X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=gost_ec_keyx.c;h=a32f4fd979bd3a5def022fa97937206f0dfcb5d3;hb=a430c355a1d2eff5df6c96c7b6f928a609c2dd73;hp=2dd0d3ad11939bb797ed93e69cc8b56f1187e8a9;hpb=cba16944bff9d8c5dcf37be641822cd3de6d2ec1;p=openssl-gost%2Fengine.git diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 2dd0d3a..a32f4fd 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -8,6 +8,7 @@ * Requires OpenSSL 0.9.9 for compilation * **********************************************************************/ #include +#include #include #include #include @@ -21,29 +22,28 @@ static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size, const EC_POINT *pub_key, EC_KEY *priv_key, const unsigned char *ukm, int dgst_nid) { - unsigned char *databuf = NULL, *hashbuf = NULL; + unsigned char *databuf = NULL; BIGNUM *UKM = NULL, *p = NULL, *order = NULL, *X = NULL, *Y = NULL; const BIGNUM *key = EC_KEY_get0_private_key(priv_key); EC_POINT *pnt = EC_POINT_new(EC_KEY_get0_group(priv_key)); - int i; BN_CTX *ctx = BN_CTX_new(); - EVP_MD_CTX mdctx; - const EVP_MD *md; + EVP_MD_CTX *mdctx = NULL; + const EVP_MD *md = NULL; int effective_dgst_nid = (dgst_nid == NID_id_GostR3411_2012_512) ? NID_id_GostR3411_2012_256 : dgst_nid; int buf_len = (dgst_nid == NID_id_GostR3411_2012_512) ? 128 : 64, half_len = buf_len >> 1; + int ret = 0; if (!ctx) { - GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_NO_MEMORY); + GOSTerr(GOST_F_VKO_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); return 0; } BN_CTX_start(ctx); - databuf = OPENSSL_malloc(buf_len); - hashbuf = OPENSSL_malloc(buf_len); - if (!databuf || !hashbuf) { - GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_MALLOC_FAILURE); + databuf = OPENSSL_zalloc(buf_len); + if (!databuf) { + GOSTerr(GOST_F_VKO_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); goto err; } @@ -60,7 +60,10 @@ static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size, Y = BN_CTX_get(ctx); EC_GROUP_get_order(EC_KEY_get0_group(priv_key), order, ctx); BN_mod_mul(p, key, UKM, order, ctx); - EC_POINT_mul(EC_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx); + if (!EC_POINT_mul(EC_KEY_get0_group(priv_key), pnt, NULL, pub_key, p, ctx)) { + GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_ERROR_POINT_MUL); + goto err; + } EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(priv_key), pnt, X, Y, ctx); /* @@ -69,25 +72,31 @@ static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size, store_bignum(Y, databuf, half_len); store_bignum(X, databuf + half_len, half_len); /* And reverse byte order of whole buffer */ - for (i = 0; i < buf_len; i++) { - hashbuf[buf_len - 1 - i] = databuf[i]; + BUF_reverse(databuf, NULL, buf_len); + + mdctx = EVP_MD_CTX_new(); + if (!mdctx) { + GOSTerr(GOST_F_VKO_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); + goto err; } - EVP_MD_CTX_init(&mdctx); - EVP_DigestInit_ex(&mdctx, md, NULL); - EVP_DigestUpdate(&mdctx, hashbuf, buf_len); - EVP_DigestFinal_ex(&mdctx, shared_key, NULL); - EVP_MD_CTX_cleanup(&mdctx); + EVP_MD_CTX_init(mdctx); + EVP_DigestInit_ex(mdctx, md, NULL); + EVP_DigestUpdate(mdctx, databuf, buf_len); + EVP_DigestFinal_ex(mdctx, shared_key, NULL); + ret = 32; + err: BN_free(UKM); BN_CTX_end(ctx); BN_CTX_free(ctx); + EC_POINT_free(pnt); - if (databuf) - OPENSSL_free(databuf); - if (hashbuf) - OPENSSL_free(hashbuf); - return 32; + EVP_MD_CTX_free(mdctx); + + OPENSSL_free(databuf); + + return ret; } /* @@ -113,7 +122,7 @@ int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) if (key == NULL) { *keylen = 32; - return 32; + return 1; } EVP_PKEY_get_default_digest_nid(my_key, &dgst_nid); @@ -126,10 +135,6 @@ int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) return (*keylen) ? 1 : 0; } -/* - * EVP_PKEY_METHOD callback encrypt - * Implementation of GOST2001 key transport, cryptocom variation - */ /* * Generates ephemeral key based on pubk algorithm computes shared key using * VKO and returns filled up GOST_KEY_TRANSPORT structure @@ -163,8 +168,7 @@ int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, } else if (out) { if (RAND_bytes(ukm, 8) <= 0) { - GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, - GOST_R_RANDOM_GENERATOR_FAILURE); + GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_RNG_ERROR); return 0; } } @@ -180,16 +184,18 @@ int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, key_is_ephemeral = 1; if (out) { sec_key = EVP_PKEY_new(); - EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new()); - EVP_PKEY_copy_parameters(sec_key, pubk); - if (!gost_ec_keygen(EVP_PKEY_get0(sec_key))) { + if (!EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new()) + || !EVP_PKEY_copy_parameters(sec_key, pubk) + || !gost_ec_keygen(EVP_PKEY_get0(sec_key))) { + GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, + GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; } } } if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list) { - param = gost_cipher_list + 1; + param = gost_cipher_list; } if (out) { int dgst_nid = NID_undef; @@ -229,7 +235,7 @@ int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); - if (key_is_ephemeral && sec_key) + if (key_is_ephemeral) EVP_PKEY_free(sec_key); if (!key_is_ephemeral) { /* Set control "public key from client certificate used" */ @@ -244,7 +250,7 @@ int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, GOST_KEY_TRANSPORT_free(gkt); return ret; err: - if (key_is_ephemeral && sec_key) + if (key_is_ephemeral) EVP_PKEY_free(sec_key); GOST_KEY_TRANSPORT_free(gkt); return -1; @@ -331,9 +337,7 @@ int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, ret = 1; err: - if (eph_key) - EVP_PKEY_free(eph_key); - if (gkt) - GOST_KEY_TRANSPORT_free(gkt); + EVP_PKEY_free(eph_key); + GOST_KEY_TRANSPORT_free(gkt); return ret; }