EC_GROUP_get0_order(grp), ctx))
goto err;
- /* these two curves have cofactor 4; the rest have cofactor 1 */
+#if 0
+ /*-
+ * These two curves have cofactor 4; the rest have cofactor 1.
+ * But currently gost_ec_point_mul takes care of the cofactor clearing,
+ * hence this code is not needed.
+ */
switch (EC_GROUP_get_curve_name(grp)) {
case NID_id_tc26_gost_3410_2012_256_paramSetA:
case NID_id_tc26_gost_3410_2012_512_paramSetC:
goto err;
break;
}
+#endif
if (!gost_ec_point_mul(grp, pnt, NULL, pub_key, scalar, ctx)) {
GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_ERROR_POINT_MUL);
}
/*
+ * KEG Algorithm described in R 1323565.1.020-2018 6.4.5.1.
* keyout expected to be 64 bytes
* */
static int gost_keg(const unsigned char *ukm_source, int pkey_nid,
* EVP_PKEY_METHOD callback derive.
* Implements VKO R 34.10-2001/2012 algorithms
*/
+/*
+ * Backend for EVP_PKEY_derive()
+ * It have KEG mode (default) and VKO mode (enable by EVP_PKEY_CTRL_SET_VKO).
+ */
int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
/*
GOSTerr(GOST_F_PKEY_GOST_EC_DERIVE, GOST_R_UKM_NOT_SET);
return 0;
}
+
+ /* VKO */
+ if (data->vko_dgst_nid) {
+ if (!key) {
+ *keylen = data->vko_dgst_nid == NID_id_GostR3411_2012_256? 32 : 64;
+ return 1;
+ }
+ *keylen = VKO_compute_key(key,
+ EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
+ (EC_KEY *)EVP_PKEY_get0(my_key),
+ data->shared_ukm, data->shared_ukm_size,
+ data->vko_dgst_nid);
+ return (*keylen) ? 1 : 0;
+ }
+
/*
* shared_ukm_size = 8 stands for pre-2018 cipher suites
* It means 32 bytes of key length, 8 byte UKM, 32-bytes hash
*
- * shared_ukm_size = 32 stands for pre-2018 cipher suites
+ * shared_ukm_size = 32 stands for post-2018 cipher suites
* It means 64 bytes of shared_key, 16 bytes of UKM and either
* 64 bytes of hash or 64 bytes of TLSTREE output
* */
*keylen = 32;
return 1;
}
-
EVP_PKEY_get_default_digest_nid(my_key, &dgst_nid);
if (dgst_nid == NID_id_GostR3411_2012_512)
dgst_nid = NID_id_GostR3411_2012_256;
EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
int pkey_nid = EVP_PKEY_base_id(pubk);
- ASN1_OBJECT *crypt_params_obj = (pkey_nid == NID_id_GostR3410_2001) ?
+ ASN1_OBJECT *crypt_params_obj = (pkey_nid == NID_id_GostR3410_2001 || pkey_nid == NID_id_GostR3410_2001DH) ?
OBJ_nid2obj(NID_id_Gost28147_89_CryptoPro_A_ParamSet) :
OBJ_nid2obj(NID_id_tc26_gost_28147_param_Z);
const struct gost_cipher_info *param =
int key_is_ephemeral = 1;
gost_ctx cctx;
EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx);
+ int res_len = 0;
+
if (data->shared_ukm_size) {
memcpy(ukm, data->shared_ukm, 8);
} else {
goto err;
}
}
- if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0)
+ res_len = i2d_GOST_KEY_TRANSPORT(gkt, NULL);
+ if (res_len <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, ERR_R_ASN1_LIB);
+ goto err;
+ }
+
+ if (out == NULL) {
+ *out_len = res_len;
ret = 1;
+ } else {
+ if ((size_t)res_len > *out_len) {
+ GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_INVALID_BUFFER_SIZE);
+ goto err;
+ }
+ if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, &out)) > 0)
+ ret = 1;
+ else
+ GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, ERR_R_ASN1_LIB);
+ }
+
OPENSSL_cleanse(shared_key, sizeof(shared_key));
GOST_KEY_TRANSPORT_free(gkt);
return ret;
int exp_len = 0, iv_len = 0;
unsigned char *exp_buf = NULL;
int key_is_ephemeral = 0;
+ int res_len = 0;
switch (data->cipher_nid) {
case NID_magma_ctr:
goto err;
}
- if ((*out_len = i2d_PSKeyTransport_gost(pst, out ? &out : NULL)) > 0)
+ res_len = i2d_PSKeyTransport_gost(pst, NULL);
+ if (res_len <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_ASN1_LIB);
+ goto err;
+ }
+
+ if (out == NULL) {
+ *out_len = res_len;
ret = 1;
+ } else {
+ if ((size_t)res_len > *out_len) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_INVALID_BUFFER_SIZE);
+ goto err;
+ }
+ if ((*out_len = i2d_PSKeyTransport_gost(pst, &out)) > 0)
+ ret = 1;
+ else
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_ASN1_LIB);
+ }
+
err:
OPENSSL_cleanse(expkeys, sizeof(expkeys));
if (key_is_ephemeral)
EVP_PKEY *eph_key = NULL, *peerkey = NULL;
int dgst_nid = NID_undef;
- if (!key) {
- *key_len = 32;
- return 1;
- }
gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len);
if (!gkt) {
GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT,
goto err;
}
+ *key_len = 32;
ret = 1;
err:
OPENSSL_cleanse(sharedKey, sizeof(sharedKey));
size_t in_len)
{
const unsigned char *p = in;
- struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
- EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
+ struct gost_pmeth_data *data;
+ EVP_PKEY *priv;
PSKeyTransport_gost *pst = NULL;
int ret = 0;
unsigned char expkeys[64];
EVP_PKEY *eph_key = NULL;
- int pkey_nid = EVP_PKEY_base_id(priv);
+ int pkey_nid;
int mac_nid = NID_undef;
int iv_len = 0;
+ if (!(data = EVP_PKEY_CTX_get_data(pctx)) ||
+ !(priv = EVP_PKEY_CTX_get0_pkey(pctx))) {
+ GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
+ ret = 0;
+ goto err;
+ }
+ pkey_nid = EVP_PKEY_base_id(priv);
+
switch (data->cipher_nid) {
case NID_magma_ctr:
mac_nid = NID_magma_mac;
return -1;
break;
}
- if (!key) {
- *key_len = 32;
- return 1;
- }
pst = d2i_PSKeyTransport_gost(NULL, (const unsigned char **)&p, in_len);
if (!pst) {
o q * Q_eph is not equal to zero point.
*/
+ if (eph_key == NULL) {
+ GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
+ GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
+ ret = 0;
+ goto err;
+ }
+
if (data->shared_ukm_size == 0 && pst->ukm != NULL) {
if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_SET_IV,
ASN1_STRING_length(pst->ukm), (void *)ASN1_STRING_get0_data(pst->ukm)) < 0) {
goto err;
}
+ *key_len = 32;
ret = 1;
err:
OPENSSL_cleanse(expkeys, sizeof(expkeys));
size_t *key_len, const unsigned char *in, size_t in_len)
{
struct gost_pmeth_data *gctx = EVP_PKEY_CTX_get_data(pctx);
+
+ if (key == NULL) {
+ *key_len = 32;
+ return 1;
+ }
+
+ if (key != NULL && *key_len < 32) {
+ GOSTerr(GOST_F_PKEY_GOST_DECRYPT, GOST_R_INVALID_BUFFER_SIZE);
+ return 0;
+ }
+
switch (gctx->cipher_nid)
{
case NID_id_Gost28147_89:
return -1;
}
}
+/* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */
projects / openssl-gost / engine.git / blobdiff