GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_ERROR_POINT_MUL);
goto err;
}
- EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key),
+ EC_POINT_get_affine_coordinates(EC_KEY_get0_group(priv_key),
pnt, X, Y, ctx);
half_len = BN_num_bytes(order);
* Implementation of GOST2001/12 key transport, cryptopro variation
*/
-int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
+static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
size_t *out_len, const unsigned char *key,
size_t key_len)
{
/*
* EVP_PKEY_METHOD callback decrypt
- * Implementation of GOST2001 key transport, cryptopo variation
+ * Implementation of GOST2018 key transport
*/
-int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
+static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
+ size_t *out_len, const unsigned char *key,
+ size_t key_len)
+{
+ PSKeyTransport_gost *pst = NULL;
+ EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx);
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
+ int pkey_nid = EVP_PKEY_base_id(pubk);
+ unsigned char expkeys[64];
+ EVP_PKEY *sec_key = NULL;
+ int ret = 0;
+ int mac_nid = NID_undef;
+ size_t mac_len = 0;
+ int exp_len = 0, iv_len = 0;
+ unsigned char *exp_buf = NULL;
+
+ switch (data->cipher_nid) {
+ case NID_magma_ctr:
+ mac_nid = NID_magma_mac;
+ mac_len = 8;
+ iv_len = 4;
+ break;
+ case NID_grasshopper_ctr:
+ mac_nid = NID_grasshopper_mac;
+ mac_len = 16;
+ iv_len = 8;
+ break;
+ default:
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_INVALID_CIPHER);
+ return -1;
+ break;
+ }
+ exp_len = key_len + mac_len;
+ exp_buf = OPENSSL_malloc(exp_len);
+ if (!exp_buf) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+
+ sec_key = EVP_PKEY_new();
+ if (!EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new())
+ || !EVP_PKEY_copy_parameters(sec_key, pubk)
+ || !gost_ec_keygen(EVP_PKEY_get0(sec_key))) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT,
+ GOST_R_ERROR_COMPUTING_SHARED_KEY);
+ goto err;
+ }
+
+ if (gost_keg(data->shared_ukm, pkey_nid,
+ EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)),
+ EVP_PKEY_get0(sec_key), expkeys) <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT,
+ GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
+ goto err;
+ }
+
+ if (gost_kexp15(key, key_len, data->cipher_nid, expkeys + 32,
+ mac_nid, expkeys + 0, data->shared_ukm + 24, iv_len,
+ exp_buf, &exp_len) <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
+ goto err;
+ }
+
+ pst = PSKeyTransport_gost_new();
+ if (!pst) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!ASN1_OCTET_STRING_set(pst->psexp, exp_buf, exp_len)) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!X509_PUBKEY_set(&pst->ephem_key, out ? sec_key : pubk)) {
+ GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_CANNOT_PACK_EPHEMERAL_KEY);
+ goto err;
+ }
+
+ EVP_PKEY_free(sec_key);
+
+ if ((*out_len = i2d_PSKeyTransport_gost(pst, out ? &out : NULL)) > 0)
+ ret = 1;
+ err:
+ PSKeyTransport_gost_free(pst);
+ OPENSSL_free(exp_buf);
+ return ret;
+}
+
+int pkey_gost_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
+ size_t *out_len, const unsigned char *key, size_t key_len)
+{
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
+ if (data->shared_ukm == NULL || data->shared_ukm_size == 8)
+ return pkey_GOST_ECcp_encrypt(pctx, out, out_len, key, key_len);
+ else if (data->shared_ukm_size == 32)
+ return pkey_gost2018_encrypt(pctx, out, out_len, key, key_len);
+ else {
+ GOSTerr(GOST_F_PKEY_GOST_ENCRYPT, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+}
+
+/*
+ * EVP_PKEY_METHOD callback decrypt
+ * Implementation of GOST2001/12 key transport, cryptopro variation
+ */
+static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
size_t *key_len, const unsigned char *in,
size_t in_len)
{
GOST_KEY_TRANSPORT_free(gkt);
return ret;
}
+
+/*
+ * EVP_PKEY_METHOD callback decrypt
+ * Implementation of GOST2018 key transport
+ */
+static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
+ size_t *key_len, const unsigned char *in,
+ size_t in_len)
+{
+ const unsigned char *p = in;
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
+ EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx);
+ PSKeyTransport_gost *pst = NULL;
+ int ret = 0;
+ unsigned char expkeys[64];
+ EVP_PKEY *eph_key = NULL;
+ int pkey_nid = EVP_PKEY_base_id(priv);
+ int mac_nid = NID_undef;
+ int iv_len = 0;
+
+ switch (data->cipher_nid) {
+ case NID_magma_ctr:
+ mac_nid = NID_magma_mac;
+ iv_len = 4;
+ break;
+ case NID_grasshopper_ctr:
+ mac_nid = NID_grasshopper_mac;
+ iv_len = 8;
+ break;
+ default:
+ GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_INVALID_CIPHER);
+ return -1;
+ break;
+ }
+ if (!key) {
+ *key_len = 32;
+ return 1;
+ }
+
+ pst = d2i_PSKeyTransport_gost(NULL, (const unsigned char **)&p, in_len);
+ if (!pst) {
+ GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
+ GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO);
+ return -1;
+ }
+
+ eph_key = X509_PUBKEY_get(pst->ephem_key);
+/*
+ * TODO beldmit
+ 1. Checks the next three conditions fulfilling and terminates the
+ connection with fatal error if not.
+
+ o Q_eph is on the same curve as server public key;
+
+ o Q_eph is not equal to zero point;
+
+ o q * Q_eph is not equal to zero point.
+*/
+ if (gost_keg(data->shared_ukm, pkey_nid,
+ EC_KEY_get0_public_key(EVP_PKEY_get0(eph_key)),
+ EVP_PKEY_get0(priv), expkeys) <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
+ GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
+ goto err;
+ }
+
+ if (gost_kimp15(ASN1_STRING_get0_data(pst->psexp),
+ ASN1_STRING_length(pst->psexp), data->cipher_nid,
+ expkeys + 32, mac_nid, expkeys + 0, data->shared_ukm + 24,
+ iv_len, key) <= 0) {
+ GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_CANNOT_UNPACK_EPHEMERAL_KEY);
+ goto err;
+ }
+
+ ret = 1;
+ err:
+ EVP_PKEY_free(eph_key);
+ PSKeyTransport_gost_free(pst);
+ return ret;
+}
+
+int pkey_gost_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key,
+ size_t *key_len, const unsigned char *in, size_t in_len)
+{
+ struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx);
+ if (data->shared_ukm == NULL || data->shared_ukm_size == 8)
+ return pkey_GOST_ECcp_decrypt(pctx, key, key_len, in, in_len);
+ else if (data->shared_ukm_size == 32)
+ return pkey_gost2018_decrypt(pctx, key, key_len, in, in_len);
+ else {
+ GOSTerr(GOST_F_PKEY_GOST_DECRYPT, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+}