0_s(s));
454 fprintf(stderr, "\n");
457 ok = gost_ec_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
462 /* ------------- encrypt init -------------------------------------*/
463 /* Generates ephermeral key */
464 static int pkey_gost_encrypt_init(EVP_PKEY_CTX *ctx)
469 /* --------------- Derive init ------------------------------------*/
470 static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx)
475 /* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/
476 static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
478 struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
479 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
483 memset(data, 0, sizeof(*data));
485 data->mac_param_nid = NID_undef;
488 struct gost_mac_key *key = EVP_PKEY_get0(pkey);
490 data->mac_param_nid = key->mac_param_nid;
491 data->mac_size = key->mac_size;
495 EVP_PKEY_CTX_set_data(ctx, data);
499 static int pkey_gost_omac_init(EVP_PKEY_CTX *ctx, size_t mac_size)
501 struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
502 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
506 memset(data, 0, sizeof(*data));
507 data->mac_size = mac_size;
508 data->mac_param_nid = NID_undef;
511 struct gost_mac_key *key = EVP_PKEY_get0(pkey);
513 data->mac_param_nid = key->mac_param_nid;
514 data->mac_size = key->mac_size;
518 EVP_PKEY_CTX_set_data(ctx, data);
522 static int pkey_gost_magma_mac_init(EVP_PKEY_CTX *ctx)
524 return pkey_gost_omac_init(ctx, 8);
527 static int pkey_gost_grasshopper_mac_init(EVP_PKEY_CTX *ctx)
529 return pkey_gost_omac_init(ctx, 16);
532 static void pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx)
534 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
539 static int pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
541 struct gost_mac_pmeth_data *dst_data, *src_data;
542 if (!pkey_gost_mac_init(dst)) {
545 src_data = EVP_PKEY_CTX_get_data(src);
546 dst_data = EVP_PKEY_CTX_get_data(dst);
547 if (!src_data || !dst_data)
550 *dst_data = *src_data;
554 static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
556 struct gost_mac_pmeth_data *data =
557 (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
560 case EVP_PKEY_CTRL_MD:
562 int nid = EVP_MD_type((const EVP_MD *)p2);
563 if (nid != NID_id_Gost28147_89_MAC && nid != NID_gost_mac_12) {
564 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
565 GOST_R_INVALID_DIGEST_TYPE);
568 data->md = (EVP_MD *)p2;
572 case EVP_PKEY_CTRL_GET_MD:
573 *(const EVP_MD **)p2 = data->md;
576 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
577 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
578 case EVP_PKEY_CTRL_PKCS7_SIGN:
580 case EVP_PKEY_CTRL_SET_MAC_KEY:
582 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
586 memcpy(data->key, p2, 32);
589 case EVP_PKEY_CTRL_GOST_PARAMSET:
591 struct gost_cipher_info *param = p2;
592 data->mac_param_nid = param->nid;
595 case EVP_PKEY_CTRL_DIGESTINIT:
597 EVP_MD_CTX *mctx = p2;
598 struct gost_mac_key *key;
599 if (!data->key_set) {
600 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
602 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
603 GOST_R_MAC_KEY_NOT_SET);
606 key = EVP_PKEY_get0(pkey);
608 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,
609 GOST_R_MAC_KEY_NOT_SET);
612 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
613 (mctx, EVP_MD_CTRL_SET_KEY, 0, key);
615 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
616 (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key));
619 case EVP_PKEY_CTRL_MAC_LEN:
621 if (p1 < 1 || p1 > 8) {
623 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL, GOST_R_INVALID_MAC_SIZE);
633 static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
634 const char *type, const char *value)
636 if (strcmp(type, key_ctrl_string) == 0) {
637 if (strlen(value) != 32) {
638 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
639 GOST_R_INVALID_MAC_KEY_LENGTH);
642 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
645 if (strcmp(type, hexkey_ctrl_string) == 0) {
648 unsigned char *keybuf = string_to_hex(value, &keylen);
649 if (!keybuf || keylen != 32) {
650 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
651 GOST_R_INVALID_MAC_KEY_LENGTH);
652 OPENSSL_free(keybuf);
655 ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
656 OPENSSL_free(keybuf);
660 if (!strcmp(type, maclen_ctrl_string)) {
662 long size = strtol(value, &endptr, 10);
663 if (*endptr != '\0') {
664 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE);
667 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL);
669 if (strcmp(type, param_ctrl_string) == 0) {
670 ASN1_OBJECT *obj = OBJ_txt2obj(value, 0);
671 const struct gost_cipher_info *param = NULL;
673 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
677 param = get_encryption_params(obj);
678 ASN1_OBJECT_free(obj);
680 GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_PARAMS);
685 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, 0,
691 static int pkey_gost_omac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2, size_t max_size)
693 struct gost_mac_pmeth_data *data =
694 (struct gost_mac_pmeth_data *)EVP_PKEY_CTX_get_data(ctx);
697 case EVP_PKEY_CTRL_MD:
699 int nid = EVP_MD_type((const EVP_MD *)p2);
700 if (nid != NID_magma_mac && nid != NID_grasshopper_mac
701 && nid != NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac /* FIXME beldmit */
702 && nid != NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac) {
703 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
704 GOST_R_INVALID_DIGEST_TYPE);
707 data->md = (EVP_MD *)p2;
711 case EVP_PKEY_CTRL_GET_MD:
712 *(const EVP_MD **)p2 = data->md;
715 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
716 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
717 case EVP_PKEY_CTRL_PKCS7_SIGN:
719 case EVP_PKEY_CTRL_SET_MAC_KEY:
721 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
725 memcpy(data->key, p2, 32);
728 case EVP_PKEY_CTRL_DIGESTINIT:
730 EVP_MD_CTX *mctx = p2;
731 struct gost_mac_key *key;
732 if (!data->key_set) {
733 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
735 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
736 GOST_R_MAC_KEY_NOT_SET);
739 key = EVP_PKEY_get0(pkey);
741 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL,
742 GOST_R_MAC_KEY_NOT_SET);
745 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
746 (mctx, EVP_MD_CTRL_SET_KEY, 0, key);
748 return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
749 (mctx, EVP_MD_CTRL_SET_KEY, 32, &(data->key));
752 case EVP_PKEY_CTRL_MAC_LEN:
754 if (p1 < 1 || p1 > max_size) {
756 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL, GOST_R_INVALID_MAC_SIZE);
766 static int pkey_gost_magma_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
768 return pkey_gost_omac_ctrl(ctx, type, p1, p2, 8);
771 static int pkey_gost_grasshopper_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
773 return pkey_gost_omac_ctrl(ctx, type, p1, p2, 16);
776 static int pkey_gost_omac_ctrl_str(EVP_PKEY_CTX *ctx,
777 const char *type, const char *value, size_t max_size)
779 if (strcmp(type, key_ctrl_string) == 0) {
780 if (strlen(value) != 32) {
781 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR,
782 GOST_R_INVALID_MAC_KEY_LENGTH);
785 return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
788 if (strcmp(type, hexkey_ctrl_string) == 0) {
791 unsigned char *keybuf = string_to_hex(value, &keylen);
792 if (!keybuf || keylen != 32) {
793 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR,
794 GOST_R_INVALID_MAC_KEY_LENGTH);
795 OPENSSL_free(keybuf);
798 ret = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, keybuf);
799 OPENSSL_free(keybuf);
803 if (!strcmp(type, maclen_ctrl_string)) {
805 long size = strtol(value, &endptr, 10);
806 if (*endptr != '\0') {
807 GOSTerr(GOST_F_PKEY_GOST_OMAC_CTRL_STR, GOST_R_INVALID_MAC_SIZE);
810 return pkey_gost_omac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN, size, NULL, max_size);
815 static int pkey_gost_magma_mac_ctrl_str(EVP_PKEY_CTX *ctx,
816 const char *type, const char *value)
818 return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
821 static int pkey_gost_grasshopper_mac_ctrl_str(EVP_PKEY_CTX *ctx,
822 const char *type, const char *value)
824 return pkey_gost_omac_ctrl_str(ctx, type, value, 8);
827 static int pkey_gost_mac_keygen_base(EVP_PKEY_CTX *ctx,
828 EVP_PKEY *pkey, int mac_nid)
830 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
831 struct gost_mac_key *keydata;
832 if (!data || !data->key_set) {
833 GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN_BASE, GOST_R_MAC_KEY_NOT_SET);
836 keydata = OPENSSL_malloc(sizeof(struct gost_mac_key));
839 memcpy(keydata->key, data->key, 32);
840 keydata->mac_param_nid = data->mac_param_nid;
841 keydata->mac_size = data->mac_size;
842 EVP_PKEY_assign(pkey, mac_nid, keydata);
846 static int pkey_gost_mac_keygen_12(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
848 return pkey_gost_mac_keygen_base(ctx, pkey, NID_gost_mac_12);
851 static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
853 return pkey_gost_mac_keygen_base(ctx, pkey, NID_id_Gost28147_89_MAC);
856 static int pkey_gost_magma_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
858 return pkey_gost_mac_keygen_base(ctx, pkey, NID_magma_mac);
861 static int pkey_gost_grasshopper_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
863 return pkey_gost_mac_keygen_base(ctx, pkey, NID_grasshopper_mac);
866 static int pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
868 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
871 pkey_gost_mac_init(ctx);
874 data = EVP_PKEY_CTX_get_data(ctx);
876 GOSTerr(GOST_F_PKEY_GOST_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
883 static int pkey_gost_magma_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
885 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
888 pkey_gost_omac_init(ctx, 4);
891 data = EVP_PKEY_CTX_get_data(ctx);
893 GOSTerr(GOST_F_PKEY_GOST_MAGMA_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
900 static int pkey_gost_grasshopper_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
902 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
905 pkey_gost_omac_init(ctx, 8);
908 data = EVP_PKEY_CTX_get_data(ctx);
910 GOSTerr(GOST_F_PKEY_GOST_GRASSHOPPER_MAC_SIGNCTX_INIT, GOST_R_MAC_KEY_NOT_SET);
917 static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
918 size_t *siglen, EVP_MD_CTX *mctx)
920 unsigned int tmpsiglen;
922 struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
926 tmpsiglen = *siglen; /* for platforms where sizeof(int) !=
930 *siglen = data->mac_size;
934 EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx))
935 (mctx, EVP_MD_CTRL_MAC_LEN, data->mac_size, NULL);
936 ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
937 *siglen = data->mac_size;
941 /* ----------------------------------------------------------------*/
942 int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags)
944 *pmeth = EVP_PKEY_meth_new(id, flags);
949 case NID_id_GostR3410_2001:
950 EVP_PKEY_meth_set_ctrl(*pmeth,
951 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
952 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
953 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
955 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2001cp_keygen);
957 EVP_PKEY_meth_set_encrypt(*pmeth,
958 pkey_gost_encrypt_init,
960 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
961 EVP_PKEY_meth_set_derive(*pmeth,
962 pkey_gost_derive_init, pkey_gost_ec_derive);
963 EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
964 pkey_gost2001_paramgen);
966 case NID_id_GostR3410_2012_256:
967 EVP_PKEY_meth_set_ctrl(*pmeth,
968 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
969 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
970 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
972 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
974 EVP_PKEY_meth_set_encrypt(*pmeth,
975 pkey_gost_encrypt_init,
977 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
978 EVP_PKEY_meth_set_derive(*pmeth,
979 pkey_gost_derive_init, pkey_gost_ec_derive);
980 EVP_PKEY_meth_set_paramgen(*pmeth,
981 pkey_gost_paramgen_init,
982 pkey_gost2012_paramgen);
984 case NID_id_GostR3410_2012_512:
985 EVP_PKEY_meth_set_ctrl(*pmeth,
986 pkey_gost_ctrl, pkey_gost_ec_ctrl_str_512);
987 EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
988 EVP_PKEY_meth_set_verify(*pmeth, NULL, pkey_gost_ec_cp_verify);
990 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost2012cp_keygen);
992 EVP_PKEY_meth_set_encrypt(*pmeth,
993 pkey_gost_encrypt_init,
995 EVP_PKEY_meth_set_decrypt(*pmeth, NULL, pkey_gost_decrypt);
996 EVP_PKEY_meth_set_derive(*pmeth,
997 pkey_gost_derive_init, pkey_gost_ec_derive);
998 EVP_PKEY_meth_set_paramgen(*pmeth,
999 pkey_gost_paramgen_init,
1000 pkey_gost2012_paramgen);
1002 case NID_id_Gost28147_89_MAC:
1003 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
1004 pkey_gost_mac_ctrl_str);
1005 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
1006 pkey_gost_mac_signctx);
1007 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen);
1008 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
1009 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1010 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1012 case NID_gost_mac_12:
1013 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
1014 pkey_gost_mac_ctrl_str);
1015 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
1016 pkey_gost_mac_signctx);
1017 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_mac_keygen_12);
1018 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
1019 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1020 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1023 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_magma_mac_ctrl,
1024 pkey_gost_magma_mac_ctrl_str);
1025 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_magma_mac_signctx_init,
1026 pkey_gost_mac_signctx);
1027 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_magma_mac_keygen);
1028 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_magma_mac_init);
1029 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1030 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1032 case NID_grasshopper_mac:
1033 case NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac: /* FIXME beldmit */
1034 EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_grasshopper_mac_ctrl,
1035 pkey_gost_grasshopper_mac_ctrl_str);
1036 EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_grasshopper_mac_signctx_init,
1037 pkey_gost_mac_signctx);
1038 EVP_PKEY_meth_set_keygen(*pmeth, NULL, pkey_gost_grasshopper_mac_keygen);
1039 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_grasshopper_mac_init);
1040 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
1041 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
1043 default: /* Unsupported method */
1046 EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
1047 EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_cleanup);
1049 EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_copy);
1051 * FIXME derive etc...
projects / openssl-gost / engine.git / blob