From: Victor Wagner Date: Wed, 16 Sep 2015 13:23:22 +0000 (+0300) Subject: Added system to create new NIDs on demand X-Git-Url: http://wagner.pp.ru/gitweb/?a=commitdiff_plain;h=64360ad489312184bce9511b483ef56023286b2b;p=openssl-gost%2Fengine.git Added system to create new NIDs on demand --- diff --git a/Makefile b/Makefile index 10e41ce..727f95a 100644 --- a/Makefile +++ b/Makefile @@ -8,9 +8,9 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) LIB=$(TOP)/libcrypto.a -LIBSRC= gost_md2012.c gosthash2012.c gost_ec_sign.c gost_ec_keyx.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c +LIBSRC= gost_md2012.c gosthash2012.c gost_ec_sign.c gost_ec_keyx.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c obj_create.c newnids.c -LIBOBJ= gost_md2012.o gosthash2012.o e_gost_err.o gost_ec_keyx.o gost_ec_sign.o gost89.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o +LIBOBJ= gost_md2012.o gosthash2012.o e_gost_err.o gost_ec_keyx.o gost_ec_sign.o gost89.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o newnids.o SRC=$(LIBSRC) @@ -84,9 +84,17 @@ dclean: clean: rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.sl *.dll *.dylib +newnids.c: mkobj.pl gost_objs.txt + $(PERL) mkobj.pl + +newnids.h: mkobj.pl gost_objs.txt + $(PERL) mkobj.pl + + # DO NOT DELETE THIS LINE -- make depend depends on it. gost89.o: gost89.c gost89.h +newnids.o: ../../include/openssl/objects.h gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h diff --git a/gost_lcl.h b/gost_lcl.h index b89c453..846f733 100644 --- a/gost_lcl.h +++ b/gost_lcl.h @@ -18,6 +18,7 @@ # include # include "gost89.h" # include "gosthash.h" +# include "newnids.h" /* Control commands */ # define GOST_PARAM_CRYPT_PARAMS 0 # define GOST_PARAM_PBE_PARAMS 1 @@ -243,4 +244,6 @@ int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen); /* Returns pointer into EVP_PKEY structure */ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey); +int gost_add_obj(const char *oid, const char *sn, const char *ln); + #endif diff --git a/gost_obj.txt b/gost_obj.txt new file mode 100644 index 0000000..c84b16f --- /dev/null +++ b/gost_obj.txt @@ -0,0 +1,29 @@ +# GOST 2012 OIDS +1.2.643.7.1.1.1.1:gost2012_256:GOST R 34.10-2012 with 256 bit modulus +1.2.643.7.1.1.1.2:gost2012_512:GOST R 34.10-2012 with 512 bit modulus +1.2.643.7.1.1.2.2:md_gost12_256:GOST R 34.11-2012 with 256 bit hash +1.2.643.7.1.1.2.3:md_gost12_512:GOST R 34.11-2012 with 512 bit hash +1.2.643.7.1.1.3.2:id-tc26-signwithdigest-gost3410-2012-256:GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit) +1.2.643.7.1.1.3.3:id-tc26-signwithdigest-gost3410-2012-512:GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit) +1.2.643.7.1.1.4.1:id-tc26-hmac-gost-3411-2012-256:HMAC GOST 34.11-2012 256 bit +1.2.643.7.1.1.4.2:id-tc26-hmac-gost-3411-2012-512:HMAC GOST 34.11-2012 512 bit +#1.2.643.7.1.1.5 # is cipher grop. No ciphers yet here +1.2.643.7.1.1.6.1:id-tc26-agreement-gost-3410-2012-256 +1.2.643.7.1.1.6.2:id-tc26-agreement-gost-3410-2012-512 +1.2.643.7.1.2.1.2.0: id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set +1.2.643.7.1.2.1.2.1: id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A +1.2.643.7.1.2.1.2.2: id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B +1.2.643.7.1.2.5.1.1:id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set +# Additional GOST 28147-89 cipher modes +:gost89-cbc: +:gost89-ecb: +:gost89-ofb: +:gost89-cnt: +:gost89-cin-12: +:gost-mac-12: +# Russia-specific DN fields and X.509v3 extensions +1.2.643.3.131.1.1:INN:Individual Fiscal Number +1.2.643.100.1:OGRN:Main state registration number +1.2.643.100.3:SNILS:Number of individual pension insurance account +1.2.643.100.111:subjectSignTool: Signing tool of Subject +1.2.643.100.112:issuerSignTool: Signig tool of Issuer diff --git a/mkobj.pl b/mkobj.pl new file mode 100644 index 0000000..b102234 --- /dev/null +++ b/mkobj.pl @@ -0,0 +1,49 @@ +#!/usr/bin/perl + +open F,"<","gost_obj.txt" or die "Cannot open gost_obj.txt:$!"; + +open H,">","newnids.h" or die "Cannot open newnids.h:$!"; +open C,">","newnids.c" or die "Cannot open newnids.c:$!"; + +print H < + +EOHH + +print C < +#include "gost_lcl.h" + +EOCH + +$defn = ""; + +while () { + chomp; + next if /^\s*#/; + s/^\s*//; + s/\s*#.*$//; + ($oid,$sn,$ln) = split(/\s*:\s*/); + die "Empty short name in line $." unless $sn; + $nid = "NID_" . $sn; + $nid =~ tr/-/_/; + + if (!$oid ) { + $oid = 'NULL'; + } else { + $oid = '"'.$oid.'"'; + } + $ln ||= $sn; + print H "#ifndef $nid\nextern int $nid;\n#endif\n"; + print C "#ifndef $nid\nint $nid = NID_undef;\n#endif\n"; + $defn .= "#ifndef $nid\n $nid = gost_add_obj($oid,\"$sn\",\"$ln\");\n if ($nid == NID_undef) return 0;\n#endif\n"; +} + print H "#endif\n"; + print C "\nint gost_define_nids()\n{\n$defn; return 1;\n}\n"; diff --git a/obj_create.c b/obj_create.c new file mode 100644 index 0000000..c1c039c --- /dev/null +++ b/obj_create.c @@ -0,0 +1,34 @@ +#include "gost_lcl.h" +#include +#include + +int gost_add_obj(const char *oid, const char *sn, const char *ln) +{ + int nid; + char *oidtemp=NULL,*sntemp=NULL,*lntemp=NULL; + + if (oid) { + nid = OBJ_txt2nid(oid); + } else { + nid = OBJ_txt2nid(sn); + } + if (nid != NID_undef) { + return nid; + } + if (oid) { + oidtemp=OPENSSL_malloc(strlen(oid) + 2); + strcpy(oidtemp, oid); + } + + if (sn) { + sntemp=OPENSSL_malloc(strlen(sn) + 2); + strcpy(sntemp, sn); + } + + if (ln) { + lntemp=OPENSSL_malloc(strlen(ln) + 2); + strcpy(lntemp, ln); + } + return OBJ_create(oid,sn,ln); +} +