X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=gost_ec_keyx.c;h=503d80ba173a3a8e592e66733dfdc16c9e85f851;hb=3383ad117b305cad929bc2aa57f5b724fe699b9a;hp=1e17f8356030e6d26b04e3f78bc611e53a42b196;hpb=be65ae82130e6908c88b975597d05f128057a287;p=openssl-gost%2Fengine.git diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 1e17f83..503d80b 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -229,7 +229,7 @@ int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) * Implementation of GOST2001/12 key transport, cryptopro variation */ -int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, +static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, const unsigned char *key, size_t key_len) { @@ -346,7 +346,7 @@ int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, * EVP_PKEY_METHOD callback decrypt * Implementation of GOST2018 key transport */ -int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, +static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, const unsigned char *key, size_t key_len) { @@ -435,11 +435,25 @@ int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, return ret; } +int pkey_gost_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, + size_t *out_len, const unsigned char *key, size_t key_len) +{ + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); + if (data->shared_ukm == NULL || data->shared_ukm_size == 8) + return pkey_GOST_ECcp_encrypt(pctx, out, out_len, key, key_len); + else if (data->shared_ukm_size == 32) + return pkey_gost2018_encrypt(pctx, out, out_len, key, key_len); + else { + GOSTerr(GOST_F_PKEY_GOST_ENCRYPT, ERR_R_INTERNAL_ERROR); + return -1; + } +} + /* * EVP_PKEY_METHOD callback decrypt * Implementation of GOST2001/12 key transport, cryptopro variation */ -int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, +static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, const unsigned char *in, size_t in_len) { @@ -528,7 +542,7 @@ int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, * EVP_PKEY_METHOD callback decrypt * Implementation of GOST2018 key transport */ -int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, +static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, const unsigned char *in, size_t in_len) { @@ -539,7 +553,7 @@ int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, int ret = 0; unsigned char expkeys[64]; EVP_PKEY *eph_key = NULL; - int pkey_nid = EVP_PKEY_base_id(eph_key); + int pkey_nid = EVP_PKEY_base_id(priv); int mac_nid = NID_undef; int iv_len = 0; @@ -570,7 +584,17 @@ int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, } eph_key = X509_PUBKEY_get(pst->ephem_key); +/* + * TODO beldmit + 1. Checks the next three conditions fulfilling and terminates the + connection with fatal error if not. + + o Q_eph is on the same curve as server public key; + o Q_eph is not equal to zero point; + + o q * Q_eph is not equal to zero point. +*/ if (gost_keg(data->shared_ukm, pkey_nid, EC_KEY_get0_public_key(EVP_PKEY_get0(eph_key)), EVP_PKEY_get0(priv), expkeys) <= 0) { @@ -593,3 +617,17 @@ int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, PSKeyTransport_gost_free(pst); return ret; } + +int pkey_gost_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, + size_t *key_len, const unsigned char *in, size_t in_len) +{ + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); + if (data->shared_ukm == NULL || data->shared_ukm_size == 8) + return pkey_GOST_ECcp_decrypt(pctx, key, key_len, in, in_len); + else if (data->shared_ukm_size == 32) + return pkey_gost2018_decrypt(pctx, key, key_len, in, in_len); + else { + GOSTerr(GOST_F_PKEY_GOST_DECRYPT, ERR_R_INTERNAL_ERROR); + return -1; + } +}