{ERR_PACK(0, GOST_F_GOST_IMIT_CTRL, 0), "gost_imit_ctrl"},
{ERR_PACK(0, GOST_F_GOST_IMIT_FINAL, 0), "gost_imit_final"},
{ERR_PACK(0, GOST_F_GOST_IMIT_UPDATE, 0), "gost_imit_update"},
+ {ERR_PACK(0, GOST_F_GOST_KDFTREE2012_256, 0), "gost_kdftree2012_256"},
{ERR_PACK(0, GOST_F_GOST_KEXP15, 0), "gost_kexp15"},
{ERR_PACK(0, GOST_F_GOST_KIMP15, 0), "gost_kimp15"},
{ERR_PACK(0, GOST_F_OMAC_ACPKM_IMIT_CTRL, 0), "omac_acpkm_imit_ctrl"},
# define GOST_F_GOST_IMIT_CTRL 113
# define GOST_F_GOST_IMIT_FINAL 114
# define GOST_F_GOST_IMIT_UPDATE 115
+# define GOST_F_GOST_KDFTREE2012_256 149
# define GOST_F_GOST_KEXP15 143
# define GOST_F_GOST_KIMP15 148
# define GOST_F_OMAC_ACPKM_IMIT_CTRL 144
GOST_F_GOST_IMIT_CTRL:113:gost_imit_ctrl
GOST_F_GOST_IMIT_FINAL:114:gost_imit_final
GOST_F_GOST_IMIT_UPDATE:115:gost_imit_update
+GOST_F_GOST_KDFTREE2012_256:149:gost_kdftree2012_256
GOST_F_GOST_KEXP15:143:gost_kexp15
GOST_F_GOST_KIMP15:148:gost_kimp15
GOST_F_OMAC_ACPKM_IMIT_CTRL:144:omac_acpkm_imit_ctrl
/* Implementation of CryptoPro VKO 34.10-2001/2012 algorithm */
static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size,
const EC_POINT *pub_key, EC_KEY *priv_key,
- const unsigned char *ukm, int dgst_nid)
+ const unsigned char *ukm, size_t ukm_size,
+ int vko_dgst_nid)
{
unsigned char *databuf = NULL;
BIGNUM *UKM = NULL, *p = NULL, *order = NULL, *X = NULL, *Y = NULL;
BN_CTX *ctx = BN_CTX_new();
EVP_MD_CTX *mdctx = NULL;
const EVP_MD *md = NULL;
- int effective_dgst_nid = (dgst_nid == NID_id_GostR3411_2012_512) ?
- NID_id_GostR3411_2012_256 : dgst_nid;
- int buf_len = (dgst_nid == NID_id_GostR3411_2012_512) ? 128 : 64,
- half_len = buf_len >> 1;
+ int buf_len, half_len;
int ret = 0;
if (!ctx) {
}
BN_CTX_start(ctx);
- databuf = OPENSSL_zalloc(buf_len);
- if (!databuf) {
- GOSTerr(GOST_F_VKO_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- md = EVP_get_digestbynid(effective_dgst_nid);
+ md = EVP_get_digestbynid(vko_dgst_nid);
if (!md) {
GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_INVALID_DIGEST_TYPE);
goto err;
}
- UKM = hashsum2bn(ukm, 8);
+ UKM = hashsum2bn(ukm, ukm_size);
p = BN_CTX_get(ctx);
order = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
}
EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
pnt, X, Y, ctx);
+
+ half_len = BN_num_bytes(order);
+ buf_len = 2 * half_len;
+ databuf = OPENSSL_zalloc(buf_len);
+ if (!databuf) {
+ GOSTerr(GOST_F_VKO_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
/*
* Serialize elliptic curve point same way as we do it when saving key
*/
EVP_DigestInit_ex(mdctx, md, NULL);
EVP_DigestUpdate(mdctx, databuf, buf_len);
EVP_DigestFinal_ex(mdctx, shared_key, NULL);
- ret = 32;
+ ret = (EVP_MD_size(md) > 0) ? EVP_MD_size(md) : 0;
err:
BN_free(UKM);
return ret;
}
+/*
+ * keyout expected to be 64 bytes
+ * */
+static int gost_keg(const unsigned char *ukm_source, int pkey_nid,
+ const EC_POINT *pub_key, EC_KEY *priv_key,
+ unsigned char *keyout)
+{
+/* Adjust UKM */
+ unsigned char real_ukm[16];
+ size_t keylen;
+
+ memset(real_ukm, 0, 16);
+ if (memcmp(ukm_source, real_ukm, 16) == 0)
+ real_ukm[15] = 1;
+ else
+ memcpy(real_ukm, ukm_source, 16);
+
+ switch (pkey_nid) {
+ case NID_id_GostR3410_2012_512:
+ keylen =
+ VKO_compute_key(keyout, 64, pub_key, priv_key, real_ukm, 16,
+ NID_id_GostR3411_2012_512);
+ return (keylen) ? keylen : 0;
+ break;
+
+ case NID_id_GostR3410_2012_256:
+ {
+ unsigned char tmpkey[32];
+ keylen =
+ VKO_compute_key(tmpkey, 32, pub_key, priv_key, real_ukm, 16,
+ NID_id_GostR3411_2012_256);
+
+ if (keylen == 0)
+ return 0;
+
+ if (gost_kdftree2012_256
+ (keyout, 64, tmpkey, 32, (const unsigned char *)"kdf tree", 8,
+ ukm_source + 16, 8, 1) > 0)
+ keylen = 64;
+ else
+ keylen = 0;
+
+ OPENSSL_cleanse(tmpkey, 32);
+ return (keylen) ? keylen : 0;
+ break;
+ }
+ default:
+ return 0;
+ }
+}
+
/*
* EVP_PKEY_METHOD callback derive.
* Implements VKO R 34.10-2001/2012 algorithms
GOSTerr(GOST_F_PKEY_GOST_EC_DERIVE, GOST_R_UKM_NOT_SET);
return 0;
}
+ /*
+ * shared_ukm_size = 8 stands for pre-2018 cipher suites
+ * It means 32 bytes of key length, 8 byte UKM, 32-bytes hash
+ *
+ * shared_ukm_size = 32 stands for pre-2018 cipher suites
+ * It means 64 bytes of shared_key, 16 bytes of UKM and either
+ * 64 bytes of hash or 64 bytes of TLSTREE output
+ * */
- if (key == NULL) {
- *keylen = 32;
- return 1;
- }
+ switch (data->shared_ukm_size) {
+ case 8:
+ {
+ if (key == NULL) {
+ *keylen = 32;
+ return 1;
+ }
- EVP_PKEY_get_default_digest_nid(my_key, &dgst_nid);
+ EVP_PKEY_get_default_digest_nid(my_key, &dgst_nid);
+ if (dgst_nid == NID_id_GostR3411_2012_512)
+ dgst_nid = NID_id_GostR3411_2012_256;
- *keylen =
- VKO_compute_key(key, 32,
- EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
- (EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm,
- dgst_nid);
- return (*keylen) ? 1 : 0;
+ *keylen =
+ VKO_compute_key(key, 32,
+ EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
+ (EC_KEY *)EVP_PKEY_get0(my_key),
+ data->shared_ukm, 8, dgst_nid);
+ return (*keylen) ? 1 : 0;
+ }
+ break;
+ case 32:
+ {
+ if (key == NULL) {
+ *keylen = 64;
+ return 1;
+ }
+
+ *keylen = gost_keg(data->shared_ukm, EVP_PKEY_id(my_key),
+ EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)),
+ (EC_KEY *)EVP_PKEY_get0(my_key), key);
+ return (*keylen) ? 1 : 0;
+ }
+
+ break;
+ default:
+ return 0;
+ }
}
/*
/*
* EVP_PKEY_METHOD callback encrypt
- * Implementation of GOST2001 key transport, cryptopo variation
+ * Implementation of GOST2001/12 key transport, cryptopro variation
*/
int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
if (out) {
int dgst_nid = NID_undef;
EVP_PKEY_get_default_digest_nid(pubk, &dgst_nid);
+ if (dgst_nid == NID_id_GostR3411_2012_512)
+ dgst_nid = NID_id_GostR3411_2012_256;
if (!VKO_compute_key(shared_key, 32,
EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),
- EVP_PKEY_get0(sec_key), ukm, dgst_nid)) {
+ EVP_PKEY_get0(sec_key), ukm, 8, dgst_nid)) {
GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT,
GOST_R_ERROR_COMPUTING_SHARED_KEY);
goto err;
memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4);
EVP_PKEY_get_default_digest_nid(priv, &dgst_nid);
+ if (dgst_nid == NID_id_GostR3411_2012_512)
+ dgst_nid = NID_id_GostR3411_2012_256;
+
if (!VKO_compute_key(sharedKey, 32,
EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)),
- EVP_PKEY_get0(priv), wrappedKey, dgst_nid)) {
+ EVP_PKEY_get0(priv), wrappedKey, 8, dgst_nid)) {
GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT,
GOST_R_ERROR_COMPUTING_SHARED_KEY);
goto err;
extern
void dump_signature(const char *message, const unsigned char *buffer,
size_t len);
-void dump_dsa_sig(const char *message, DSA_SIG *sig);
+void dump_dsa_sig(const char *message, ECDSA_SIG *sig);
#else
# define dump_signature(a,b,c)
}
/*
- * Computes gost_ec signature as DSA_SIG structure
+ * Computes gost_ec signature as ECDSA_SIG structure
*
*/
-DSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+ECDSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
{
- DSA_SIG *newsig = NULL, *ret = NULL;
+ ECDSA_SIG *newsig = NULL, *ret = NULL;
BIGNUM *md = NULL;
BIGNUM *order = NULL;
const EC_GROUP *group;
BN_CTX_start(ctx);
OPENSSL_assert(dlen == 32 || dlen == 64);
md = hashsum2bn(dgst, dlen);
- newsig = DSA_SIG_new();
+ newsig = ECDSA_SIG_new();
if (!newsig || !md) {
GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
GOSTerr(GOST_F_GOST_EC_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
- DSA_SIG_set0(newsig, new_r, new_s);
+ ECDSA_SIG_set0(newsig, new_r, new_s);
ret = newsig;
err:
if (md)
BN_free(md);
if (!ret && newsig) {
- DSA_SIG_free(newsig);
+ ECDSA_SIG_free(newsig);
}
return ret;
}
*
*/
int gost_ec_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, EC_KEY *ec)
+ ECDSA_SIG *sig, EC_KEY *ec)
{
BN_CTX *ctx;
const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;
goto err;
}
- DSA_SIG_get0(sig, &sig_r, &sig_s);
+ ECDSA_SIG_get0(sig, &sig_r, &sig_s);
if (BN_is_zero(sig_s) || BN_is_zero(sig_r) ||
(BN_cmp(sig_s, order) >= 1) || (BN_cmp(sig_r, order) >= 1)) {
+#include <arpa/inet.h>
#include <string.h>
#include <openssl/evp.h>
+#include <openssl/hmac.h>
#include "gost_lcl.h"
#include "e_gost_err.h"
* */
int gost_kexp15(const unsigned char *shared_key, const int shared_len,
int cipher_nid, const unsigned char *cipher_key,
- const size_t cipher_key_len, int mac_nid,
- unsigned char *mac_key, const size_t mac_key_len,
- const unsigned char *iv, const size_t ivlen, unsigned char *out,
- int *out_len)
+ int mac_nid, unsigned char *mac_key,
+ const unsigned char *iv, const size_t ivlen,
+ unsigned char *out, int *out_len)
{
unsigned char iv_full[16], mac_buf[16];
unsigned int mac_len;
}
if (EVP_DigestInit_ex(mac, EVP_get_digestbynid(mac_nid), NULL) <= 0
- || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, mac_key_len, mac_key) <= 0
+ || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0
|| EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_MAC_LEN, mac_len, NULL) <= 0
|| EVP_DigestUpdate(mac, iv, ivlen) <= 0
|| EVP_DigestUpdate(mac, shared_key, shared_len) <= 0
int gost_kimp15(const unsigned char *expkey, const size_t expkeylen,
int cipher_nid, const unsigned char *cipher_key,
- const size_t cipher_key_len, int mac_nid,
- unsigned char *mac_key, const size_t mac_key_len,
+ int mac_nid, unsigned char *mac_key,
const unsigned char *iv, const size_t ivlen,
unsigned char *shared_key, size_t shared_len)
{
ciph = EVP_CIPHER_CTX_new();
if (ciph == NULL) {
- GOSTerr(GOST_F_GOST_KEXP15, ERR_R_MALLOC_FAILURE);
+ GOSTerr(GOST_F_GOST_KIMP15, ERR_R_MALLOC_FAILURE);
goto err;
}
mac = EVP_MD_CTX_new();
if (mac == NULL) {
- GOSTerr(GOST_F_GOST_KEXP15, ERR_R_MALLOC_FAILURE);
+ GOSTerr(GOST_F_GOST_KIMP15, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_DigestInit_ex(mac, EVP_get_digestbynid(mac_nid), NULL) <= 0
- || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, mac_key_len, mac_key) <= 0
+ || EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_SET_KEY, 32, mac_key) <= 0
|| EVP_MD_CTX_ctrl(mac, EVP_MD_CTRL_MAC_LEN, mac_len, NULL) <= 0
|| EVP_DigestUpdate(mac, iv, ivlen) <= 0
|| EVP_DigestUpdate(mac, out, shared_len) <= 0
return ret;
}
-/*
- * keyout expected to be 64 bytes
- * */
-int gost_keg(const unsigned char *seckey, const size_t seckey_len,
- const EC_POINT *pub, const unsigned char *h, unsigned char *keyout)
+int gost_kdftree2012_256(unsigned char *keyout, size_t keyout_len,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *label, size_t label_len,
+ const unsigned char *seed, size_t seed_len,
+ const size_t representation)
{
- return 0;
+ int iters, i = 0;
+ unsigned char zero = 0;
+ unsigned char *ptr = keyout;
+ HMAC_CTX *ctx = NULL;
+ unsigned char *len_ptr = NULL;
+ uint32_t len_repr = htonl(keyout_len * 8);
+ size_t len_repr_len = 4;
+
+ ctx = HMAC_CTX_new();
+ if (ctx == NULL) {
+ GOSTerr(GOST_F_GOST_KDFTREE2012_256, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if ((keyout_len == 0) || (keyout_len % 32 != 0)) {
+ GOSTerr(GOST_F_GOST_KDFTREE2012_256, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ iters = keyout_len / 32;
+
+ len_ptr = (unsigned char *)&len_repr;
+ while (*len_ptr == 0) {
+ len_ptr++;
+ len_repr_len--;
+ }
+
+ for (i = 1; i <= iters; i++) {
+ uint32_t iter_net = htonl(i);
+ unsigned char *rep_ptr =
+ ((unsigned char *)&iter_net) + (4 - representation);
+
+ if (HMAC_Init_ex(ctx, key, keylen,
+ EVP_get_digestbynid(NID_id_GostR3411_2012_256),
+ NULL) <= 0
+ || HMAC_Update(ctx, rep_ptr, representation) <= 0
+ || HMAC_Update(ctx, label, label_len) <= 0
+ || HMAC_Update(ctx, &zero, 1) <= 0
+ || HMAC_Update(ctx, seed, seed_len) <= 0
+ || HMAC_Update(ctx, len_ptr, len_repr_len) <= 0
+ || HMAC_Final(ctx, ptr, NULL) <= 0) {
+ GOSTerr(GOST_F_GOST_KDFTREE2012_256, ERR_R_INTERNAL_ERROR);
+ HMAC_CTX_free(ctx);
+ return 0;
+ }
+
+ HMAC_CTX_reset(ctx);
+ ptr += 32;
+ }
+
+ HMAC_CTX_free(ctx);
+
+ return 1;
}
#ifdef ENABLE_UNIT_TESTS
0x5D, 0xAF, 0xE7, 0xB4, 0x2E, 0x3A, 0x8B, 0xD9
};
+ unsigned char kdftree_key[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
+ };
+
+ unsigned char kdf_label[] = { 0x26, 0xBD, 0xB8, 0x78 };
+ unsigned char kdf_seed[] =
+ { 0xAF, 0x21, 0x43, 0x41, 0x45, 0x65, 0x63, 0x78 };
+ const unsigned char kdf_etalon[] = {
+ 0x22, 0xB6, 0x83, 0x78, 0x45, 0xC6, 0xBE, 0xF6,
+ 0x5E, 0xA7, 0x16, 0x72, 0xB2, 0x65, 0x83, 0x10,
+ 0x86, 0xD3, 0xC7, 0x6A, 0xEB, 0xE6, 0xDA, 0xE9,
+ 0x1C, 0xAD, 0x51, 0xD8, 0x3F, 0x79, 0xD1, 0x6B,
+ 0x07, 0x4C, 0x93, 0x30, 0x59, 0x9D, 0x7F, 0x8D,
+ 0x71, 0x2F, 0xCA, 0x54, 0x39, 0x2F, 0x4D, 0xDD,
+ 0xE9, 0x37, 0x51, 0x20, 0x6B, 0x35, 0x84, 0xC8,
+ 0xF4, 0x3F, 0x9E, 0x6D, 0xC5, 0x15, 0x31, 0xF9
+ };
+
unsigned char buf[32 + 16];
int ret = 0;
int outlen = 40;
+ unsigned char kdf_result[64];
OpenSSL_add_all_algorithms();
memset(buf, 0, sizeof(buf));
ret = gost_kexp15(shared_key, 32,
- NID_magma_ctr, magma_key, 32,
- NID_magma_mac, mac_magma_key, 32,
- magma_iv, 4, buf, &outlen);
+ NID_magma_ctr, magma_key,
+ NID_magma_mac, mac_magma_key, magma_iv, 4, buf, &outlen);
if (ret <= 0)
ERR_print_errors_fp(stderr);
}
ret = gost_kimp15(magma_export, 40,
- NID_magma_ctr, magma_key, 32,
- NID_magma_mac, mac_magma_key, 32, magma_iv, 4, buf, 32);
+ NID_magma_ctr, magma_key,
+ NID_magma_mac, mac_magma_key, magma_iv, 4, buf, 32);
if (ret <= 0)
ERR_print_errors_fp(stderr);
}
}
+ ret = gost_kdftree2012_256(kdf_result, 64, kdftree_key, 32, kdf_label, 4,
+ kdf_seed, 8, 1);
+ if (ret <= 0)
+ ERR_print_errors_fp(stderr);
+ else {
+ hexdump(stdout, "KDF TREE", kdf_result, 64);
+ if (memcmp(kdf_result, kdf_etalon, 64) != 0) {
+ fprintf(stdout, "ERROR! test failed\n");
+ }
+ }
+
return 0;
}
**********************************************************************/
# include <openssl/bn.h>
# include <openssl/evp.h>
-# include <openssl/dsa.h>
# include <openssl/asn1t.h>
# include <openssl/x509.h>
# include <openssl/engine.h>
char *q;
char *x;
char *y;
- char *cofactor;
+ char *cofactor;
} R3410_ec_params;
extern R3410_ec_params R3410_2001_paramset[],
* filled */
EVP_MD *md;
unsigned char *shared_ukm;
- size_t shared_ukm_size; /* XXX temporary use shared_ukm and hash for 2018 CKE*/
+ size_t shared_ukm_size; /* XXX temporary use shared_ukm and hash for 2018 CKE */
int peer_key_used;
- int cipher_nid; /* KExp15/KImp15 algs*/
+ int cipher_nid; /* KExp15/KImp15 algs */
};
struct gost_mac_pmeth_data {
const EVP_CIPHER *cipher_magma_ctr();
void cipher_gost_destroy();
-void inc_counter(unsigned char* buffer, size_t buf_len);
+void inc_counter(unsigned char *buffer, size_t buf_len);
# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
size_t in_len);
/* derive functions */
/* From gost_ec_keyx.c */
-int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
- size_t *keylen);
+int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
int fill_GOST_EC_params(EC_KEY *eckey, int nid);
-int gost_sign_keygen(DSA *dsa);
int gost_ec_keygen(EC_KEY *ec);
-DSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey);
-
-int gost_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
+ECDSA_SIG *gost_ec_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey);
int gost_ec_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, EC_KEY *ec);
+ ECDSA_SIG *sig, EC_KEY *ec);
int gost_ec_compute_public(EC_KEY *ec);
+
+/* KDF TREE */
+int gost_kdftree2012_256(unsigned char *keyout, size_t keyout_len,
+ const unsigned char *key, size_t keylen,
+ const unsigned char *label, size_t label_len,
+ const unsigned char *seed, size_t seed_len,
+ const size_t representation);
/*============== miscellaneous functions============================= */
/* from gost_sign.c */
/* Convert GOST R 34.11 hash sum to bignum according to standard */
*/
int store_bignum(const BIGNUM *bn, unsigned char *buf, int len);
/* Pack GOST R 34.10 signature according to CryptoPro rules */
-int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
+int pack_sign_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
/* from ameth.c */
/* Get private key as BIGNUM from both 34.10-2001 keys*/
/* Returns pointer into EVP_PKEY structure */
/* ----------- sign callbacks --------------------------------------*/
/*
* Packs signature according to Cryptopro rules
- * and frees up DSA_SIG structure
+ * and frees up ECDSA_SIG structure
*/
-int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
+int pack_sign_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
{
const BIGNUM *sig_r = NULL, *sig_s = NULL;
- DSA_SIG_get0(s, &sig_r, &sig_s);
+ ECDSA_SIG_get0(s, &sig_r, &sig_s);
*siglen = 2 * order;
memset(sig, 0, *siglen);
store_bignum(sig_s, sig, order);
store_bignum(sig_r, sig + order, order);
- DSA_SIG_free(s);
+ ECDSA_SIG_free(s);
return 1;
}
size_t *siglen, const unsigned char *tbs,
size_t tbs_len)
{
- DSA_SIG *unpacked_sig = NULL;
+ ECDSA_SIG *unpacked_sig = NULL;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
int order = 0;
/* ------------------- verify callbacks ---------------------------*/
/* Unpack signature according to cryptopro rules */
-DSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen)
+ECDSA_SIG *unpack_cp_signature(const unsigned char *sigbuf, size_t siglen)
{
- DSA_SIG *sig;
+ ECDSA_SIG *sig;
BIGNUM *r = NULL, *s = NULL;
- sig = DSA_SIG_new();
+ sig = ECDSA_SIG_new();
if (sig == NULL) {
GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
return NULL;
}
s = BN_bin2bn(sigbuf, siglen / 2, NULL);
r = BN_bin2bn(sigbuf + siglen / 2, siglen / 2, NULL);
- DSA_SIG_set0(sig, r, s);
+ ECDSA_SIG_set0(sig, r, s);
return sig;
}
{
int ok = 0;
EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
- DSA_SIG *s = (sig) ? unpack_cp_signature(sig, siglen) : NULL;
+ ECDSA_SIG *s = (sig) ? unpack_cp_signature(sig, siglen) : NULL;
if (!s)
return 0;
#ifdef DEBUG_SIGN
#endif
if (pub_key)
ok = gost_ec_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
- DSA_SIG_free(s);
+ ECDSA_SIG_free(s);
return ok;
}