--- /dev/null
+newnids.*
+Makefile
+Makefile.in
+test/Makefile.in
+test/Makefile
+test/tests.err
+core
+*/core
+*.o
+*.lo
+*.la
+.deps
+.libs
+tags
+aclocal.m4
+autom4te.cache/
+config.guess
+config.h
+config.log
+config.status
+config.sub
+configure
+depcomp
+install-sh
+libtool
+ltmain.sh
+missing
+stamp-h1
+*.swp
+++ /dev/null
-DIR=ccgost
-TOP=../..
-CC=cc
-INCLUDES= -I../../include
-CFLAG=-g
-MAKEFILE= Makefile
-AR= ar r
-CFLAGS= $(INCLUDES) $(CFLAG)
-LIB=$(TOP)/libcrypto.a
-
-LIBSRC= gost_md2012.c gosthash2012.c gost_ec_sign.c gost_ec_keyx.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c
-
-LIBOBJ= gost_md2012.o gosthash2012.o e_gost_err.o gost_ec_keyx.o gost_ec_sign.o gost89.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o
-
-SRC=$(LIBSRC)
-
-LIBNAME=gost
-
-top:
- (cd $(TOP); $(MAKE) DIRS=engines sub_all)
-
-all: lib
-
-tags:
- ctags $(SRC)
-
-errors:
- $(PERL) ../../util/mkerr.pl -conf gost.ec -nostatic -write $(SRC)
-
-lib: $(LIBOBJ)
- if [ -n "$(SHARED_LIBS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile.shared -e \
- LIBNAME=$(LIBNAME) \
- LIBEXTRAS='$(LIBOBJ)' \
- LIBDEPS='-L$(TOP) -lcrypto' \
- link_o.$(SHLIB_TARGET); \
- else \
- $(AR) $(LIB) $(LIBOBJ); \
- fi
- @touch lib
-
-install:
- [ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- echo installing $(LIBNAME); \
- pfx=lib; \
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- sfx=".so"; \
- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- else \
- case "$(CFLAGS)" in \
- *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
- *DSO_DL*) sfx=".sl";; \
- *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- *) sfx=".bad";; \
- esac; \
- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
- fi
-
-tests:
-
-update: local_depend
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-depend: local_depend
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-local_depend:
- @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.sl *.dll *.dylib
-
-gostsum$(EXE_EXT): gostsum.o gosthash.o gost89.o
-
-gost12sum$(EXE_EXT): gost12sum.o gosthash2012.o
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-gost89.o: gost89.c gost89.h
-gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-gost_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-gost_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-gost_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-gost_ameth.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-gost_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-gost_ameth.o: ../../include/openssl/opensslconf.h
-gost_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
-gost_ameth.o: gost_ameth.c gost_lcl.h gosthash.h
-gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-gost_asn1.o: ../../include/openssl/opensslconf.h
-gost_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-gost_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost_asn1.o: ../../include/openssl/x509_vfy.h gost89.h gost_asn1.c gost_lcl.h
-gost_asn1.o: gosthash.h
-gost_crypt.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_crypt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_crypt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_crypt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_crypt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_crypt.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_crypt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost_crypt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost_crypt.o: ../../include/openssl/objects.h
-gost_crypt.o: ../../include/openssl/opensslconf.h
-gost_crypt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_crypt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-gost_crypt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-gost_crypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-gost_crypt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost_crypt.o: e_gost_err.h gost89.h gost_crypt.c gost_lcl.h gosthash.h
-gost_ctl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_ctl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_ctl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_ctl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_ctl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_ctl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_ctl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost_ctl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost_ctl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-gost_ctl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_ctl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-gost_ctl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost_ctl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost_ctl.o: ../../include/openssl/x509_vfy.h gost89.h gost_ctl.c gost_lcl.h
-gost_ctl.o: gosthash.h
-gost_ec_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_ec_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_ec_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_ec_keyx.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_ec_keyx.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_ec_keyx.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_ec_keyx.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost_ec_keyx.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-gost_ec_keyx.o: ../../include/openssl/opensslconf.h
-gost_ec_keyx.o: ../../include/openssl/opensslv.h
-gost_ec_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-gost_ec_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-gost_ec_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost_ec_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost_ec_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
-gost_ec_keyx.o: gost_ec_keyx.c gost_keywrap.h gost_lcl.h gosthash.h
-gost_ec_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_ec_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_ec_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_ec_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_ec_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_ec_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_ec_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost_ec_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost_ec_sign.o: ../../include/openssl/objects.h
-gost_ec_sign.o: ../../include/openssl/opensslconf.h
-gost_ec_sign.o: ../../include/openssl/opensslv.h
-gost_ec_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-gost_ec_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-gost_ec_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost_ec_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost_ec_sign.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
-gost_ec_sign.o: gost_ec_sign.c gost_lcl.h gosthash.h
-gost_eng.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_eng.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-gost_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-gost_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost_eng.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h gost_eng.c
-gost_eng.o: gost_lcl.h gosthash.h
-gost_keywrap.o: gost89.h gost_keywrap.c gost_keywrap.h
-gost_md.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_md.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_md.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_md.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_md.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-gost_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-gost_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-gost_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-gost_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-gost_md.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost_md.o: e_gost_err.h gost89.h gost_lcl.h gost_md.c gosthash.h
-gost_md2012.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-gost_md2012.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-gost_md2012.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h
-gost_md2012.o: ../../include/openssl/objects.h
-gost_md2012.o: ../../include/openssl/opensslconf.h
-gost_md2012.o: ../../include/openssl/opensslv.h
-gost_md2012.o: ../../include/openssl/ossl_typ.h
-gost_md2012.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-gost_md2012.o: ../../include/openssl/symhacks.h gost_md2012.c gosthash2012.h
-gost_md2012.o: gosthash2012_const.h gosthash2012_precalc.h gosthash2012_sse2.h
-gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_params.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_params.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_params.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_params.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_params.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_params.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost_params.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-gost_params.o: ../../include/openssl/opensslconf.h
-gost_params.o: ../../include/openssl/opensslv.h
-gost_params.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-gost_params.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-gost_params.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost_params.o: gost89.h gost_lcl.h gost_params.c gosthash.h
-gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-gost_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-gost_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-gost_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-gost_pmeth.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-gost_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-gost_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-gost_pmeth.o: ../../include/openssl/opensslconf.h
-gost_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_pmeth.c gosthash.h
-gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost_sign.o: ../../include/openssl/objects.h
-gost_sign.o: ../../include/openssl/opensslconf.h
-gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-gost_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-gost_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-gost_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-gost_sign.o: e_gost_err.h gost89.h gost_lcl.h gost_sign.c gosthash.h
-gosthash.o: gost89.h gosthash.c gosthash.h
-gosthash2012.o: gosthash2012.c gosthash2012.h gosthash2012_const.h
-gosthash2012.o: gosthash2012_precalc.h gosthash2012_sse2.h
--- /dev/null
+enginedir=@ENGINEDIR@
+PERL=@PERL@
+srcdir=.
+lib_LTLIBRARIES=libgost.la
+libgost_enginedir=$(enginedir)
+libgost_la_includedir=$(includedir)/openssl
+libgost_la_include_HEADERS=e_gost_err.h gost89.h gosthash2012_const.h gosthash2012.h gosthash2012_precalc.h gosthash2012_ref.h gosthash2012_sse2.h gosthash.h gost_keywrap.h gost_lcl.h newnids.h
+libgost_la_SOURCES=e_gost_err.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_ec_keyx.c gost_ec_sign.c gost_eng.c gosthash2012.c gosthash.c gost_keywrap.c gost_md2012.c gost_md.c gost_params.c gost_pmeth.c newnids.c obj_create.c
+
+.PHONY: test
+
+install-data-hook:
+ rm -f $(DESTDIR)$(enginedir)/*.a $(DESTDIR)$(enginedir)/*.la
+
+newnids.c newnids.h: mkobj.pl gost_obj.txt
+ $(PERL) mkobj.pl
+
+test:
+ $(MAKE) -C test test
It has 256-bit symmetric key and only 32 bits of MAC value
(while HMAC has same key size and value size).
+ Really, this algorithm supports from 8 to 64 bits of the MAC value
+
It is implemented as combination of EVP_PKEY type and EVP_MD type.
USAGE OF THESE ALGORITHMS
implementation of this mac) and OpenSSL is clever enough to find out
this.
+ Following mac options are supported:
+
+ key:(32 bytes of key)
+
+ hexkey:(64 hexadecimal digits of key)
+
+ Engine support calculation of mac with size different from default 32
+ bits. You can set mac size to any value from 1 to 8 bytes using
+
+ -sigopt size:(number from 1 to 8 - mac size in bytes)
+
+ (dgst command uses different EVP_PKEY_CTX for initialization and for
+ finalization of MAC. Option of first are set via -macopt, and for
+ second via -sigopt. Key should be set during initialization and size
+ during finalization. If you use API functions
+ EVP_DigestSignInit/EVP_DigestSignFinal, you can set both options at
+ the same time).
+
Encryption with GOST 28147 CFB mode
openssl enc -gost89 -out encrypted-file -in plain-text-file -k <passphrase>
Encryption with GOST 28147 CNT mode
openssl enc -gost89-cnt -out encrypted-file -in plain-text-file -k <passphrase>
-
+ Encryption with GOST 28147 CBC mode
+ openssl enc -gost89-cbc -out encrypted-file -in plain-text-file -k <passphrase>
6. Encrypting private keys and PKCS12
openssl speed -evp gost89
openssl speed -evp gost89-cnt
+ openssl speed -evp gost89-cbc
PROGRAMMING INTERFACES DETAILS
--- /dev/null
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `crypto' library (-lcrypto). */
+#undef HAVE_LIBCRYPTO
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#undef LT_OBJDIR
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Version number of package */
+#undef VERSION
--- /dev/null
+AC_PREREQ(2.63)
+AC_INIT([libgost],[1.0.2],[openssl-gost@lists.wagner.pp.ru])
+AC_CONFIG_SRCDIR([./gost_eng.c])
+AM_INIT_AUTOMAKE([foreign])
+AC_CONFIG_HEADERS([config.h])
+LT_INIT
+
+ENGINEDIR=$libdir/ssl/engines
+AC_ARG_WITH([enginedir],
+ [AS_HELP_STRING([--with-enginedir],[specify location of OpenSSL engines])],
+ [ENGINEDIR="$withval"])
+AC_SUBST(ENGINEDIR)
+
+# Checks for programs.
+AC_PROG_CC
+AC_PROG_INSTALL
+AC_PROG_LIBTOOL
+AC_CHECK_PROG([PERL],[perl],[perl],[AC_MSG_ERROR([*** perl not found])])
+# Checks for libraries.
+AC_CHECK_LIB([crypto], [ENGINE_new], [], [AC_MSG_ERROR([*** libcrypto not found])])
+AC_CONFIG_FILES([Makefile test/Makefile])
+AC_OUTPUT
{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"},
{ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"},
{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"},
+ {ERR_REASON(GOST_R_INVALID_MAC_KEY_SIZE) ,"invalid mac key size"},
+ {ERR_REASON(GOST_R_INVALID_MAC_SIZE) ,"invalid mac size"},
{ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"},
{ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED), "key is not initalized"},
{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"},
# define GOST_R_INVALID_DIGEST_TYPE 110
# define GOST_R_INVALID_IV_LENGTH 111
# define GOST_R_INVALID_MAC_KEY_LENGTH 112
+# define GOST_R_INVALID_MAC_KEY_SIZE 145
+# define GOST_R_INVALID_MAC_SIZE 146
# define GOST_R_INVALID_PARAMSET 113
# define GOST_R_KEY_IS_NOT_INITALIZED 114
# define GOST_R_KEY_IS_NOT_INITIALIZED 115
if (!pk)
return -1;
- switch (EVP_PKEY_base_id(pk)) {
- case NID_id_GostR3410_2001:
- case NID_id_GostR3410_2012_256:
+ int id= (EVP_PKEY_base_id(pk));
+ if ( id == NID_id_GostR3410_2001 ||id == NID_gost2012_256)
return 256;
- case NID_id_GostR3410_2012_512:
+ if (id == NID_gost2012_512)
return 512;
- }
return -1;
}
ASN1_STRING *params = ASN1_STRING_new();
GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
int pkey_param_nid = NID_undef;
+ int base_id = EVP_PKEY_base_id(key);
void *key_ptr = EVP_PKEY_get0((EVP_PKEY *)key);
int result = 0;
GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE);
goto err;
}
- switch (EVP_PKEY_base_id(key)) {
- case NID_id_GostR3410_2012_256:
+ if (base_id == NID_gost2012_256) {
pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
- gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_256);
- break;
- case NID_id_GostR3410_2012_512:
+ gkp->hash_params = OBJ_nid2obj(NID_md_gost12_256);
+ } else if (base_id == NID_gost2012_512) {
pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
- gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512);
- break;
- case NID_id_GostR3410_2001:
+ gkp->hash_params = OBJ_nid2obj(NID_md_gost12_512);
+ } else if (base_id == NID_id_GostR3410_2001) {
pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr));
gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
- break;
}
if (pkey_param_nid == NID_undef) {
{
void *key_ptr = EVP_PKEY_get0(pkey);
- switch (pkey_nid) {
- case NID_id_GostR3410_2012_256:
- case NID_id_GostR3410_2012_512:
- case NID_id_GostR3410_2001:
+ if (pkey_nid == NID_gost2012_256 ||
+ pkey_nid == NID_gost2012_512 ||
+ pkey_nid == NID_id_GostR3410_2001) {
if (!key_ptr) {
key_ptr = EC_KEY_new();
if (!EVP_PKEY_assign(pkey, pkey_nid, key_ptr)) {
EC_KEY_free(key_ptr);
- break;
+ return 0;
}
}
return fill_GOST_EC_params(key_ptr, param_nid);
static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv)
{
- switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_2012_512:
- case NID_id_GostR3410_2012_256:
- case NID_id_GostR3410_2001:
+ int id = EVP_PKEY_base_id(pkey);
+
+ if (id == NID_gost2012_512 ||
+ id == NID_gost2012_256 ||
+ id == NID_id_GostR3410_2001)
{
EC_KEY *ec = EVP_PKEY_get0(pkey);
if (!ec) {
return 0;
if (!EVP_PKEY_missing_parameters(pkey))
gost_ec_compute_public(ec);
- break;
+ return 1;
}
- default:
- return 0;
- }
- return 1;
+ return 0;
}
BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
{
- switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_2012_512:
- case NID_id_GostR3410_2012_256:
- case NID_id_GostR3410_2001:
- {
- EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
- if (ec)
- return (BIGNUM *)EC_KEY_get0_private_key(ec);
- break;
- }
- }
+ int id =EVP_PKEY_base_id(pkey);
+
+ if (id == NID_gost2012_512 ||
+ id == NID_gost2012_256||
+ id == NID_id_GostR3410_2001)
+ {
+ EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
+ if (ec)
+ return (BIGNUM *)EC_KEY_get0_private_key(ec);
+ }
return NULL;
}
int nid = EVP_PKEY_base_id(pkey), md_nid = NID_undef;
X509_ALGOR *alg1 = NULL, *alg2 = NULL;
- switch (nid) {
- case NID_id_GostR3410_2012_512:
- md_nid = NID_id_GostR3411_2012_512;
- break;
- case NID_id_GostR3410_2012_256:
- md_nid = NID_id_GostR3411_2012_256;
- break;
- case NID_id_GostR3410_2001:
- case NID_id_GostR3410_94:
+ if (nid == NID_gost2012_512) {
+ md_nid = NID_md_gost12_512;
+ } else if (nid == NID_gost2012_256) {
+ md_nid = NID_md_gost12_256;
+ } else if (nid == NID_id_GostR3410_2001 ||
+ nid == NID_id_GostR3410_94) {
md_nid = NID_id_GostR3411_94;
- break;
- default:
+ } else {
return -1;
}
static int pkey_size_gost(const EVP_PKEY *pk)
{
- if (!pk)
+ int id;
+ if (!pk)
return -1;
-
- switch (EVP_PKEY_base_id(pk)) {
- case NID_id_GostR3410_94:
- case NID_id_GostR3410_2001:
- case NID_id_GostR3410_2012_256:
+ id = EVP_PKEY_base_id(pk);
+ if (id == NID_id_GostR3410_94 ||
+ id == NID_id_GostR3410_2001 ||
+ id ==NID_gost2012_256 )
+ {
return 64;
- case NID_id_GostR3410_2012_512:
+ } else if (id == NID_gost2012_512) {
return 128;
- }
+ }
return -1;
}
*ameth = EVP_PKEY_asn1_new(nid, ASN1_PKEY_SIGPARAM_NULL, pemstr, info);
if (!*ameth)
return 0;
- switch (nid) {
- case NID_id_GostR3410_2001:
+ if (nid == NID_id_GostR3410_2001) {
EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec);
EVP_PKEY_asn1_set_private(*ameth,
priv_decode_gost, priv_encode_gost,
pkey_size_gost, pkey_bits_gost);
EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
- break;
- case NID_id_GostR3410_2012_256:
- case NID_id_GostR3410_2012_512:
+ } else if (nid == NID_gost2012_256 || nid == NID_gost2012_512) {
EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec);
EVP_PKEY_asn1_set_private(*ameth,
priv_decode_gost, priv_encode_gost,
pkey_size_gost, pkey_bits_gost);
EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost);
- break;
- case NID_id_Gost28147_89_MAC:
+ } else if (nid == NID_id_Gost28147_89_MAC) {
EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost);
- break;
- case NID_gost_mac_12:
+ } else if (nid == NID_gost_mac_12) {
EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost_12);
- break;
}
return 1;
}
static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
+static int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx,
/* Handles block of data in CFB mode */
static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
+/* Handles block of data in CBC mode */
+static int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl);
/* Handles block of data in CNT mode */
static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl);
NULL,
};
+EVP_CIPHER cipher_gost_cbc =
+ {
+#ifdef NID_gost89_cbc
+ NID_gost89_cbc
+#else
+ NID_undef
+#endif
+ ,
+ 8,/*block_size*/
+ 32,/*key_size*/
+ 8,/*iv_len */
+ EVP_CIPH_CBC_MODE|
+ EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT,
+ gost_cipher_init_cbc,
+ gost_cipher_do_cbc,
+ gost_cipher_cleanup,
+ sizeof(struct ossl_gost_cipher_ctx),/* ctx_size */
+ gost89_set_asn1_parameters,
+ gost89_get_asn1_parameters,
+ gost_cipher_ctl,
+ NULL,
+ };
+
EVP_CIPHER cipher_gost_cpacnt = {
NID_gost89_cnt,
1, /* block_size */
};
EVP_CIPHER cipher_gost_cpcnt_12 = {
- NID_gost89_cnt_12,
+#ifdef NID_gost89_cnt_12
+ NID_gost89_cnt_12
+#else
+ NID_undef
+#endif
+ ,
1, /* block_size */
32, /* key_size */
8, /* iv_len */
};
EVP_MD imit_gost_cp_12 = {
- NID_gost_mac_12,
+#ifdef NID_gost_mac_12
+ NID_gost_mac_12
+#else
+ NID_undef
+#endif
+ ,
NID_undef,
4,
0,
1},
{NID_id_Gost28147_89_CryptoPro_D_ParamSet, &Gost28147_CryptoProParamSetD,
1},
- {NID_id_tc26_gost_28147_param_Z, &Gost28147_TC26ParamSetZ, 1},
+ {NID_undef/*,NID_id_tc26_gost_28147_param_Z*/, &Gost28147_TC26ParamSetZ, 1},
{NID_id_Gost28147_89_TestParamSet, &Gost28147_TestParamSet, 1},
{NID_undef, NULL, 0}
};
EVP_CIPH_CFB_MODE);
}
+/* Initializes EVP_CIPHER_CTX with default values */
+int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ return gost_cipher_init_param(ctx, key, iv, enc, NID_undef,
+ EVP_CIPH_CBC_MODE);
+}
+
+
/*
* Wrapper around gostcrypt function from gost89.c which perform key meshing
* when nesseccary
c->count = c->count % 1024 + 8;
}
+/* GOST encryptoon in CBC mode */
+int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t inl)
+ {
+ OPENSSL_assert(inl % 8 ==0);
+ unsigned char b[8];
+ const unsigned char *in_ptr=in;
+ unsigned char *out_ptr=out;
+ int i;
+ struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
+ if (ctx->encrypt)
+ {
+ while(inl>0)
+ {
+ for (i=0;i<8;i++)
+ {
+ b[i]=ctx->iv[i]^in_ptr[i];
+ }
+ gostcrypt(&(c->cctx),b,out_ptr);
+ memcpy(ctx->iv,out_ptr,8);
+ out_ptr+=8;
+ in_ptr+=8;
+ inl-=8;
+ }
+ }
+ else
+ {
+ while (inl>0) {
+ gostdecrypt(&(c->cctx),in_ptr,b);
+ for (i=0;i<8;i++)
+ {
+ out_ptr[i]=ctx->iv[i]^b[i];
+ }
+ memcpy(ctx->iv,in_ptr,8);
+ out_ptr+=8;
+ in_ptr+=8;
+ inl-=8;
+ }
+ }
+ return 1;
+ }
/* GOST encryption in CFB mode */
int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t inl)
c->count = 0;
c->bytes_left = 0;
c->key_meshing = 1;
+ c->dgst_size = 4;
gost_init(&(c->cctx), block);
return 1;
}
}
mac_block_mesh(c, c->partial_block);
}
- get_mac(c->buffer, 32, md);
+ get_mac(c->buffer, 8 * c->dgst_size, md);
return 1;
}
case EVP_MD_CTRL_SET_KEY:
{
if (arg != 32) {
- GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH);
+ GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE);
return 0;
}
return 1;
}
+ case EVP_MD_CTRL_MAC_LEN:
+ {
+ if (arg < 1 || arg > 8) {
+ GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE);
+ return 0;
+ }
+ struct ossl_gost_imit_ctx *c = ctx->md_data;
+ c->dgst_size=arg;
+ return 1;
+ }
+
default:
return 0;
}
BN_CTX *ctx = BN_CTX_new();
EVP_MD_CTX mdctx;
const EVP_MD *md;
- int effective_dgst_nid = (dgst_nid == NID_id_GostR3411_2012_512) ?
- NID_id_GostR3411_2012_256 : dgst_nid;
- int buf_len = (dgst_nid == NID_id_GostR3411_2012_512) ? 128 : 64,
+ int effective_dgst_nid = (dgst_nid == NID_md_gost12_512) ?
+ NID_md_gost12_256 : dgst_nid;
+ int buf_len = (dgst_nid == NID_md_gost12_512) ? 128 : 64,
half_len = buf_len >> 1;
if (!ctx) {
static int gost_cipher_nids[] = {
NID_id_Gost28147_89,
NID_gost89_cnt,
- NID_gost89_cnt_12,
+ NID_undef /*NID_gost89_cnt_12*/,
+ NID_undef /* NID_gost89_cbc */,
0
};
static int gost_digest_nids[] = {
NID_id_GostR3411_94,
NID_id_Gost28147_89_MAC,
- NID_id_GostR3411_2012_256,
- NID_id_GostR3411_2012_512,
- NID_gost_mac_12,
+ NID_undef /*NID_md_gost12_256*/,
+ NID_undef /*NID_md_gost12_512*/,
+ NID_undef /*NID_gost_mac_12*/,
0
};
static int gost_pkey_meth_nids[] = {
NID_id_GostR3410_2001,
NID_id_Gost28147_89_MAC,
- NID_id_GostR3410_2012_256,
- NID_id_GostR3410_2012_512,
- NID_gost_mac_12,
+ NID_undef /*NID_gost2012_256*/,
+ NID_undef /*NID_gost2012_512*/,
+ NID_undef /*NID_gost_mac_12*/,
0
};
return 1;
}
-
+extern int gost_define_nids(void);
static int bind_gost(ENGINE *e, const char *id)
{
int ret = 0;
if (id && strcmp(id, engine_gost_id))
return 0;
if (ameth_GostR3410_2001) {
- printf("GOST engine already loaded\n");
- goto end;
+ /* Engine already loaded */
+ return 1;
}
+ if (!gost_define_nids()) {
+ return 0;
+ }
+ /* Set up nids which might be undefined in the core object database */
+ /* Arrays of algoritmhs */
+ gost_cipher_nids[1]=NID_gost89_cnt;
+ gost_cipher_nids[2]=NID_gost89_cnt_12;
+ gost_cipher_nids[3]=NID_gost89_cbc;
+ gost_digest_nids[2]=NID_md_gost12_256;
+ gost_digest_nids[3]=NID_md_gost12_512;
+ gost_digest_nids[4]=NID_gost_mac_12;
+ gost_pkey_meth_nids[2]=NID_gost2012_256;
+ gost_pkey_meth_nids[3]=NID_gost2012_512;
+ gost_pkey_meth_nids[4]=NID_gost_mac_12;
+ /* EVP_CIPHERs */
+ cipher_gost_cbc.nid = NID_gost89_cbc;
+ cipher_gost_cpcnt_12.nid = NID_gost89_cnt_12;
+ /* EVP_MDs */
+ digest_gost2012_512.type = NID_md_gost12_512;
+ digest_gost2012_256.type = NID_md_gost12_256;
+ imit_gost_cp_12.type = NID_gost_mac_12;
+ /* Algorithm parameters */
+ R3410_2012_512_paramset[0].nid = NID_id_tc26_gost_3410_2012_512_paramSetA;
+ R3410_2012_512_paramset[1].nid = NID_id_tc26_gost_3410_2012_512_paramSetB;
+
if (!ENGINE_set_id(e, engine_gost_id)) {
- printf("ENGINE_set_id failed\n");
+ fprintf(stderr,"ENGINE_set_id failed\n");
goto end;
}
if (!ENGINE_set_name(e, engine_gost_name)) {
- printf("ENGINE_set_name failed\n");
+ fprintf(stderr,"ENGINE_set_name failed\n");
goto end;
}
if (!ENGINE_set_digests(e, gost_digests)) {
- printf("ENGINE_set_digests failed\n");
+ fprintf(stderr,"ENGINE_set_digests failed\n");
goto end;
}
if (!ENGINE_set_ciphers(e, gost_ciphers)) {
- printf("ENGINE_set_ciphers failed\n");
+ fprintf(stderr,"ENGINE_set_ciphers failed\n");
goto end;
}
if (!ENGINE_set_pkey_meths(e, gost_pkey_meths)) {
- printf("ENGINE_set_pkey_meths failed\n");
+ fprintf(stderr,"ENGINE_set_pkey_meths failed\n");
goto end;
}
if (!ENGINE_set_pkey_asn1_meths(e, gost_pkey_asn1_meths)) {
- printf("ENGINE_set_pkey_asn1_meths failed\n");
+ fprintf(stderr,"ENGINE_set_pkey_asn1_meths failed\n");
goto end;
}
/* Control function and commands */
"GOST R 34.10-2001"))
goto end;
if (!register_ameth_gost
- (NID_id_GostR3410_2012_256, &ameth_GostR3410_2012_256, "GOST2012_256",
+ (NID_gost2012_256, &ameth_GostR3410_2012_256, "GOST2012_256",
"GOST R 34.10-2012 with 256 bit key"))
goto end;
if (!register_ameth_gost
- (NID_id_GostR3410_2012_512, &ameth_GostR3410_2012_512, "GOST2012_512",
+ (NID_gost2012_512, &ameth_GostR3410_2012_512, "GOST2012_512",
"GOST R 34.10-2012 with 512 bit key"))
goto end;
if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC,
goto end;
if (!register_pmeth_gost
- (NID_id_GostR3410_2012_256, &pmeth_GostR3410_2012_256, 0))
+ (NID_gost2012_256, &pmeth_GostR3410_2012_256, 0))
goto end;
if (!register_pmeth_gost
- (NID_id_GostR3410_2012_512, &pmeth_GostR3410_2012_512, 0))
+ (NID_gost2012_512, &pmeth_GostR3410_2012_512, 0))
goto end;
if (!register_pmeth_gost
(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
|| !ENGINE_register_pkey_meths(e)
/* These two actually should go in LIST_ADD command */
|| !EVP_add_cipher(&cipher_gost)
+ || !EVP_add_cipher(&cipher_gost_cbc)
|| !EVP_add_cipher(&cipher_gost_cpacnt)
|| !EVP_add_cipher(&cipher_gost_cpcnt_12)
|| !EVP_add_digest(&digest_gost)
}
if (nid == NID_id_GostR3411_94) {
*digest = &digest_gost;
- } else if (nid == NID_id_GostR3411_2012_256) {
+ } else if (nid == NID_md_gost12_256) {
*digest = &digest_gost2012_256;
- } else if (nid == NID_id_GostR3411_2012_512) {
+ } else if (nid == NID_md_gost12_512) {
*digest = &digest_gost2012_512;
} else if (nid == NID_id_Gost28147_89_MAC) {
*digest = &imit_gost_cpa;
int ok = 1;
if (!cipher) {
*nids = gost_cipher_nids;
- return 3; /* three ciphers are supported */
+ return 4; /* four ciphers are supported */
}
if (nid == NID_id_Gost28147_89) {
*cipher = &cipher_gost_cpacnt;
} else if (nid == NID_gost89_cnt_12) {
*cipher = &cipher_gost_cpcnt_12;
+ } else if (nid == NID_gost89_cbc) {
+ *cipher = &cipher_gost_cbc;
} else {
ok = 0;
*cipher = NULL;
return sizeof(gost_pkey_meth_nids)/sizeof(int) - 1;
}
- switch (nid) {
- case NID_id_GostR3410_2001:
+ if (nid == NID_id_GostR3410_2001) {
*pmeth = pmeth_GostR3410_2001;
return 1;
- case NID_id_GostR3410_2012_256:
+ }
+ if (nid == NID_gost2012_256) {
*pmeth = pmeth_GostR3410_2012_256;
return 1;
- case NID_id_GostR3410_2012_512:
+ }
+ if (nid == NID_gost2012_512) {
*pmeth = pmeth_GostR3410_2012_512;
return 1;
- case NID_id_Gost28147_89_MAC:
+ }
+ if (nid == NID_id_Gost28147_89_MAC) {
*pmeth = pmeth_Gost28147_MAC;
return 1;
- case NID_gost_mac_12:
+ }
+ if (nid == NID_gost_mac_12) {
*pmeth = pmeth_Gost28147_MAC_12;
return 1;
-
- default:;
- }
-
+ }
*pmeth = NULL;
return 0;
}
*nids = gost_pkey_meth_nids;
return sizeof(gost_pkey_meth_nids)/sizeof(int) - 1;
}
- switch (nid) {
- case NID_id_GostR3410_2001:
+ if (nid == NID_id_GostR3410_2001) {
*ameth = ameth_GostR3410_2001;
return 1;
- case NID_id_GostR3410_2012_256:
+ }
+ if (nid == NID_gost2012_256) {
*ameth = ameth_GostR3410_2012_256;
return 1;
- case NID_id_GostR3410_2012_512:
+ }
+ if (nid == NID_gost2012_512) {
*ameth = ameth_GostR3410_2012_512;
return 1;
- case NID_id_Gost28147_89_MAC:
+ }
+ if (nid == NID_id_Gost28147_89_MAC) {
*ameth = ameth_Gost28147_MAC;
return 1;
- case NID_gost_mac_12:
+ }
+ if (nid == NID_gost_mac_12) {
*ameth = ameth_Gost28147_MAC_12;
return 1;
-
- default:;
- }
+ }
*ameth = NULL;
return 0;
# include <openssl/ec.h>
# include "gost89.h"
# include "gosthash.h"
+# include "newnids.h"
/* Control commands */
# define GOST_PARAM_CRYPT_PARAMS 0
# define GOST_PARAM_PBE_PARAMS 1
/* For GOST 28147 MAC */
# define key_ctrl_string "key"
# define hexkey_ctrl_string "hexkey"
+# define maclen_ctrl_string "size"
# define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3)
+# define EVP_PKEY_CTRL_MAC_LEN (EVP_PKEY_ALG_CTRL+5)
/* Pmeth internal representation */
struct gost_pmeth_data {
int sign_param_nid; /* Should be set whenever parameters are
};
struct gost_mac_pmeth_data {
- int key_set;
+ short int key_set;
+ short int mac_size;
EVP_MD *md;
unsigned char key[32];
};
int key_meshing;
int bytes_left;
int key_set;
+ int dgst_size;
};
/* Table which maps parameter NID to S-blocks */
extern struct gost_cipher_info gost_cipher_list[];
const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
extern EVP_CIPHER cipher_gost;
+extern EVP_CIPHER cipher_gost_cbc;
extern EVP_CIPHER cipher_gost_cpacnt;
extern EVP_CIPHER cipher_gost_cpcnt_12;
# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
+# define EVP_MD_CTRL_MAC_LEN (EVP_MD_CTRL_ALG_CTRL+5)
/* EVP_PKEY_METHOD key encryption callbacks */
/* From gost_ec_keyx.c */
int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
/* Returns pointer into EVP_PKEY structure */
BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey);
+int gost_add_obj(const char *oid, const char *sn, const char *ln);
+
#endif
const char micalg_512[] = "gostr3411-2012-512";
EVP_MD digest_gost2012_512 = {
- NID_id_GostR3411_2012_512,
+ NID_undef /* NID_md_gost12_512 */,
NID_undef,
64, /* digest size */
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
};
EVP_MD digest_gost2012_256 = {
- NID_id_GostR3411_2012_256,
+ NID_undef /*NID_md_gost12_256*/,
NID_undef,
32, /* digest size */
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
--- /dev/null
+# GOST 2012 OIDS
+1.2.643.7.1.1.1.1:gost2012_256:GOST R 34.10-2012 with 256 bit modulus
+1.2.643.7.1.1.1.2:gost2012_512:GOST R 34.10-2012 with 512 bit modulus
+1.2.643.7.1.1.2.2:md_gost12_256:GOST R 34.11-2012 with 256 bit hash
+1.2.643.7.1.1.2.3:md_gost12_512:GOST R 34.11-2012 with 512 bit hash
+1.2.643.7.1.1.3.2:id-tc26-signwithdigest-gost3410-2012-256:GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
+1.2.643.7.1.1.3.3:id-tc26-signwithdigest-gost3410-2012-512:GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)
+1.2.643.7.1.1.4.1:id-tc26-hmac-gost-3411-2012-256:HMAC GOST 34.11-2012 256 bit
+1.2.643.7.1.1.4.2:id-tc26-hmac-gost-3411-2012-512:HMAC GOST 34.11-2012 512 bit
+#1.2.643.7.1.1.5 # is cipher grop. No ciphers yet here
+1.2.643.7.1.1.6.1:id-tc26-agreement-gost-3410-2012-256
+1.2.643.7.1.1.6.2:id-tc26-agreement-gost-3410-2012-512
+1.2.643.7.1.2.1.2.0: id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
+1.2.643.7.1.2.1.2.1: id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
+1.2.643.7.1.2.1.2.2: id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+1.2.643.7.1.2.5.1.1:id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set
+# Additional GOST 28147-89 cipher modes
+1.2.643.2.2.21.2:gost89-cbc:
+1.2.643.2.2.21.3:gost89-ecb:
+1.2.643.2.2.21.4:gost89-ofb:
+1.2.643.2.2.21.5:gost89-cnt:
+1.2.643.2.2.21.6:gost89-cnt-12:
+1.2.643.2.2.22.2:gost-mac-12:
+# Russia-specific DN fields and X.509v3 extensions
+1.2.643.3.131.1.1:INN:Individual Fiscal Number
+1.2.643.100.1:OGRN:Main state registration number
+1.2.643.100.3:SNILS:Number of individual pension insurance account
+1.2.643.100.111:subjectSignTool: Signing tool of Subject
+1.2.643.100.112:issuerSignTool: Signig tool of Issuer
R3410_ec_params *R3410_2012_256_paramset = R3410_2001_paramset;
R3410_ec_params R3410_2012_512_paramset[] = {
- {NID_id_tc26_gost_3410_2012_512_paramSetA,
+ {0 /*NID_id_tc26_gost_3410_2012_512_paramSetA*/,
/* a */
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4",
"7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF16"
"26BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4"}
,
- {NID_id_tc26_gost_3410_2012_512_paramSetB,
+ {0 /* NID_id_tc26_gost_3410_2012_512_paramSetB*/,
/* a */
"8000000000000000000000000000000000000000000000000000000000000000"
"000000000000000000000000000000000000000000000000000000000000006C",
return 0;
memset(data, 0, sizeof(*data));
if (pkey && EVP_PKEY_get0(pkey)) {
- switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_2001:
- case NID_id_GostR3410_2012_256:
- case NID_id_GostR3410_2012_512:
+ int id = (EVP_PKEY_base_id(pkey));
+ if (id == NID_id_GostR3410_2001 ||
+ id == NID_gost2012_256 ||
+ id == NID_gost2012_512)
{
const EC_GROUP *group =
EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey));
if (group != NULL) {
data->sign_param_nid = EC_GROUP_get_curve_name(group);
- break;
}
- /* else */
}
- default:
+ else
+ {
OPENSSL_free(data);
return 0;
}
OPENSSL_assert(p2 != NULL);
- switch (EVP_MD_type((const EVP_MD *)p2)) {
- case NID_id_GostR3411_94:
+ int md_type = EVP_MD_type((const EVP_MD *)p2);
+ if (md_type == NID_id_GostR3411_94) {
if (pkey_nid == NID_id_GostR3410_2001
|| pkey_nid == NID_id_GostR3410_94) {
pctx->md = (EVP_MD *)p2;
return 1;
}
- break;
-
- case NID_id_GostR3411_2012_256:
- if (pkey_nid == NID_id_GostR3410_2012_256) {
+ } else if (md_type == NID_md_gost12_256) {
+ if (pkey_nid == NID_gost2012_256) {
pctx->md = (EVP_MD *)p2;
return 1;
}
- break;
-
- case NID_id_GostR3411_2012_512:
- if (pkey_nid == NID_id_GostR3410_2012_512) {
+ } else if ( md_type == NID_md_gost12_512) {
+ if (pkey_nid == NID_gost2012_512) {
pctx->md = (EVP_MD *)p2;
return 1;
}
- break;
}
GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE);
return 0;
}
- switch (data->sign_param_nid) {
- case NID_id_tc26_gost_3410_2012_512_paramSetA:
- case NID_id_tc26_gost_3410_2012_512_paramSetB:
+ if (data->sign_param_nid == NID_id_tc26_gost_3410_2012_512_paramSetA ||
+ data->sign_param_nid == NID_id_tc26_gost_3410_2012_512_paramSetB) {
result =
- (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0;
- break;
-
- case NID_id_GostR3410_2001_CryptoPro_A_ParamSet:
- case NID_id_GostR3410_2001_CryptoPro_B_ParamSet:
- case NID_id_GostR3410_2001_CryptoPro_C_ParamSet:
- case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet:
- case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet:
- case NID_id_GostR3410_2001_TestParamSet:
+ (EVP_PKEY_assign(pkey, NID_gost2012_512, ec)) ? 1 : 0;
+ } else
+ if (data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_A_ParamSet ||
+ data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_B_ParamSet ||
+ data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_C_ParamSet ||
+ data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet ||
+ data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet ||
+ data->sign_param_nid == NID_id_GostR3410_2001_TestParamSet) {
result =
- (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_256, ec)) ? 1 : 0;
- break;
- default:
- result = 0;
- break;
+ (EVP_PKEY_assign(pkey, NID_gost2012_256, ec)) ? 1 : 0;
}
if (result == 0)
DSA_SIG *unpacked_sig = NULL;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
int order = 0;
-
+ int id = EVP_PKEY_base_id(pkey);
if (!siglen)
return 0;
if (!pkey)
return 0;
- switch (EVP_PKEY_base_id(pkey)) {
- case NID_id_GostR3410_2001:
- case NID_id_GostR3410_2012_256:
+ if (id == NID_id_GostR3410_2001 ||
+ id == NID_gost2012_256) {
order = 64;
- break;
- case NID_id_GostR3410_2012_512:
+ } else if (id == NID_gost2012_512) {
order = 128;
- break;
- default:
+ } else {
return 0;
}
if (!data)
return 0;
memset(data, 0, sizeof(*data));
+ data->mac_size = 4;
EVP_PKEY_CTX_set_data(ctx, data);
return 1;
}
}
return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32, key);
}
+ case EVP_PKEY_CTRL_MAC_LEN:
+ {
+ if (p1<1 || p1>8)
+ {
+
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_INVALID_MAC_SIZE);
+ return 0;
+ }
+ data->mac_size = p1;
+ return 1;
+ }
}
return -2;
}
return ret;
}
+ if (!strcmp(type,maclen_ctrl_string)) {
+ char *endptr;
+ long size=strtol(value,&endptr,10);
+ if (*endptr!='\0') {
+ GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
+ GOST_R_INVALID_MAC_SIZE);
+ return 0;
+ }
+ return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN,size,NULL);
+ }
return -2;
}
{
unsigned int tmpsiglen;
int ret;
+ struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
if (!siglen)
return 0;
* sizeof(size_t) */
if (!sig) {
- *siglen = 4;
+ *siglen = data->mac_size;
return 1;
}
+
+ mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_MAC_LEN, data->mac_size, NULL);
ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen);
- *siglen = tmpsiglen;
+ *siglen = data->mac_size;
return ret;
}
if (!*pmeth)
return 0;
- switch (id) {
- case NID_id_GostR3410_2001:
+ if (id == NID_id_GostR3410_2001) {
EVP_PKEY_meth_set_ctrl(*pmeth,
pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
pkey_gost_derive_init, pkey_gost_ec_derive);
EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init,
pkey_gost2001_paramgen);
- break;
- case NID_id_GostR3410_2012_256:
+ } else if (id == NID_gost2012_256) {
EVP_PKEY_meth_set_ctrl(*pmeth,
pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256);
EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
EVP_PKEY_meth_set_paramgen(*pmeth,
pkey_gost_paramgen_init,
pkey_gost2012_paramgen);
- break;
- case NID_id_GostR3410_2012_512:
+ } else if (id == NID_gost2012_512 ) {
EVP_PKEY_meth_set_ctrl(*pmeth,
pkey_gost_ctrl, pkey_gost_ec_ctrl_str_512);
EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign);
EVP_PKEY_meth_set_paramgen(*pmeth,
pkey_gost_paramgen_init,
pkey_gost2012_paramgen);
- break;
- case NID_id_Gost28147_89_MAC:
+ } else if (id == NID_id_Gost28147_89_MAC) {
EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
pkey_gost_mac_ctrl_str);
EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
- return 1;
- case NID_gost_mac_12:
+ return 1;
+ } else if (id == NID_gost_mac_12) {
EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl,
pkey_gost_mac_ctrl_str);
EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init,
EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init);
EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup);
EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy);
- return 1;
- default: /* Unsupported method */
+ return 1;
+ } else {
+ /* Unsupported method */
return 0;
}
EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init);
--- /dev/null
+#!/usr/bin/perl
+
+open F,"<","gost_obj.txt" or die "Cannot open gost_obj.txt:$!";
+
+open H,">","newnids.h" or die "Cannot open newnids.h:$!";
+open C,">","newnids.c" or die "Cannot open newnids.c:$!";
+
+print H <<EOHH;
+
+#ifndef NEWNIDS_H
+#define NEWNIDS_H
+/* This file declare variables for NIDs of new OIDs they are not already
+ * definded as preprocessor symbols in openss core
+ */
+
+#include <openssl/objects.h>
+
+EOHH
+
+print C <<EOCH;
+#include <openssl/objects.h>
+#include "gost_lcl.h"
+
+EOCH
+
+$defn = "";
+
+while (<F>) {
+ chomp;
+ next if /^\s*#/;
+ s/^\s*//;
+ s/\s*#.*$//;
+ ($oid,$sn,$ln) = split(/\s*:\s*/);
+ die "Empty short name in line $." unless $sn;
+ $nid = "NID_" . $sn;
+ $nid =~ tr/-/_/;
+
+ if (!$oid ) {
+ $oid = 'NULL';
+ } else {
+ $oid = '"'.$oid.'"';
+ }
+ $ln ||= $sn;
+ print H "#ifndef $nid\nextern int $nid;\n#endif\n";
+ print C "#ifndef $nid\nint $nid = NID_undef;\n#endif\n";
+ $defn .= "#ifndef $nid\n $nid = gost_add_obj($oid,\"$sn\",\"$ln\");\n if ($nid == NID_undef) return 0;\n#endif\n";
+}
+ print H "#endif\n";
+ print C "\nint gost_define_nids()\n{\n$defn; return 1;\n}\n";
--- /dev/null
+#include "gost_lcl.h"
+#include <openssl/objects.h>
+#include <string.h>
+
+int gost_add_obj(const char *oid, const char *sn, const char *ln)
+{
+ int nid;
+ if (oid) {
+ nid = OBJ_txt2nid(oid);
+ } else {
+ nid = OBJ_txt2nid(sn);
+ }
+ if (nid != NID_undef) {
+ return nid;
+ }
+ return OBJ_create(oid,sn,ln);
+}
+
--- /dev/null
+#!/usr/bin/perl
+use Test::More tests => 5;
+use Cwd 'abs_path';
+
+# prepare data for
+
+open F,">","testdata.dat";
+print F "12345670" x 128;
+close F;
+
+# Set OPENSSL_ENGINES environment variable to just build engine
+$ENV{'OPENSSL_ENGINES'} = abs_path("../.libs");
+
+$key='0123456789abcdef' x 2;
+
+#
+# You can redefine engine to use using ENGINE_NAME environment variable
+#
+$engine=$ENV{'ENGINE_NAME'}||"gost";
+
+# Reopen STDERR to eliminate extra output
+open STDERR, ">>","tests.err";
+
+if (exists $ENV{'OPENSSL_CONF'}) {
+ delete $ENV{'OPENSSL_CONF'}
+}
+#
+# This test needs output of openssl engine -c command.
+# Default one is hardcoded below, but you can place file
+# ${ENGINE_NAME}.info into this directory if you use this test suite
+# to test other engine implementing GOST cryptography.
+#
+if ( -f $engine . ".info") {
+ diag("Reading $engine.info");
+ open F, "<", $engine . ".info";
+ read F,$engine_info,1024;
+} else {
+
+$engine_info= <<EOINF;
+(gost) Reference implementation of GOST engine
+ [gost89, gost89-cnt, gost89-cnt-12, gost89-cbc, md_gost94, gost-mac, md_gost12_256, md_gost12_512, gost-mac-12, gost2001, gost-mac, gost2012_256, gost2012_512, gost-mac-12]
+EOINF
+}
+
+$ENV{'OPENSSL_CONF'}=abs_path("no_such_file.cfg");
+is(`openssl engine -c $engine`,
+$engine_info,
+"load engine without any config");
+
+is(`openssl dgst -engine $engine -md_gost94 testdata.dat`,
+"md_gost94(testdata.dat)= f7fc6d16a6a5c12ac4f7d320e0fd0d8354908699125e09727a4ef929122b1cae\n",
+"compute digest without config");
+
+
+open F,">","test.cnf";
+print F <<EOCFG;
+openssl_conf = openssl_def
+[openssl_def]
+engines = engines
+[engines]
+${engine}=gost_conf
+[gost_conf]
+default_algorithms = ALL
+
+EOCFG
+close F;
+$ENV{'OPENSSL_CONF'}=abs_path('test.cnf');
+
+is(`openssl engine -c $engine`,
+$engine_info,
+"load engine with config");
+
+is(`openssl dgst -md_gost94 testdata.dat`,
+"md_gost94(testdata.dat)= f7fc6d16a6a5c12ac4f7d320e0fd0d8354908699125e09727a4ef929122b1cae\n",
+"compute digest with config without explicit engine param");
+
+is(`openssl dgst -engine $engine -md_gost94 testdata.dat`,
+"md_gost94(testdata.dat)= f7fc6d16a6a5c12ac4f7d320e0fd0d8354908699125e09727a4ef929122b1cae\n",
+"compute digest with both config and explicit engine param");
+
+unlink('testdata.dat');
+unlink('test.cnf');
--- /dev/null
+#!/usr/bin/perl
+use Test::More tests => 12;
+use Cwd 'abs_path';
+
+# prepare data for
+
+open F,">","testdata.dat";
+binmode F;
+print F "12345670" x 128;
+close F;
+# Set OPENSSL_ENGINES environment variable to just build engine
+$ENV{'OPENSSL_ENGINES'} = abs_path("../.libs");
+# Set engine name from environment to allow testing of different engines
+$engine=$ENV{'ENGINE_NAME'}||"gost";
+# Reopen STDERR to eliminate extra output
+open STDERR, ">>","tests.err";
+
+is(`openssl dgst -engine ${engine} -md_gost94 testdata.dat`,
+"md_gost94(testdata.dat)= f7fc6d16a6a5c12ac4f7d320e0fd0d8354908699125e09727a4ef929122b1cae\n",
+"GOST R 34.11-94 1K ascii");
+
+is(`openssl dgst -engine ${engine} -md_gost12_256 testdata.dat`,
+"md_gost12_256(testdata.dat)= d38a79cb15db40651051ef6879881fe25d84cdbb23ecec9f56126f8803f5fc88\n",
+"GOST R 34.11-2012 256bit 1K ascii");
+
+is(`openssl dgst -engine ${engine} -md_gost12_512 testdata.dat`,
+"md_gost12_512(testdata.dat)= ac48be903716d9b9701fd8cdd75417b9085b5b642191926afd92310e645c52d465e36bbd5ccb356c5b1b8020a868915d5d8cc18ed2c07c28d24ba914b867f144\n",
+"GOST R 34.11-2012 512bit 1K ascii");
+
+unlink("testdata.dat");
+
+open F,">","testdata2.dat";
+binmode F;
+print F "\x00\x01\x02\x15\x84\x67\x45\x31" x 128;
+close F;
+
+is(`openssl dgst -engine ${engine} -md_gost94 testdata2.dat`,
+"md_gost94(testdata2.dat)= 69f529aa82d9344ab0fa550cdf4a70ecfd92a38b5520b1906329763e09105196\n",
+"GOST R 34.11-94 1K binary");
+
+is(`openssl dgst -engine ${engine} -md_gost12_256 testdata2.dat`,
+"md_gost12_256(testdata2.dat)= 88fb2a93873befc1712c96c6e151223b18798de4601448efe2836dbfa53a55f2\n",
+"GOST R 34.11-2012 256bit 1K binary");
+
+is(`openssl dgst -engine ${engine} -md_gost12_512 testdata2.dat`,
+"md_gost12_512(testdata2.dat)= 559b71aaad8e0e749cbac47ff1eaa48471bafaf81e648b234c456e5d25538c32a61d04e3f5863301fdf1f289efc286cb1c317aba3e6425bece26e8cfe35a4074\n",
+"GOST R 34.11-2012 512bit 1K binary");
+
+unlink("testdata2.dat");
+
+open F, ">","testdata3.dat";
+binmode F;
+print F substr("12345670" x 128,0,539);
+close F;
+
+is(`openssl dgst -engine ${engine} -md_gost94 testdata3.dat`,
+"md_gost94(testdata3.dat)= bd5f1e4b539c7b00f0866afdbc8ed452503a18436061747a343f43efe888aac9\n",
+"GOST R 34.11-94 539 bytes");
+
+is(`openssl dgst -engine ${engine} -md_gost12_256 testdata3.dat`,
+"md_gost12_256(testdata3.dat)= 3791fa0d152ee406be966c1ef2729ea1dcac370556971cfb08123100735d476c\n",
+"GOST R 34.11-2012 256bit 539 bytes");
+
+is(`openssl dgst -engine ${engine} -md_gost12_512 testdata3.dat`,
+"md_gost12_512(testdata3.dat)= 62a09dfad97d84b2020a4ab464c878933210b6d23cbfe0c1d1e7fb9093e360fc052e30c5b7bc27ac7d207fcf51ab59058fb2474d08e664cd040c3b8d2d2f49d6\n",
+"GOST R 34.11-2012 512bit 539 bytes");
+
+unlink "testdata3.dat";
+open F , ">","bigdata.dat";
+binmode F;
+print F ("121345678" x 7 . "1234567\n") x 4096,"12345\n";
+close F;
+
+is(`openssl dgst -engine ${engine} -md_gost94 bigdata.dat`,
+"md_gost94(bigdata.dat)= e5d3ac4ea3f67896c51ff919cedb9405ad771e39f0f2eab103624f9a758e506f\n",
+"GOST R 34.11-94 128K");
+
+is(`openssl dgst -engine ${engine} -md_gost12_256 bigdata.dat`,
+"md_gost12_256(bigdata.dat)= d50eeeff483f8b5f550d944decb60846f0a6b34f2f7d44a6f725af1578385d47\n",
+"GOST R 34.11-2012 256bit 128K");
+
+is(`openssl dgst -engine ${engine} -md_gost12_512 bigdata.dat`,
+"md_gost12_512(bigdata.dat)= d57b8b8ea4061822b47df128fe92bd6db4fd6c8e3c537806ae1782ba67fab474c390b9564c3e4867562e0c3ad974d37d5fa6c5b5a3699e984b45845acbcf298a\n",
+"GOST R 34.11-2012 512bit 128K");
+
+unlink "bigdata.dat";
--- /dev/null
+#!/usr/bin/perl
+use Test::More tests => 11;
+use Cwd 'abs_path';
+
+# prepare data for
+
+open F,">","testdata.dat";
+print F "12345670" x 128;
+close F;
+
+open F,">","testbig.dat";
+print F "12345670" x 1024;
+close F;
+# Set OPENSSL_ENGINES environment variable to just build engine
+$ENV{'OPENSSL_ENGINES'} = abs_path("../.libs");
+
+$key='0123456789abcdef' x 2;
+
+$engine=$ENV{'ENGINE_NAME'}||"gost";
+
+# Reopen STDERR to eliminate extra output
+open STDERR, ">>","tests.err";
+
+is(`openssl dgst -engine ${engine} -mac gost-mac -macopt key:${key} testdata.dat`,
+"GOST-MAC-gost-mac(testdata.dat)= 2ee8d13d\n",
+"GOST MAC - default size");
+
+for ($i=1;$i<=8; $i++) {
+ is(`openssl dgst -engine ${engine} -mac gost-mac -macopt key:${key} -sigopt size:$i testdata.dat`,
+"GOST-MAC-gost-mac(testdata.dat)= ".substr("2ee8d13dff7f037d",0,$i*2)."\n",
+"GOST MAC - size $i bytes");
+}
+
+
+
+is(`openssl dgst -engine ${engine} -mac gost-mac -macopt key:${key} testbig.dat`,
+"GOST-MAC-gost-mac(testbig.dat)= d3978b1a\n",
+"GOST MAC - big data");
+
+is(`openssl dgst -engine ${engine} -mac gost-mac-12 -macopt key:${key} testdata.dat`,
+"GOST-MAC-12-gost-mac-12(testdata.dat)= be4453ec\n",
+"GOST MAC - parameters 2012");
+
+unlink('testdata.dat');
+unlink('testbig.dat');
--- /dev/null
+#!/usr/bin/perl
+use Test::More tests => 48;
+use Cwd 'abs_path';
+
+#
+# If this variable is set, engine would be loaded via configuration
+# file. Otherwise - via command line
+#
+$use_config = 1;
+
+# prepare data for
+
+
+# Set OPENSSL_ENGINES environment variable to just build engine
+$ENV{'OPENSSL_ENGINES'} = abs_path("../.libs");
+
+$key='0123456789abcdef' x 2;
+
+#
+# You can redefine engine to use using ENGINE_NAME environment variable
+#
+$engine=$ENV{'ENGINE_NAME'}||"gost";
+
+# Reopen STDERR to eliminate extra output
+open STDERR, ">>","tests.err";
+
+our $count=0;
+
+#
+# parameters -paramset = oid of the parameters
+# -cleartext - data to encrypt
+# -ciphertext - expected ciphertext (hex-encoded)
+# -key - key (hex-encoded)
+# -iv - IV (hex-encoded)
+#
+
+open F,">","test.cnf";
+if (defined($use_config) && $use_config) {
+ $eng_param = "";
+ open F,">","test.cnf";
+ print F <<EOCFG;
+openssl_conf = openssl_def
+[openssl_def]
+engines = engines
+[engines]
+${engine}=gost_conf
+[gost_conf]
+default_algorithms = ALL
+
+EOCFG
+} else {
+ $eng_param = "-engine $engine"
+}
+close F;
+$ENV{'OPENSSL_CONF'}=abs_path('test.cnf');
+
+sub crypt_test {
+ my %p = @_;
+ our $count++;
+ open my $f, ">", "test$count.clear";
+ print $f $p{-cleartext};
+ close $f;
+
+ $ENV{'CRYPT_PARAMS'} = $p{-paramset} if exists $p{-paramset};
+ my $ctext = `openssl enc ${eng_param} -e -$p{-alg} -K $p{-key} -iv $p{-iv} -in test$count.clear`;
+ is($?,0,"$p{-name} - encrypt successful");
+ is(unpack("H*",$ctext),$p{-ciphertext},"$p{-name} - ciphertext expected");
+ open my $f, ">", "test$count.enc";
+ print $f $ctext;
+ close $f;
+ my $otext = `openssl enc ${eng_param} -d -$p{-alg} -K $p{-key} -iv $p{-iv} -in test$count.enc`;
+ is($?,0,"$p{-name} - decrypt successful");
+ is($otext,$p{-cleartext},"$p{-name} - decrypted correctly");
+ unlink "test$count.enc";
+ unlink "test$count.clear";
+ delete $ENV{'CRYPT_PARAMS'};
+}
+
+$key = '0123456789ABCDEF' x 4;
+$iv = '0000000000000000';
+$clear1 = "The quick brown fox jumps over the lazy dog\n";
+
+crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => '07f4102c6185c4a09e676e269bfa4bc9c5df6575916b879bd13a893a2285ee6690107cdeef7a315d2eb54bfa',
+ -alg => 'gost89',
+ -name=> 'CFB short text, paramset A');
+
+crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => '11465c1c9708033e784fbb5536f2719c38353cb488b01f195c20d4c027022e8300d98bb66c138afbe878c88b',
+ -alg => 'gost89',
+ -name=> 'CFB short text, paramset B');
+
+crypt_test(-paramset=> "1.2.643.2.2.31.3", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => '2f213b390c9b6ceb18de479686d23f4f03c76644a0aab8894b50b71a3bbb3c027ec4c2d569ba0e6a873bd46e',
+ -alg => 'gost89',
+ -name=> 'CFB short text, paramset C');
+
+crypt_test(-paramset=> "1.2.643.2.2.31.4", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => 'e835f59a7fdfd84764efe1e987660327f5d0de187afea72f9cd040983a5e5bbeb4fe1aa5ff85d623ebc4d435',
+ -alg => 'gost89',
+ -name=> 'CFB short text, paramset D');
+
+
+crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => 'bcb821452e459f10f92019171e7c3b27b87f24b174306667f67704812c07b70b5e7420f74a9d54feb4897df8',
+ -alg => 'gost89-cnt',
+ -name=> 'CNT short text');
+
+crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => 'bcb821452e459f10f92019171e7c3b27b87f24b174306667f67704812c07b70b5e7420f74a9d54feb4897df8',
+ -alg => 'gost89-cnt',
+ -name=> 'CNT short text, paramset param doesnt affect cnt');
+
+
+crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => 'cf3f5f713b3d10abd0c6f7bafb6aaffe13dfc12ef5c844f84873aeaaf6eb443a9747c9311b86f97ba3cdb5c4',
+ -alg => 'gost89-cnt-12',
+ -name=> 'CNT-12 short text');
+
+crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => 'cf3f5f713b3d10abd0c6f7bafb6aaffe13dfc12ef5c844f84873aeaaf6eb443a9747c9311b86f97ba3cdb5c4',
+ -alg => 'gost89-cnt-12',
+ -name=> 'CNT-12 short text, paramset param doesnt affect cnt');
+
+
+crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => '3a3293e75089376572da44966cd1759c29d2f1e5e1c3fa9674909a63026da3dc51a4266bff37fb74a3a07155c9ca8fcf',
+ -alg => 'gost89-cbc',
+ -name=> 'CBC short text, paramset A');
+
+
+crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => '11465c1c9708033e784fbb5536f2719c38353cb488b01f195c20d4c027022e8300d98bb66c138afbe878c88b',
+ -alg => 'gost89',
+ -name=> 'CBC short text, paramset B');
+
+crypt_test(-paramset=> "1.2.643.2.2.31.3", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => '987c0fb3d84530467a1973791e0a25e33c5d14591976f8c1573bdb9d056eb7b353f66fef3ffe2e3524583b3997123c8a',
+ -alg => 'gost89-cbc',
+ -name=> 'CBC short text, paramset C');
+
+crypt_test(-paramset=> "1.2.643.2.2.31.4", -key => $key, -iv => $iv,
+ -cleartext => $clear1,
+ -ciphertext => 'e076b09822d4786a2863125d16594d765d8acd0f360e52df42e9d52c8e6c0e6595b5f6bbecb04a22c8ae5f4f87c1523b',
+ -alg => 'gost89-cbc',
+ -name=> 'CBC short text, paramset D');
+
+unlink test.cnf;
--- /dev/null
+PERL=@PERL@
+
+test:
+ $(PERL) ./run_tests
--- /dev/null
+#!/usr/bin/perl
+use TAP::Harness;
+
+my $harness = TAP::Harness->new();
+$harness->runtests(glob("*.t"));