-/**********************************************************************
- * gost_sign.c *
- * Copyright (c) 2005-2006 Cryptocom LTD *
- * This file is distributed under the same license as OpenSSL *
- * *
- * Implementation of GOST R 34.10-94 signature algorithm *
- * for OpenSSL *
- * Requires OpenSSL 0.9.9 for compilation *
- **********************************************************************/
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-
-#include "gost_params.h"
-#include "gost_lcl.h"
-#include "e_gost_err.h"
-
-#ifdef DEBUG_SIGN
-void dump_signature(const char *message, const unsigned char *buffer,
- size_t len)
-{
- size_t i;
- fprintf(stderr, "signature %s Length=%d", message, len);
- for (i = 0; i < len; i++) {
- if (i % 16 == 0)
- fputc('\n', stderr);
- fprintf(stderr, " %02x", buffer[i]);
- }
- fprintf(stderr, "\nEnd of signature\n");
-}
-
-void dump_dsa_sig(const char *message, DSA_SIG *sig)
-{
- fprintf(stderr, "%s\nR=", message);
- BN_print_fp(stderr, sig->r);
- fprintf(stderr, "\nS=");
- BN_print_fp(stderr, sig->s);
- fprintf(stderr, "\n");
-}
-
-#else
-
-# define dump_signature(a,b,c)
-# define dump_dsa_sig(a,b)
-#endif
-
-/*
- * Computes signature and returns it as DSA_SIG structure
- */
-DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
- BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
- DSA_SIG *newsig = NULL, *ret = NULL;
- BIGNUM *md = hashsum2bn(dgst);
- /* check if H(M) mod q is zero */
- BN_CTX *ctx = BN_CTX_new();
- if(!ctx) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BN_CTX_start(ctx);
- newsig = DSA_SIG_new();
- if (!newsig) {
- GOSTerr(GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);
- goto err;
- }
- tmp = BN_CTX_get(ctx);
- k = BN_CTX_get(ctx);
- tmp2 = BN_CTX_get(ctx);
- if(!tmp || !k || !tmp2) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BN_mod(tmp, md, dsa->q, ctx);
- if (BN_is_zero(tmp)) {
- BN_one(md);
- }
- do {
- do {
- /*
- * Generate random number k less than q
- */
- BN_rand_range(k, dsa->q);
- /* generate r = (a^x mod p) mod q */
- BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
- if (!(newsig->r)) {
- newsig->r = BN_new();
- if(!newsig->r) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- BN_mod(newsig->r, tmp, dsa->q, ctx);
- }
- while (BN_is_zero(newsig->r));
- /* generate s = (xr + k(Hm)) mod q */
- BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
- BN_mod_mul(tmp2, k, md, dsa->q, ctx);
- if (!newsig->s) {
- newsig->s = BN_new();
- if(!newsig->s) {
- GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
- }
- while (BN_is_zero(newsig->s));
-
- ret = newsig;
- err:
- BN_free(md);
- if(ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if(!ret && newsig) {
- DSA_SIG_free(newsig);
- }
- return ret;
-}
-
-/*
- * Packs signature according to Cryptocom rules
- * and frees up DSA_SIG structure
- */
-/*-
-int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
- {
- *siglen = 2*order;
- memset(sig,0,*siglen);
- store_bignum(s->r, sig,order);
- store_bignum(s->s, sig + order,order);
- dump_signature("serialized",sig,*siglen);
- DSA_SIG_free(s);
- return 1;
- }
-*/
-/*
- * Packs signature according to Cryptopro rules
- * and frees up DSA_SIG structure
- */
-int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
-{
- *siglen = 2 * order;
- memset(sig, 0, *siglen);
- store_bignum(s->s, sig, order);
- store_bignum(s->r, sig + order, order);
- dump_signature("serialized", sig, *siglen);
- DSA_SIG_free(s);
- return 1;
-}
-
-/*
- * Verifies signature passed as DSA_SIG structure
- *
- */
-
-int gost_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
-{
- BIGNUM *md = NULL, *tmp = NULL;
- BIGNUM *q2 = NULL;
- BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
- BIGNUM *tmp2 = NULL, *tmp3 = NULL;
- int ok = 0;
- BN_CTX *ctx = BN_CTX_new();
- if(!ctx) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- BN_CTX_start(ctx);
- if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
- goto err;
- }
- md = hashsum2bn(dgst);
-
- tmp = BN_CTX_get(ctx);
- v = BN_CTX_get(ctx);
- q2 = BN_CTX_get(ctx);
- z1 = BN_CTX_get(ctx);
- z2 = BN_CTX_get(ctx);
- tmp2 = BN_CTX_get(ctx);
- tmp3 = BN_CTX_get(ctx);
- u = BN_CTX_get(ctx);
- if(!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- BN_mod(tmp, md, dsa->q, ctx);
- if (BN_is_zero(tmp)) {
- BN_one(md);
- }
- BN_copy(q2, dsa->q);
- BN_sub_word(q2, 2);
- BN_mod_exp(v, md, q2, dsa->q, ctx);
- BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
- BN_sub(tmp, dsa->q, sig->r);
- BN_mod_mul(z2, tmp, v, dsa->p, ctx);
- BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
- BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
- BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
- BN_mod(u, tmp3, dsa->q, ctx);
- ok = (BN_cmp(u, sig->r) == 0);
-
- if (!ok) {
- GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
- }
-err:
- if(md) BN_free(md);
- if(ctx) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return ok;
-}
-
-/*
- * Computes public keys for GOST R 34.10-94 algorithm
- *
- */
-int gost94_compute_public(DSA *dsa)
-{
- /* Now fill algorithm parameters with correct values */
- BN_CTX *ctx;
- if (!dsa->g) {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
- return 0;
- }
- ctx = BN_CTX_new();
- if(!ctx) {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- dsa->pub_key = BN_new();
- if(!dsa->pub_key) {
- GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
- BN_CTX_free(ctx);
- return 0;
- }
- /* Compute public key y = a^x mod p */
- BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
- BN_CTX_free(ctx);
- return 1;
-}
-
-/*
- * Fill GOST 94 params, searching them in R3410_paramset array
- * by nid of paramset
- *
- */
-int fill_GOST94_params(DSA *dsa, int nid)
-{
- R3410_params *params = R3410_paramset;
- while (params->nid != NID_undef && params->nid != nid)
- params++;
- if (params->nid == NID_undef) {
- GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
- return 0;
- }
-#define dump_signature(a,b,c)
- if (dsa->p) {
- BN_free(dsa->p);
- }
- dsa->p = NULL;
- BN_dec2bn(&(dsa->p), params->p);
- if (dsa->q) {
- BN_free(dsa->q);
- }
- dsa->q = NULL;
- BN_dec2bn(&(dsa->q), params->q);
- if (dsa->g) {
- BN_free(dsa->g);
- }
- dsa->g = NULL;
- BN_dec2bn(&(dsa->g), params->a);
- return 1;
-}
-
-/*
- * Generate GOST R 34.10-94 keypair
- *
- *
- */
-int gost_sign_keygen(DSA *dsa)
-{
- dsa->priv_key = BN_new();
- if(!dsa->priv_key) {
- GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- BN_rand_range(dsa->priv_key, dsa->q);
- return gost94_compute_public(dsa);
-}
-
-/* Unpack signature according to cryptocom rules */
-/*-
-DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
- {
- DSA_SIG *s;
- s = DSA_SIG_new();
- if (s == NULL)
- {
- GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,GOST_R_NO_MEMORY);
- return(NULL);
- }
- s->r = getbnfrombuf(sig, siglen/2);
- s->s = getbnfrombuf(sig + siglen/2, siglen/2);
- return s;
- }
-*/
-/* Unpack signature according to cryptopro rules */
-DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
-{
- DSA_SIG *s;
-
- s = DSA_SIG_new();
- if (s == NULL) {
- GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, GOST_R_NO_MEMORY);
- return NULL;
- }
- s->s = getbnfrombuf(sig, siglen / 2);
- s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
- return s;
-}
-
-/* Convert little-endian byte array into bignum */
-BIGNUM *hashsum2bn(const unsigned char *dgst)
-{
- unsigned char buf[32];
- int i;
- for (i = 0; i < 32; i++) {
- buf[31 - i] = dgst[i];
- }
- return getbnfrombuf(buf, 32);
-}
-
-/* Convert byte buffer to bignum, skipping leading zeros*/
-BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
-{
- while (*buf == 0 && len > 0) {
- buf++;
- len--;
- }
- if (len) {
- return BN_bin2bn(buf, len, NULL);
- } else {
- BIGNUM *b = BN_new();
- BN_zero(b);
- return b;
- }
-}
-
-/*
- * Pack bignum into byte buffer of given size, filling all leading bytes by
- * zeros
- */
-int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
-{
- int bytes = BN_num_bytes(bn);
- if (bytes > len)
- return 0;
- memset(buf, 0, len);
- BN_bn2bin(bn, buf + len - bytes);
- return 1;
-}
projects / openssl-gost / engine.git / commitdiff