From: Victor Wagner Date: Thu, 1 Oct 2015 13:38:12 +0000 (+0300) Subject: Merge commit '13dcbd1' into object_db X-Git-Url: http://wagner.pp.ru/gitweb/?a=commitdiff_plain;h=af2081bb52dd1b222af3f1ecb07a04b7eacd11d7;hp=13dcbd17f3c370a7005459e1b2e6470b0262d844;p=openssl-gost%2Fengine.git Merge commit '13dcbd1' into object_db Conflicts: Makefile --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5e71e6b --- /dev/null +++ b/.gitignore @@ -0,0 +1,29 @@ +newnids.* +Makefile +Makefile.in +test/Makefile.in +test/Makefile +test/tests.err +core +*/core +*.o +*.lo +*.la +.deps +.libs +tags +aclocal.m4 +autom4te.cache/ +config.guess +config.h +config.log +config.status +config.sub +configure +depcomp +install-sh +libtool +ltmain.sh +missing +stamp-h1 +*.swp diff --git a/Makefile b/Makefile deleted file mode 100644 index dee3e31..0000000 --- a/Makefile +++ /dev/null @@ -1,278 +0,0 @@ -DIR=ccgost -TOP=../.. -CC=cc -INCLUDES= -I../../include -CFLAG=-g -MAKEFILE= Makefile -AR= ar r -CFLAGS= $(INCLUDES) $(CFLAG) -LIB=$(TOP)/libcrypto.a - -LIBSRC= gost_md2012.c gosthash2012.c gost_ec_sign.c gost_ec_keyx.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c - -LIBOBJ= gost_md2012.o gosthash2012.o e_gost_err.o gost_ec_keyx.o gost_ec_sign.o gost89.o gost_ameth.o gost_asn1.o gost_crypt.o gost_ctl.o gost_eng.o gosthash.o gost_keywrap.o gost_md.o gost_params.o gost_pmeth.o - -SRC=$(LIBSRC) - -LIBNAME=gost - -top: - (cd $(TOP); $(MAKE) DIRS=engines sub_all) - -all: lib - -tags: - ctags $(SRC) - -errors: - $(PERL) ../../util/mkerr.pl -conf gost.ec -nostatic -write $(SRC) - -lib: $(LIBOBJ) - if [ -n "$(SHARED_LIBS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile.shared -e \ - LIBNAME=$(LIBNAME) \ - LIBEXTRAS='$(LIBOBJ)' \ - LIBDEPS='-L$(TOP) -lcrypto' \ - link_o.$(SHLIB_TARGET); \ - else \ - $(AR) $(LIB) $(LIBOBJ); \ - fi - @touch lib - -install: - [ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - echo installing $(LIBNAME); \ - pfx=lib; \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - sfx=".so"; \ - cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - else \ - case "$(CFLAGS)" in \ - *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ - *DSO_DL*) sfx=".sl";; \ - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ - fi - -tests: - -update: local_depend - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - -depend: local_depend - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi -local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) - -files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff *.so *.sl *.dll *.dylib - -gostsum$(EXE_EXT): gostsum.o gosthash.o gost89.o - -gost12sum$(EXE_EXT): gost12sum.o gosthash2012.o - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -gost89.o: gost89.c gost89.h -gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h -gost_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -gost_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -gost_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -gost_ameth.o: ../../include/openssl/engine.h ../../include/openssl/err.h -gost_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -gost_ameth.o: ../../include/openssl/opensslconf.h -gost_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -gost_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -gost_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -gost_ameth.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h -gost_ameth.o: gost_ameth.c gost_lcl.h gosthash.h -gost_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -gost_asn1.o: ../../include/openssl/opensslconf.h -gost_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -gost_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -gost_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -gost_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -gost_asn1.o: ../../include/openssl/x509_vfy.h gost89.h gost_asn1.c gost_lcl.h -gost_asn1.o: gosthash.h -gost_crypt.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_crypt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_crypt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_crypt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_crypt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_crypt.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_crypt.o: ../../include/openssl/err.h ../../include/openssl/evp.h -gost_crypt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -gost_crypt.o: ../../include/openssl/objects.h -gost_crypt.o: ../../include/openssl/opensslconf.h -gost_crypt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -gost_crypt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -gost_crypt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -gost_crypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -gost_crypt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -gost_crypt.o: e_gost_err.h gost89.h gost_crypt.c gost_lcl.h gosthash.h -gost_ctl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_ctl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_ctl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_ctl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_ctl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_ctl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_ctl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -gost_ctl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -gost_ctl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -gost_ctl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -gost_ctl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -gost_ctl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -gost_ctl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -gost_ctl.o: ../../include/openssl/x509_vfy.h gost89.h gost_ctl.c gost_lcl.h -gost_ctl.o: gosthash.h -gost_ec_keyx.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_ec_keyx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_ec_keyx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_ec_keyx.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_ec_keyx.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_ec_keyx.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_ec_keyx.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost_ec_keyx.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -gost_ec_keyx.o: ../../include/openssl/opensslconf.h -gost_ec_keyx.o: ../../include/openssl/opensslv.h -gost_ec_keyx.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -gost_ec_keyx.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -gost_ec_keyx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -gost_ec_keyx.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -gost_ec_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h -gost_ec_keyx.o: gost_ec_keyx.c gost_keywrap.h gost_lcl.h gosthash.h -gost_ec_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_ec_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_ec_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_ec_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_ec_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_ec_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_ec_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -gost_ec_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -gost_ec_sign.o: ../../include/openssl/objects.h -gost_ec_sign.o: ../../include/openssl/opensslconf.h -gost_ec_sign.o: ../../include/openssl/opensslv.h -gost_ec_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -gost_ec_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -gost_ec_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -gost_ec_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -gost_ec_sign.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h -gost_ec_sign.o: gost_ec_sign.c gost_lcl.h gosthash.h -gost_eng.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_eng.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h -gost_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -gost_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -gost_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -gost_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -gost_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -gost_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -gost_eng.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h gost_eng.c -gost_eng.o: gost_lcl.h gosthash.h -gost_keywrap.o: gost89.h gost_keywrap.c gost_keywrap.h -gost_md.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_md.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_md.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_md.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_md.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -gost_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -gost_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -gost_md.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -gost_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -gost_md.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -gost_md.o: e_gost_err.h gost89.h gost_lcl.h gost_md.c gosthash.h -gost_md2012.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -gost_md2012.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -gost_md2012.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h -gost_md2012.o: ../../include/openssl/objects.h -gost_md2012.o: ../../include/openssl/opensslconf.h -gost_md2012.o: ../../include/openssl/opensslv.h -gost_md2012.o: ../../include/openssl/ossl_typ.h -gost_md2012.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -gost_md2012.o: ../../include/openssl/symhacks.h gost_md2012.c gosthash2012.h -gost_md2012.o: gosthash2012_const.h gosthash2012_precalc.h gosthash2012_sse2.h -gost_params.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_params.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_params.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_params.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_params.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_params.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_params.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost_params.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -gost_params.o: ../../include/openssl/opensslconf.h -gost_params.o: ../../include/openssl/opensslv.h -gost_params.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -gost_params.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -gost_params.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -gost_params.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -gost_params.o: gost89.h gost_lcl.h gost_params.c gosthash.h -gost_pmeth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -gost_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -gost_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -gost_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -gost_pmeth.o: ../../include/openssl/engine.h ../../include/openssl/err.h -gost_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -gost_pmeth.o: ../../include/openssl/opensslconf.h -gost_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -gost_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -gost_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -gost_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -gost_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -gost_pmeth.o: e_gost_err.h gost89.h gost_lcl.h gost_pmeth.c gosthash.h -gost_sign.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -gost_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -gost_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -gost_sign.o: ../../include/openssl/objects.h -gost_sign.o: ../../include/openssl/opensslconf.h -gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -gost_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -gost_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -gost_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -gost_sign.o: e_gost_err.h gost89.h gost_lcl.h gost_sign.c gosthash.h -gosthash.o: gost89.h gosthash.c gosthash.h -gosthash2012.o: gosthash2012.c gosthash2012.h gosthash2012_const.h -gosthash2012.o: gosthash2012_precalc.h gosthash2012_sse2.h diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..42564c0 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,19 @@ +enginedir=@ENGINEDIR@ +PERL=@PERL@ +srcdir=. +lib_LTLIBRARIES=libgost.la +libgost_enginedir=$(enginedir) +libgost_la_includedir=$(includedir)/openssl +libgost_la_include_HEADERS=e_gost_err.h gost89.h gosthash2012_const.h gosthash2012.h gosthash2012_precalc.h gosthash2012_ref.h gosthash2012_sse2.h gosthash.h gost_keywrap.h gost_lcl.h newnids.h +libgost_la_SOURCES=e_gost_err.c gost89.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_ec_keyx.c gost_ec_sign.c gost_eng.c gosthash2012.c gosthash.c gost_keywrap.c gost_md2012.c gost_md.c gost_params.c gost_pmeth.c newnids.c obj_create.c + +.PHONY: test + +install-data-hook: + rm -f $(DESTDIR)$(enginedir)/*.a $(DESTDIR)$(enginedir)/*.la + +newnids.c newnids.h: mkobj.pl gost_obj.txt + $(PERL) mkobj.pl + +test: + $(MAKE) -C test test diff --git a/README.gost b/README.gost index abc5a9b..3a48d95 100644 --- a/README.gost +++ b/README.gost @@ -28,6 +28,8 @@ GOST 28147-89 MAC mode. Message authentication code. While most MAC It has 256-bit symmetric key and only 32 bits of MAC value (while HMAC has same key size and value size). + Really, this algorithm supports from 8 to 64 bits of the MAC value + It is implemented as combination of EVP_PKEY type and EVP_MD type. USAGE OF THESE ALGORITHMS @@ -198,11 +200,30 @@ Russian clients and RSA/DSA ciphersuites for foreign clients. implementation of this mac) and OpenSSL is clever enough to find out this. + Following mac options are supported: + + key:(32 bytes of key) + + hexkey:(64 hexadecimal digits of key) + + Engine support calculation of mac with size different from default 32 + bits. You can set mac size to any value from 1 to 8 bytes using + + -sigopt size:(number from 1 to 8 - mac size in bytes) + + (dgst command uses different EVP_PKEY_CTX for initialization and for + finalization of MAC. Option of first are set via -macopt, and for + second via -sigopt. Key should be set during initialization and size + during finalization. If you use API functions + EVP_DigestSignInit/EVP_DigestSignFinal, you can set both options at + the same time). + Encryption with GOST 28147 CFB mode openssl enc -gost89 -out encrypted-file -in plain-text-file -k Encryption with GOST 28147 CNT mode openssl enc -gost89-cnt -out encrypted-file -in plain-text-file -k - + Encryption with GOST 28147 CBC mode + openssl enc -gost89-cbc -out encrypted-file -in plain-text-file -k 6. Encrypting private keys and PKCS12 @@ -221,6 +242,7 @@ accessed by cipher-specific functions, only via generic evp interface openssl speed -evp gost89 openssl speed -evp gost89-cnt + openssl speed -evp gost89-cbc PROGRAMMING INTERFACES DETAILS diff --git a/config.h.in b/config.h.in new file mode 100644 index 0000000..a55451a --- /dev/null +++ b/config.h.in @@ -0,0 +1,65 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the `crypto' library (-lcrypto). */ +#undef HAVE_LIBCRYPTO + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Version number of package */ +#undef VERSION diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..d1626f4 --- /dev/null +++ b/configure.ac @@ -0,0 +1,22 @@ +AC_PREREQ(2.63) +AC_INIT([libgost],[1.0.2],[openssl-gost@lists.wagner.pp.ru]) +AC_CONFIG_SRCDIR([./gost_eng.c]) +AM_INIT_AUTOMAKE([foreign]) +AC_CONFIG_HEADERS([config.h]) +LT_INIT + +ENGINEDIR=$libdir/ssl/engines +AC_ARG_WITH([enginedir], + [AS_HELP_STRING([--with-enginedir],[specify location of OpenSSL engines])], + [ENGINEDIR="$withval"]) +AC_SUBST(ENGINEDIR) + +# Checks for programs. +AC_PROG_CC +AC_PROG_INSTALL +AC_PROG_LIBTOOL +AC_CHECK_PROG([PERL],[perl],[perl],[AC_MSG_ERROR([*** perl not found])]) +# Checks for libraries. +AC_CHECK_LIB([crypto], [ENGINE_new], [], [AC_MSG_ERROR([*** libcrypto not found])]) +AC_CONFIG_FILES([Makefile test/Makefile]) +AC_OUTPUT diff --git a/e_gost_err.c b/e_gost_err.c index c641c60..376d18b 100644 --- a/e_gost_err.c +++ b/e_gost_err.c @@ -139,6 +139,8 @@ static ERR_STRING_DATA GOST_str_reasons[] = { {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE), "invalid digest type"}, {ERR_REASON(GOST_R_INVALID_IV_LENGTH), "invalid iv length"}, {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH), "invalid mac key length"}, + {ERR_REASON(GOST_R_INVALID_MAC_KEY_SIZE) ,"invalid mac key size"}, + {ERR_REASON(GOST_R_INVALID_MAC_SIZE) ,"invalid mac size"}, {ERR_REASON(GOST_R_INVALID_PARAMSET), "invalid paramset"}, {ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED), "key is not initalized"}, {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED), "key is not initialized"}, diff --git a/e_gost_err.h b/e_gost_err.h index 5e7e8e4..b2d9a4f 100644 --- a/e_gost_err.h +++ b/e_gost_err.h @@ -132,6 +132,8 @@ void ERR_GOST_error(int function, int reason, char *file, int line); # define GOST_R_INVALID_DIGEST_TYPE 110 # define GOST_R_INVALID_IV_LENGTH 111 # define GOST_R_INVALID_MAC_KEY_LENGTH 112 +# define GOST_R_INVALID_MAC_KEY_SIZE 145 +# define GOST_R_INVALID_MAC_SIZE 146 # define GOST_R_INVALID_PARAMSET 113 # define GOST_R_KEY_IS_NOT_INITALIZED 114 # define GOST_R_KEY_IS_NOT_INITIALIZED 115 diff --git a/gost_ameth.c b/gost_ameth.c index c8d7e4f..fb88eb3 100644 --- a/gost_ameth.c +++ b/gost_ameth.c @@ -55,13 +55,11 @@ static int pkey_bits_gost(const EVP_PKEY *pk) if (!pk) return -1; - switch (EVP_PKEY_base_id(pk)) { - case NID_id_GostR3410_2001: - case NID_id_GostR3410_2012_256: + int id= (EVP_PKEY_base_id(pk)); + if ( id == NID_id_GostR3410_2001 ||id == NID_gost2012_256) return 256; - case NID_id_GostR3410_2012_512: + if (id == NID_gost2012_512) return 512; - } return -1; } @@ -71,6 +69,7 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) ASN1_STRING *params = ASN1_STRING_new(); GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); int pkey_param_nid = NID_undef; + int base_id = EVP_PKEY_base_id(key); void *key_ptr = EVP_PKEY_get0((EVP_PKEY *)key); int result = 0; @@ -78,19 +77,15 @@ static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key) GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS, ERR_R_MALLOC_FAILURE); goto err; } - switch (EVP_PKEY_base_id(key)) { - case NID_id_GostR3410_2012_256: + if (base_id == NID_gost2012_256) { pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr)); - gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_256); - break; - case NID_id_GostR3410_2012_512: + gkp->hash_params = OBJ_nid2obj(NID_md_gost12_256); + } else if (base_id == NID_gost2012_512) { pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr)); - gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_2012_512); - break; - case NID_id_GostR3410_2001: + gkp->hash_params = OBJ_nid2obj(NID_md_gost12_512); + } else if (base_id == NID_id_GostR3410_2001) { pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_ptr)); gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet); - break; } if (pkey_param_nid == NID_undef) { @@ -124,15 +119,14 @@ static int gost_decode_nid_params(EVP_PKEY *pkey, int pkey_nid, int param_nid) { void *key_ptr = EVP_PKEY_get0(pkey); - switch (pkey_nid) { - case NID_id_GostR3410_2012_256: - case NID_id_GostR3410_2012_512: - case NID_id_GostR3410_2001: + if (pkey_nid == NID_gost2012_256 || + pkey_nid == NID_gost2012_512 || + pkey_nid == NID_id_GostR3410_2001) { if (!key_ptr) { key_ptr = EC_KEY_new(); if (!EVP_PKEY_assign(pkey, pkey_nid, key_ptr)) { EC_KEY_free(key_ptr); - break; + return 0; } } return fill_GOST_EC_params(key_ptr, param_nid); @@ -182,10 +176,11 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg) static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv) { - switch (EVP_PKEY_base_id(pkey)) { - case NID_id_GostR3410_2012_512: - case NID_id_GostR3410_2012_256: - case NID_id_GostR3410_2001: + int id = EVP_PKEY_base_id(pkey); + + if (id == NID_gost2012_512 || + id == NID_gost2012_256 || + id == NID_id_GostR3410_2001) { EC_KEY *ec = EVP_PKEY_get0(pkey); if (!ec) { @@ -196,27 +191,23 @@ static int gost_set_priv_key(EVP_PKEY *pkey, BIGNUM *priv) return 0; if (!EVP_PKEY_missing_parameters(pkey)) gost_ec_compute_public(ec); - break; + return 1; } - default: - return 0; - } - return 1; + return 0; } BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) { - switch (EVP_PKEY_base_id(pkey)) { - case NID_id_GostR3410_2012_512: - case NID_id_GostR3410_2012_256: - case NID_id_GostR3410_2001: - { - EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey); - if (ec) - return (BIGNUM *)EC_KEY_get0_private_key(ec); - break; - } - } + int id =EVP_PKEY_base_id(pkey); + + if (id == NID_gost2012_512 || + id == NID_gost2012_256|| + id == NID_id_GostR3410_2001) + { + EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey); + if (ec) + return (BIGNUM *)EC_KEY_get0_private_key(ec); + } return NULL; } @@ -228,18 +219,14 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) int nid = EVP_PKEY_base_id(pkey), md_nid = NID_undef; X509_ALGOR *alg1 = NULL, *alg2 = NULL; - switch (nid) { - case NID_id_GostR3410_2012_512: - md_nid = NID_id_GostR3411_2012_512; - break; - case NID_id_GostR3410_2012_256: - md_nid = NID_id_GostR3411_2012_256; - break; - case NID_id_GostR3410_2001: - case NID_id_GostR3410_94: + if (nid == NID_gost2012_512) { + md_nid = NID_md_gost12_512; + } else if (nid == NID_gost2012_256) { + md_nid = NID_md_gost12_256; + } else if (nid == NID_id_GostR3410_2001 || + nid == NID_id_GostR3410_94) { md_nid = NID_id_GostR3411_94; - break; - default: + } else { return -1; } @@ -803,17 +790,18 @@ static int pub_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b) static int pkey_size_gost(const EVP_PKEY *pk) { - if (!pk) + int id; + if (!pk) return -1; - - switch (EVP_PKEY_base_id(pk)) { - case NID_id_GostR3410_94: - case NID_id_GostR3410_2001: - case NID_id_GostR3410_2012_256: + id = EVP_PKEY_base_id(pk); + if (id == NID_id_GostR3410_94 || + id == NID_id_GostR3410_2001 || + id ==NID_gost2012_256 ) + { return 64; - case NID_id_GostR3410_2012_512: + } else if (id == NID_gost2012_512) { return 128; - } + } return -1; } @@ -877,8 +865,7 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth, *ameth = EVP_PKEY_asn1_new(nid, ASN1_PKEY_SIGPARAM_NULL, pemstr, info); if (!*ameth) return 0; - switch (nid) { - case NID_id_GostR3410_2001: + if (nid == NID_id_GostR3410_2001) { EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec); EVP_PKEY_asn1_set_private(*ameth, priv_decode_gost, priv_encode_gost, @@ -894,9 +881,7 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth, pkey_size_gost, pkey_bits_gost); EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost); - break; - case NID_id_GostR3410_2012_256: - case NID_id_GostR3410_2012_512: + } else if (nid == NID_gost2012_256 || nid == NID_gost2012_512) { EVP_PKEY_asn1_set_free(*ameth, pkey_free_gost_ec); EVP_PKEY_asn1_set_private(*ameth, priv_decode_gost, priv_encode_gost, @@ -913,15 +898,12 @@ int register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth, pkey_size_gost, pkey_bits_gost); EVP_PKEY_asn1_set_ctrl(*ameth, pkey_ctrl_gost); - break; - case NID_id_Gost28147_89_MAC: + } else if (nid == NID_id_Gost28147_89_MAC) { EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost); EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost); - break; - case NID_gost_mac_12: + } else if (nid == NID_gost_mac_12) { EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost); EVP_PKEY_asn1_set_ctrl(*ameth, mac_ctrl_gost_12); - break; } return 1; } diff --git a/gost_crypt.c b/gost_crypt.c index 668e881..23a99e4 100644 --- a/gost_crypt.c +++ b/gost_crypt.c @@ -22,6 +22,8 @@ static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); +static int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); static int gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx, @@ -30,6 +32,9 @@ static int gost_cipher_init_cp_12(EVP_CIPHER_CTX *ctx, /* Handles block of data in CFB mode */ static int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); +/* Handles block of data in CBC mode */ +static int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); /* Handles block of data in CNT mode */ static int gost_cipher_do_cnt(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); @@ -58,6 +63,29 @@ EVP_CIPHER cipher_gost = { NULL, }; +EVP_CIPHER cipher_gost_cbc = + { +#ifdef NID_gost89_cbc + NID_gost89_cbc +#else + NID_undef +#endif + , + 8,/*block_size*/ + 32,/*key_size*/ + 8,/*iv_len */ + EVP_CIPH_CBC_MODE| + EVP_CIPH_CUSTOM_IV| EVP_CIPH_RAND_KEY | EVP_CIPH_ALWAYS_CALL_INIT, + gost_cipher_init_cbc, + gost_cipher_do_cbc, + gost_cipher_cleanup, + sizeof(struct ossl_gost_cipher_ctx),/* ctx_size */ + gost89_set_asn1_parameters, + gost89_get_asn1_parameters, + gost_cipher_ctl, + NULL, + }; + EVP_CIPHER cipher_gost_cpacnt = { NID_gost89_cnt, 1, /* block_size */ @@ -76,7 +104,12 @@ EVP_CIPHER cipher_gost_cpacnt = { }; EVP_CIPHER cipher_gost_cpcnt_12 = { - NID_gost89_cnt_12, +#ifdef NID_gost89_cnt_12 + NID_gost89_cnt_12 +#else + NID_undef +#endif + , 1, /* block_size */ 32, /* key_size */ 8, /* iv_len */ @@ -125,7 +158,12 @@ EVP_MD imit_gost_cpa = { }; EVP_MD imit_gost_cp_12 = { - NID_gost_mac_12, +#ifdef NID_gost_mac_12 + NID_gost_mac_12 +#else + NID_undef +#endif + , NID_undef, 4, 0, @@ -165,7 +203,7 @@ struct gost_cipher_info gost_cipher_list[] = { 1}, {NID_id_Gost28147_89_CryptoPro_D_ParamSet, &Gost28147_CryptoProParamSetD, 1}, - {NID_id_tc26_gost_28147_param_Z, &Gost28147_TC26ParamSetZ, 1}, + {NID_undef/*,NID_id_tc26_gost_28147_param_Z*/, &Gost28147_TC26ParamSetZ, 1}, {NID_id_Gost28147_89_TestParamSet, &Gost28147_TestParamSet, 1}, {NID_undef, NULL, 0} }; @@ -277,6 +315,15 @@ int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, EVP_CIPH_CFB_MODE); } +/* Initializes EVP_CIPHER_CTX with default values */ +int gost_cipher_init_cbc(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + return gost_cipher_init_param(ctx, key, iv, enc, NID_undef, + EVP_CIPH_CBC_MODE); +} + + /* * Wrapper around gostcrypt function from gost89.c which perform key meshing * when nesseccary @@ -326,6 +373,47 @@ static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf) c->count = c->count % 1024 + 8; } +/* GOST encryptoon in CBC mode */ +int gost_cipher_do_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + OPENSSL_assert(inl % 8 ==0); + unsigned char b[8]; + const unsigned char *in_ptr=in; + unsigned char *out_ptr=out; + int i; + struct ossl_gost_cipher_ctx *c = ctx->cipher_data; + if (ctx->encrypt) + { + while(inl>0) + { + for (i=0;i<8;i++) + { + b[i]=ctx->iv[i]^in_ptr[i]; + } + gostcrypt(&(c->cctx),b,out_ptr); + memcpy(ctx->iv,out_ptr,8); + out_ptr+=8; + in_ptr+=8; + inl-=8; + } + } + else + { + while (inl>0) { + gostdecrypt(&(c->cctx),in_ptr,b); + for (i=0;i<8;i++) + { + out_ptr[i]=ctx->iv[i]^b[i]; + } + memcpy(ctx->iv,in_ptr,8); + out_ptr+=8; + in_ptr+=8; + inl-=8; + } + } + return 1; + } /* GOST encryption in CFB mode */ int gost_cipher_do_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) @@ -594,6 +682,7 @@ static int gost_imit_init(EVP_MD_CTX *ctx, gost_subst_block * block) c->count = 0; c->bytes_left = 0; c->key_meshing = 1; + c->dgst_size = 4; gost_init(&(c->cctx), block); return 1; } @@ -676,7 +765,7 @@ int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md) } mac_block_mesh(c, c->partial_block); } - get_mac(c->buffer, 32, md); + get_mac(c->buffer, 8 * c->dgst_size, md); return 1; } @@ -689,7 +778,7 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) case EVP_MD_CTRL_SET_KEY: { if (arg != 32) { - GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_LENGTH); + GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_KEY_SIZE); return 0; } @@ -699,6 +788,17 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) return 1; } + case EVP_MD_CTRL_MAC_LEN: + { + if (arg < 1 || arg > 8) { + GOSTerr(GOST_F_GOST_IMIT_CTRL, GOST_R_INVALID_MAC_SIZE); + return 0; + } + struct ossl_gost_imit_ctx *c = ctx->md_data; + c->dgst_size=arg; + return 1; + } + default: return 0; } diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 929c786..60b5e77 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -29,9 +29,9 @@ static int VKO_compute_key(unsigned char *shared_key, size_t shared_key_size, BN_CTX *ctx = BN_CTX_new(); EVP_MD_CTX mdctx; const EVP_MD *md; - int effective_dgst_nid = (dgst_nid == NID_id_GostR3411_2012_512) ? - NID_id_GostR3411_2012_256 : dgst_nid; - int buf_len = (dgst_nid == NID_id_GostR3411_2012_512) ? 128 : 64, + int effective_dgst_nid = (dgst_nid == NID_md_gost12_512) ? + NID_md_gost12_256 : dgst_nid; + int buf_len = (dgst_nid == NID_md_gost12_512) ? 128 : 64, half_len = buf_len >> 1; if (!ctx) { diff --git a/gost_eng.c b/gost_eng.c index 9df6a74..b7b6b5e 100644 --- a/gost_eng.c +++ b/gost_eng.c @@ -36,25 +36,26 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth, static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, - NID_gost89_cnt_12, + NID_undef /*NID_gost89_cnt_12*/, + NID_undef /* NID_gost89_cbc */, 0 }; static int gost_digest_nids[] = { NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, - NID_id_GostR3411_2012_256, - NID_id_GostR3411_2012_512, - NID_gost_mac_12, + NID_undef /*NID_md_gost12_256*/, + NID_undef /*NID_md_gost12_512*/, + NID_undef /*NID_gost_mac_12*/, 0 }; static int gost_pkey_meth_nids[] = { NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, - NID_id_GostR3410_2012_256, - NID_id_GostR3410_2012_512, - NID_gost_mac_12, + NID_undef /*NID_gost2012_256*/, + NID_undef /*NID_gost2012_512*/, + NID_undef /*NID_gost_mac_12*/, 0 }; @@ -98,38 +99,63 @@ static int gost_engine_destroy(ENGINE *e) return 1; } - +extern int gost_define_nids(void); static int bind_gost(ENGINE *e, const char *id) { int ret = 0; if (id && strcmp(id, engine_gost_id)) return 0; if (ameth_GostR3410_2001) { - printf("GOST engine already loaded\n"); - goto end; + /* Engine already loaded */ + return 1; } + if (!gost_define_nids()) { + return 0; + } + /* Set up nids which might be undefined in the core object database */ + /* Arrays of algoritmhs */ + gost_cipher_nids[1]=NID_gost89_cnt; + gost_cipher_nids[2]=NID_gost89_cnt_12; + gost_cipher_nids[3]=NID_gost89_cbc; + gost_digest_nids[2]=NID_md_gost12_256; + gost_digest_nids[3]=NID_md_gost12_512; + gost_digest_nids[4]=NID_gost_mac_12; + gost_pkey_meth_nids[2]=NID_gost2012_256; + gost_pkey_meth_nids[3]=NID_gost2012_512; + gost_pkey_meth_nids[4]=NID_gost_mac_12; + /* EVP_CIPHERs */ + cipher_gost_cbc.nid = NID_gost89_cbc; + cipher_gost_cpcnt_12.nid = NID_gost89_cnt_12; + /* EVP_MDs */ + digest_gost2012_512.type = NID_md_gost12_512; + digest_gost2012_256.type = NID_md_gost12_256; + imit_gost_cp_12.type = NID_gost_mac_12; + /* Algorithm parameters */ + R3410_2012_512_paramset[0].nid = NID_id_tc26_gost_3410_2012_512_paramSetA; + R3410_2012_512_paramset[1].nid = NID_id_tc26_gost_3410_2012_512_paramSetB; + if (!ENGINE_set_id(e, engine_gost_id)) { - printf("ENGINE_set_id failed\n"); + fprintf(stderr,"ENGINE_set_id failed\n"); goto end; } if (!ENGINE_set_name(e, engine_gost_name)) { - printf("ENGINE_set_name failed\n"); + fprintf(stderr,"ENGINE_set_name failed\n"); goto end; } if (!ENGINE_set_digests(e, gost_digests)) { - printf("ENGINE_set_digests failed\n"); + fprintf(stderr,"ENGINE_set_digests failed\n"); goto end; } if (!ENGINE_set_ciphers(e, gost_ciphers)) { - printf("ENGINE_set_ciphers failed\n"); + fprintf(stderr,"ENGINE_set_ciphers failed\n"); goto end; } if (!ENGINE_set_pkey_meths(e, gost_pkey_meths)) { - printf("ENGINE_set_pkey_meths failed\n"); + fprintf(stderr,"ENGINE_set_pkey_meths failed\n"); goto end; } if (!ENGINE_set_pkey_asn1_meths(e, gost_pkey_asn1_meths)) { - printf("ENGINE_set_pkey_asn1_meths failed\n"); + fprintf(stderr,"ENGINE_set_pkey_asn1_meths failed\n"); goto end; } /* Control function and commands */ @@ -152,11 +178,11 @@ static int bind_gost(ENGINE *e, const char *id) "GOST R 34.10-2001")) goto end; if (!register_ameth_gost - (NID_id_GostR3410_2012_256, &ameth_GostR3410_2012_256, "GOST2012_256", + (NID_gost2012_256, &ameth_GostR3410_2012_256, "GOST2012_256", "GOST R 34.10-2012 with 256 bit key")) goto end; if (!register_ameth_gost - (NID_id_GostR3410_2012_512, &ameth_GostR3410_2012_512, "GOST2012_512", + (NID_gost2012_512, &ameth_GostR3410_2012_512, "GOST2012_512", "GOST R 34.10-2012 with 512 bit key")) goto end; if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC, @@ -171,10 +197,10 @@ static int bind_gost(ENGINE *e, const char *id) goto end; if (!register_pmeth_gost - (NID_id_GostR3410_2012_256, &pmeth_GostR3410_2012_256, 0)) + (NID_gost2012_256, &pmeth_GostR3410_2012_256, 0)) goto end; if (!register_pmeth_gost - (NID_id_GostR3410_2012_512, &pmeth_GostR3410_2012_512, 0)) + (NID_gost2012_512, &pmeth_GostR3410_2012_512, 0)) goto end; if (!register_pmeth_gost (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0)) @@ -186,6 +212,7 @@ static int bind_gost(ENGINE *e, const char *id) || !ENGINE_register_pkey_meths(e) /* These two actually should go in LIST_ADD command */ || !EVP_add_cipher(&cipher_gost) + || !EVP_add_cipher(&cipher_gost_cbc) || !EVP_add_cipher(&cipher_gost_cpacnt) || !EVP_add_cipher(&cipher_gost_cpcnt_12) || !EVP_add_digest(&digest_gost) @@ -217,9 +244,9 @@ static int gost_digests(ENGINE *e, const EVP_MD **digest, } if (nid == NID_id_GostR3411_94) { *digest = &digest_gost; - } else if (nid == NID_id_GostR3411_2012_256) { + } else if (nid == NID_md_gost12_256) { *digest = &digest_gost2012_256; - } else if (nid == NID_id_GostR3411_2012_512) { + } else if (nid == NID_md_gost12_512) { *digest = &digest_gost2012_512; } else if (nid == NID_id_Gost28147_89_MAC) { *digest = &imit_gost_cpa; @@ -238,7 +265,7 @@ static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher, int ok = 1; if (!cipher) { *nids = gost_cipher_nids; - return 3; /* three ciphers are supported */ + return 4; /* four ciphers are supported */ } if (nid == NID_id_Gost28147_89) { @@ -247,6 +274,8 @@ static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher, *cipher = &cipher_gost_cpacnt; } else if (nid == NID_gost89_cnt_12) { *cipher = &cipher_gost_cpcnt_12; + } else if (nid == NID_gost89_cbc) { + *cipher = &cipher_gost_cbc; } else { ok = 0; *cipher = NULL; @@ -262,26 +291,26 @@ static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, return sizeof(gost_pkey_meth_nids)/sizeof(int) - 1; } - switch (nid) { - case NID_id_GostR3410_2001: + if (nid == NID_id_GostR3410_2001) { *pmeth = pmeth_GostR3410_2001; return 1; - case NID_id_GostR3410_2012_256: + } + if (nid == NID_gost2012_256) { *pmeth = pmeth_GostR3410_2012_256; return 1; - case NID_id_GostR3410_2012_512: + } + if (nid == NID_gost2012_512) { *pmeth = pmeth_GostR3410_2012_512; return 1; - case NID_id_Gost28147_89_MAC: + } + if (nid == NID_id_Gost28147_89_MAC) { *pmeth = pmeth_Gost28147_MAC; return 1; - case NID_gost_mac_12: + } + if (nid == NID_gost_mac_12) { *pmeth = pmeth_Gost28147_MAC_12; return 1; - - default:; - } - + } *pmeth = NULL; return 0; } @@ -293,25 +322,26 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth, *nids = gost_pkey_meth_nids; return sizeof(gost_pkey_meth_nids)/sizeof(int) - 1; } - switch (nid) { - case NID_id_GostR3410_2001: + if (nid == NID_id_GostR3410_2001) { *ameth = ameth_GostR3410_2001; return 1; - case NID_id_GostR3410_2012_256: + } + if (nid == NID_gost2012_256) { *ameth = ameth_GostR3410_2012_256; return 1; - case NID_id_GostR3410_2012_512: + } + if (nid == NID_gost2012_512) { *ameth = ameth_GostR3410_2012_512; return 1; - case NID_id_Gost28147_89_MAC: + } + if (nid == NID_id_Gost28147_89_MAC) { *ameth = ameth_Gost28147_MAC; return 1; - case NID_gost_mac_12: + } + if (nid == NID_gost_mac_12) { *ameth = ameth_Gost28147_MAC_12; return 1; - - default:; - } + } *ameth = NULL; return 0; diff --git a/gost_lcl.h b/gost_lcl.h index 4e1c4ea..846f733 100644 --- a/gost_lcl.h +++ b/gost_lcl.h @@ -18,6 +18,7 @@ # include # include "gost89.h" # include "gosthash.h" +# include "newnids.h" /* Control commands */ # define GOST_PARAM_CRYPT_PARAMS 0 # define GOST_PARAM_PBE_PARAMS 1 @@ -58,7 +59,9 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags); /* For GOST 28147 MAC */ # define key_ctrl_string "key" # define hexkey_ctrl_string "hexkey" +# define maclen_ctrl_string "size" # define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3) +# define EVP_PKEY_CTRL_MAC_LEN (EVP_PKEY_ALG_CTRL+5) /* Pmeth internal representation */ struct gost_pmeth_data { int sign_param_nid; /* Should be set whenever parameters are @@ -69,7 +72,8 @@ struct gost_pmeth_data { }; struct gost_mac_pmeth_data { - int key_set; + short int key_set; + short int mac_size; EVP_MD *md; unsigned char key[32]; }; @@ -184,6 +188,7 @@ struct ossl_gost_imit_ctx { int key_meshing; int bytes_left; int key_set; + int dgst_size; }; /* Table which maps parameter NID to S-blocks */ extern struct gost_cipher_info gost_cipher_list[]; @@ -191,10 +196,12 @@ extern struct gost_cipher_info gost_cipher_list[]; const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj); /* Implementation of GOST 28147-89 cipher in CFB and CNT modes */ extern EVP_CIPHER cipher_gost; +extern EVP_CIPHER cipher_gost_cbc; extern EVP_CIPHER cipher_gost_cpacnt; extern EVP_CIPHER cipher_gost_cpcnt_12; # define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3) # define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4) +# define EVP_MD_CTRL_MAC_LEN (EVP_MD_CTRL_ALG_CTRL+5) /* EVP_PKEY_METHOD key encryption callbacks */ /* From gost_ec_keyx.c */ int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, @@ -237,4 +244,6 @@ int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen); /* Returns pointer into EVP_PKEY structure */ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey); +int gost_add_obj(const char *oid, const char *sn, const char *ln); + #endif diff --git a/gost_md2012.c b/gost_md2012.c index e20e660..7afbed9 100644 --- a/gost_md2012.c +++ b/gost_md2012.c @@ -26,7 +26,7 @@ const char micalg_256[] = "gostr3411-2012-256"; const char micalg_512[] = "gostr3411-2012-512"; EVP_MD digest_gost2012_512 = { - NID_id_GostR3411_2012_512, + NID_undef /* NID_md_gost12_512 */, NID_undef, 64, /* digest size */ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, @@ -44,7 +44,7 @@ EVP_MD digest_gost2012_512 = { }; EVP_MD digest_gost2012_256 = { - NID_id_GostR3411_2012_256, + NID_undef /*NID_md_gost12_256*/, NID_undef, 32, /* digest size */ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, diff --git a/gost_obj.txt b/gost_obj.txt new file mode 100644 index 0000000..0e5e41b --- /dev/null +++ b/gost_obj.txt @@ -0,0 +1,29 @@ +# GOST 2012 OIDS +1.2.643.7.1.1.1.1:gost2012_256:GOST R 34.10-2012 with 256 bit modulus +1.2.643.7.1.1.1.2:gost2012_512:GOST R 34.10-2012 with 512 bit modulus +1.2.643.7.1.1.2.2:md_gost12_256:GOST R 34.11-2012 with 256 bit hash +1.2.643.7.1.1.2.3:md_gost12_512:GOST R 34.11-2012 with 512 bit hash +1.2.643.7.1.1.3.2:id-tc26-signwithdigest-gost3410-2012-256:GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit) +1.2.643.7.1.1.3.3:id-tc26-signwithdigest-gost3410-2012-512:GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit) +1.2.643.7.1.1.4.1:id-tc26-hmac-gost-3411-2012-256:HMAC GOST 34.11-2012 256 bit +1.2.643.7.1.1.4.2:id-tc26-hmac-gost-3411-2012-512:HMAC GOST 34.11-2012 512 bit +#1.2.643.7.1.1.5 # is cipher grop. No ciphers yet here +1.2.643.7.1.1.6.1:id-tc26-agreement-gost-3410-2012-256 +1.2.643.7.1.1.6.2:id-tc26-agreement-gost-3410-2012-512 +1.2.643.7.1.2.1.2.0: id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set +1.2.643.7.1.2.1.2.1: id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A +1.2.643.7.1.2.1.2.2: id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B +1.2.643.7.1.2.5.1.1:id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set +# Additional GOST 28147-89 cipher modes +1.2.643.2.2.21.2:gost89-cbc: +1.2.643.2.2.21.3:gost89-ecb: +1.2.643.2.2.21.4:gost89-ofb: +1.2.643.2.2.21.5:gost89-cnt: +1.2.643.2.2.21.6:gost89-cnt-12: +1.2.643.2.2.22.2:gost-mac-12: +# Russia-specific DN fields and X.509v3 extensions +1.2.643.3.131.1.1:INN:Individual Fiscal Number +1.2.643.100.1:OGRN:Main state registration number +1.2.643.100.3:SNILS:Number of individual pension insurance account +1.2.643.100.111:subjectSignTool: Signing tool of Subject +1.2.643.100.112:issuerSignTool: Signig tool of Issuer diff --git a/gost_params.c b/gost_params.c index 3e70990..5e9979f 100644 --- a/gost_params.c +++ b/gost_params.c @@ -84,7 +84,7 @@ R3410_ec_params R3410_2001_paramset[] = { R3410_ec_params *R3410_2012_256_paramset = R3410_2001_paramset; R3410_ec_params R3410_2012_512_paramset[] = { - {NID_id_tc26_gost_3410_2012_512_paramSetA, + {0 /*NID_id_tc26_gost_3410_2012_512_paramSetA*/, /* a */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4", @@ -103,7 +103,7 @@ R3410_ec_params R3410_2012_512_paramset[] = { "7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF16" "26BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4"} , - {NID_id_tc26_gost_3410_2012_512_paramSetB, + {0 /* NID_id_tc26_gost_3410_2012_512_paramSetB*/, /* a */ "8000000000000000000000000000000000000000000000000000000000000000" "000000000000000000000000000000000000000000000000000000000000006C", diff --git a/gost_pmeth.c b/gost_pmeth.c index a825217..166cf85 100644 --- a/gost_pmeth.c +++ b/gost_pmeth.c @@ -30,20 +30,19 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx) return 0; memset(data, 0, sizeof(*data)); if (pkey && EVP_PKEY_get0(pkey)) { - switch (EVP_PKEY_base_id(pkey)) { - case NID_id_GostR3410_2001: - case NID_id_GostR3410_2012_256: - case NID_id_GostR3410_2012_512: + int id = (EVP_PKEY_base_id(pkey)); + if (id == NID_id_GostR3410_2001 || + id == NID_gost2012_256 || + id == NID_gost2012_512) { const EC_GROUP *group = EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)); if (group != NULL) { data->sign_param_nid = EC_GROUP_get_curve_name(group); - break; } - /* else */ } - default: + else + { OPENSSL_free(data); return 0; } @@ -97,28 +96,23 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) OPENSSL_assert(p2 != NULL); - switch (EVP_MD_type((const EVP_MD *)p2)) { - case NID_id_GostR3411_94: + int md_type = EVP_MD_type((const EVP_MD *)p2); + if (md_type == NID_id_GostR3411_94) { if (pkey_nid == NID_id_GostR3410_2001 || pkey_nid == NID_id_GostR3410_94) { pctx->md = (EVP_MD *)p2; return 1; } - break; - - case NID_id_GostR3411_2012_256: - if (pkey_nid == NID_id_GostR3410_2012_256) { + } else if (md_type == NID_md_gost12_256) { + if (pkey_nid == NID_gost2012_256) { pctx->md = (EVP_MD *)p2; return 1; } - break; - - case NID_id_GostR3411_2012_512: - if (pkey_nid == NID_id_GostR3410_2012_512) { + } else if ( md_type == NID_md_gost12_512) { + if (pkey_nid == NID_gost2012_512) { pctx->md = (EVP_MD *)p2; return 1; } - break; } GOSTerr(GOST_F_PKEY_GOST_CTRL, GOST_R_INVALID_DIGEST_TYPE); @@ -311,25 +305,19 @@ static int pkey_gost2012_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } - switch (data->sign_param_nid) { - case NID_id_tc26_gost_3410_2012_512_paramSetA: - case NID_id_tc26_gost_3410_2012_512_paramSetB: + if (data->sign_param_nid == NID_id_tc26_gost_3410_2012_512_paramSetA || + data->sign_param_nid == NID_id_tc26_gost_3410_2012_512_paramSetB) { result = - (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_512, ec)) ? 1 : 0; - break; - - case NID_id_GostR3410_2001_CryptoPro_A_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_B_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_C_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet: - case NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet: - case NID_id_GostR3410_2001_TestParamSet: + (EVP_PKEY_assign(pkey, NID_gost2012_512, ec)) ? 1 : 0; + } else + if (data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_A_ParamSet || + data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_B_ParamSet || + data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_C_ParamSet || + data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet || + data->sign_param_nid == NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet || + data->sign_param_nid == NID_id_GostR3410_2001_TestParamSet) { result = - (EVP_PKEY_assign(pkey, NID_id_GostR3410_2012_256, ec)) ? 1 : 0; - break; - default: - result = 0; - break; + (EVP_PKEY_assign(pkey, NID_gost2012_256, ec)) ? 1 : 0; } if (result == 0) @@ -382,21 +370,18 @@ static int pkey_gost_ec_cp_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, DSA_SIG *unpacked_sig = NULL; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); int order = 0; - + int id = EVP_PKEY_base_id(pkey); if (!siglen) return 0; if (!pkey) return 0; - switch (EVP_PKEY_base_id(pkey)) { - case NID_id_GostR3410_2001: - case NID_id_GostR3410_2012_256: + if (id == NID_id_GostR3410_2001 || + id == NID_gost2012_256) { order = 64; - break; - case NID_id_GostR3410_2012_512: + } else if (id == NID_gost2012_512) { order = 128; - break; - default: + } else { return 0; } @@ -470,6 +455,7 @@ static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx) if (!data) return 0; memset(data, 0, sizeof(*data)); + data->mac_size = 4; EVP_PKEY_CTX_set_data(ctx, data); return 1; } @@ -553,6 +539,17 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32, key); } + case EVP_PKEY_CTRL_MAC_LEN: + { + if (p1<1 || p1>8) + { + + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL,GOST_R_INVALID_MAC_SIZE); + return 0; + } + data->mac_size = p1; + return 1; + } } return -2; } @@ -584,6 +581,16 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, return ret; } + if (!strcmp(type,maclen_ctrl_string)) { + char *endptr; + long size=strtol(value,&endptr,10); + if (*endptr!='\0') { + GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, + GOST_R_INVALID_MAC_SIZE); + return 0; + } + return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_MAC_LEN,size,NULL); + } return -2; } @@ -624,6 +631,7 @@ static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, { unsigned int tmpsiglen; int ret; + struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); if (!siglen) return 0; @@ -631,11 +639,13 @@ static int pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, * sizeof(size_t) */ if (!sig) { - *siglen = 4; + *siglen = data->mac_size; return 1; } + + mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_MAC_LEN, data->mac_size, NULL); ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen); - *siglen = tmpsiglen; + *siglen = data->mac_size; return ret; } @@ -646,8 +656,7 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags) if (!*pmeth) return 0; - switch (id) { - case NID_id_GostR3410_2001: + if (id == NID_id_GostR3410_2001) { EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256); EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign); @@ -663,8 +672,7 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags) pkey_gost_derive_init, pkey_gost_ec_derive); EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init, pkey_gost2001_paramgen); - break; - case NID_id_GostR3410_2012_256: + } else if (id == NID_gost2012_256) { EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ec_ctrl_str_256); EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign); @@ -681,8 +689,7 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags) EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init, pkey_gost2012_paramgen); - break; - case NID_id_GostR3410_2012_512: + } else if (id == NID_gost2012_512 ) { EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_ctrl, pkey_gost_ec_ctrl_str_512); EVP_PKEY_meth_set_sign(*pmeth, NULL, pkey_gost_ec_cp_sign); @@ -699,8 +706,7 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags) EVP_PKEY_meth_set_paramgen(*pmeth, pkey_gost_paramgen_init, pkey_gost2012_paramgen); - break; - case NID_id_Gost28147_89_MAC: + } else if (id == NID_id_Gost28147_89_MAC) { EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl, pkey_gost_mac_ctrl_str); EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init, @@ -709,8 +715,8 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags) EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init); EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup); EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy); - return 1; - case NID_gost_mac_12: + return 1; + } else if (id == NID_gost_mac_12) { EVP_PKEY_meth_set_ctrl(*pmeth, pkey_gost_mac_ctrl, pkey_gost_mac_ctrl_str); EVP_PKEY_meth_set_signctx(*pmeth, pkey_gost_mac_signctx_init, @@ -719,8 +725,9 @@ int register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags) EVP_PKEY_meth_set_init(*pmeth, pkey_gost_mac_init); EVP_PKEY_meth_set_cleanup(*pmeth, pkey_gost_mac_cleanup); EVP_PKEY_meth_set_copy(*pmeth, pkey_gost_mac_copy); - return 1; - default: /* Unsupported method */ + return 1; + } else { + /* Unsupported method */ return 0; } EVP_PKEY_meth_set_init(*pmeth, pkey_gost_init); diff --git a/mkobj.pl b/mkobj.pl new file mode 100644 index 0000000..b102234 --- /dev/null +++ b/mkobj.pl @@ -0,0 +1,49 @@ +#!/usr/bin/perl + +open F,"<","gost_obj.txt" or die "Cannot open gost_obj.txt:$!"; + +open H,">","newnids.h" or die "Cannot open newnids.h:$!"; +open C,">","newnids.c" or die "Cannot open newnids.c:$!"; + +print H < + +EOHH + +print C < +#include "gost_lcl.h" + +EOCH + +$defn = ""; + +while () { + chomp; + next if /^\s*#/; + s/^\s*//; + s/\s*#.*$//; + ($oid,$sn,$ln) = split(/\s*:\s*/); + die "Empty short name in line $." unless $sn; + $nid = "NID_" . $sn; + $nid =~ tr/-/_/; + + if (!$oid ) { + $oid = 'NULL'; + } else { + $oid = '"'.$oid.'"'; + } + $ln ||= $sn; + print H "#ifndef $nid\nextern int $nid;\n#endif\n"; + print C "#ifndef $nid\nint $nid = NID_undef;\n#endif\n"; + $defn .= "#ifndef $nid\n $nid = gost_add_obj($oid,\"$sn\",\"$ln\");\n if ($nid == NID_undef) return 0;\n#endif\n"; +} + print H "#endif\n"; + print C "\nint gost_define_nids()\n{\n$defn; return 1;\n}\n"; diff --git a/obj_create.c b/obj_create.c new file mode 100644 index 0000000..1f80238 --- /dev/null +++ b/obj_create.c @@ -0,0 +1,18 @@ +#include "gost_lcl.h" +#include +#include + +int gost_add_obj(const char *oid, const char *sn, const char *ln) +{ + int nid; + if (oid) { + nid = OBJ_txt2nid(oid); + } else { + nid = OBJ_txt2nid(sn); + } + if (nid != NID_undef) { + return nid; + } + return OBJ_create(oid,sn,ln); +} + diff --git a/test/00-engine.t b/test/00-engine.t new file mode 100644 index 0000000..35b5f92 --- /dev/null +++ b/test/00-engine.t @@ -0,0 +1,82 @@ +#!/usr/bin/perl +use Test::More tests => 5; +use Cwd 'abs_path'; + +# prepare data for + +open F,">","testdata.dat"; +print F "12345670" x 128; +close F; + +# Set OPENSSL_ENGINES environment variable to just build engine +$ENV{'OPENSSL_ENGINES'} = abs_path("../.libs"); + +$key='0123456789abcdef' x 2; + +# +# You can redefine engine to use using ENGINE_NAME environment variable +# +$engine=$ENV{'ENGINE_NAME'}||"gost"; + +# Reopen STDERR to eliminate extra output +open STDERR, ">>","tests.err"; + +if (exists $ENV{'OPENSSL_CONF'}) { + delete $ENV{'OPENSSL_CONF'} +} +# +# This test needs output of openssl engine -c command. +# Default one is hardcoded below, but you can place file +# ${ENGINE_NAME}.info into this directory if you use this test suite +# to test other engine implementing GOST cryptography. +# +if ( -f $engine . ".info") { + diag("Reading $engine.info"); + open F, "<", $engine . ".info"; + read F,$engine_info,1024; +} else { + +$engine_info= <","test.cnf"; +print F < 12; +use Cwd 'abs_path'; + +# prepare data for + +open F,">","testdata.dat"; +binmode F; +print F "12345670" x 128; +close F; +# Set OPENSSL_ENGINES environment variable to just build engine +$ENV{'OPENSSL_ENGINES'} = abs_path("../.libs"); +# Set engine name from environment to allow testing of different engines +$engine=$ENV{'ENGINE_NAME'}||"gost"; +# Reopen STDERR to eliminate extra output +open STDERR, ">>","tests.err"; + +is(`openssl dgst -engine ${engine} -md_gost94 testdata.dat`, +"md_gost94(testdata.dat)= f7fc6d16a6a5c12ac4f7d320e0fd0d8354908699125e09727a4ef929122b1cae\n", +"GOST R 34.11-94 1K ascii"); + +is(`openssl dgst -engine ${engine} -md_gost12_256 testdata.dat`, +"md_gost12_256(testdata.dat)= d38a79cb15db40651051ef6879881fe25d84cdbb23ecec9f56126f8803f5fc88\n", +"GOST R 34.11-2012 256bit 1K ascii"); + +is(`openssl dgst -engine ${engine} -md_gost12_512 testdata.dat`, +"md_gost12_512(testdata.dat)= ac48be903716d9b9701fd8cdd75417b9085b5b642191926afd92310e645c52d465e36bbd5ccb356c5b1b8020a868915d5d8cc18ed2c07c28d24ba914b867f144\n", +"GOST R 34.11-2012 512bit 1K ascii"); + +unlink("testdata.dat"); + +open F,">","testdata2.dat"; +binmode F; +print F "\x00\x01\x02\x15\x84\x67\x45\x31" x 128; +close F; + +is(`openssl dgst -engine ${engine} -md_gost94 testdata2.dat`, +"md_gost94(testdata2.dat)= 69f529aa82d9344ab0fa550cdf4a70ecfd92a38b5520b1906329763e09105196\n", +"GOST R 34.11-94 1K binary"); + +is(`openssl dgst -engine ${engine} -md_gost12_256 testdata2.dat`, +"md_gost12_256(testdata2.dat)= 88fb2a93873befc1712c96c6e151223b18798de4601448efe2836dbfa53a55f2\n", +"GOST R 34.11-2012 256bit 1K binary"); + +is(`openssl dgst -engine ${engine} -md_gost12_512 testdata2.dat`, +"md_gost12_512(testdata2.dat)= 559b71aaad8e0e749cbac47ff1eaa48471bafaf81e648b234c456e5d25538c32a61d04e3f5863301fdf1f289efc286cb1c317aba3e6425bece26e8cfe35a4074\n", +"GOST R 34.11-2012 512bit 1K binary"); + +unlink("testdata2.dat"); + +open F, ">","testdata3.dat"; +binmode F; +print F substr("12345670" x 128,0,539); +close F; + +is(`openssl dgst -engine ${engine} -md_gost94 testdata3.dat`, +"md_gost94(testdata3.dat)= bd5f1e4b539c7b00f0866afdbc8ed452503a18436061747a343f43efe888aac9\n", +"GOST R 34.11-94 539 bytes"); + +is(`openssl dgst -engine ${engine} -md_gost12_256 testdata3.dat`, +"md_gost12_256(testdata3.dat)= 3791fa0d152ee406be966c1ef2729ea1dcac370556971cfb08123100735d476c\n", +"GOST R 34.11-2012 256bit 539 bytes"); + +is(`openssl dgst -engine ${engine} -md_gost12_512 testdata3.dat`, +"md_gost12_512(testdata3.dat)= 62a09dfad97d84b2020a4ab464c878933210b6d23cbfe0c1d1e7fb9093e360fc052e30c5b7bc27ac7d207fcf51ab59058fb2474d08e664cd040c3b8d2d2f49d6\n", +"GOST R 34.11-2012 512bit 539 bytes"); + +unlink "testdata3.dat"; +open F , ">","bigdata.dat"; +binmode F; +print F ("121345678" x 7 . "1234567\n") x 4096,"12345\n"; +close F; + +is(`openssl dgst -engine ${engine} -md_gost94 bigdata.dat`, +"md_gost94(bigdata.dat)= e5d3ac4ea3f67896c51ff919cedb9405ad771e39f0f2eab103624f9a758e506f\n", +"GOST R 34.11-94 128K"); + +is(`openssl dgst -engine ${engine} -md_gost12_256 bigdata.dat`, +"md_gost12_256(bigdata.dat)= d50eeeff483f8b5f550d944decb60846f0a6b34f2f7d44a6f725af1578385d47\n", +"GOST R 34.11-2012 256bit 128K"); + +is(`openssl dgst -engine ${engine} -md_gost12_512 bigdata.dat`, +"md_gost12_512(bigdata.dat)= d57b8b8ea4061822b47df128fe92bd6db4fd6c8e3c537806ae1782ba67fab474c390b9564c3e4867562e0c3ad974d37d5fa6c5b5a3699e984b45845acbcf298a\n", +"GOST R 34.11-2012 512bit 128K"); + +unlink "bigdata.dat"; diff --git a/test/02-mac.t b/test/02-mac.t new file mode 100644 index 0000000..ddf8480 --- /dev/null +++ b/test/02-mac.t @@ -0,0 +1,45 @@ +#!/usr/bin/perl +use Test::More tests => 11; +use Cwd 'abs_path'; + +# prepare data for + +open F,">","testdata.dat"; +print F "12345670" x 128; +close F; + +open F,">","testbig.dat"; +print F "12345670" x 1024; +close F; +# Set OPENSSL_ENGINES environment variable to just build engine +$ENV{'OPENSSL_ENGINES'} = abs_path("../.libs"); + +$key='0123456789abcdef' x 2; + +$engine=$ENV{'ENGINE_NAME'}||"gost"; + +# Reopen STDERR to eliminate extra output +open STDERR, ">>","tests.err"; + +is(`openssl dgst -engine ${engine} -mac gost-mac -macopt key:${key} testdata.dat`, +"GOST-MAC-gost-mac(testdata.dat)= 2ee8d13d\n", +"GOST MAC - default size"); + +for ($i=1;$i<=8; $i++) { + is(`openssl dgst -engine ${engine} -mac gost-mac -macopt key:${key} -sigopt size:$i testdata.dat`, +"GOST-MAC-gost-mac(testdata.dat)= ".substr("2ee8d13dff7f037d",0,$i*2)."\n", +"GOST MAC - size $i bytes"); +} + + + +is(`openssl dgst -engine ${engine} -mac gost-mac -macopt key:${key} testbig.dat`, +"GOST-MAC-gost-mac(testbig.dat)= d3978b1a\n", +"GOST MAC - big data"); + +is(`openssl dgst -engine ${engine} -mac gost-mac-12 -macopt key:${key} testdata.dat`, +"GOST-MAC-12-gost-mac-12(testdata.dat)= be4453ec\n", +"GOST MAC - parameters 2012"); + +unlink('testdata.dat'); +unlink('testbig.dat'); diff --git a/test/03-encrypt.t b/test/03-encrypt.t new file mode 100644 index 0000000..6cb8b9b --- /dev/null +++ b/test/03-encrypt.t @@ -0,0 +1,159 @@ +#!/usr/bin/perl +use Test::More tests => 48; +use Cwd 'abs_path'; + +# +# If this variable is set, engine would be loaded via configuration +# file. Otherwise - via command line +# +$use_config = 1; + +# prepare data for + + +# Set OPENSSL_ENGINES environment variable to just build engine +$ENV{'OPENSSL_ENGINES'} = abs_path("../.libs"); + +$key='0123456789abcdef' x 2; + +# +# You can redefine engine to use using ENGINE_NAME environment variable +# +$engine=$ENV{'ENGINE_NAME'}||"gost"; + +# Reopen STDERR to eliminate extra output +open STDERR, ">>","tests.err"; + +our $count=0; + +# +# parameters -paramset = oid of the parameters +# -cleartext - data to encrypt +# -ciphertext - expected ciphertext (hex-encoded) +# -key - key (hex-encoded) +# -iv - IV (hex-encoded) +# + +open F,">","test.cnf"; +if (defined($use_config) && $use_config) { + $eng_param = ""; + open F,">","test.cnf"; + print F <", "test$count.clear"; + print $f $p{-cleartext}; + close $f; + + $ENV{'CRYPT_PARAMS'} = $p{-paramset} if exists $p{-paramset}; + my $ctext = `openssl enc ${eng_param} -e -$p{-alg} -K $p{-key} -iv $p{-iv} -in test$count.clear`; + is($?,0,"$p{-name} - encrypt successful"); + is(unpack("H*",$ctext),$p{-ciphertext},"$p{-name} - ciphertext expected"); + open my $f, ">", "test$count.enc"; + print $f $ctext; + close $f; + my $otext = `openssl enc ${eng_param} -d -$p{-alg} -K $p{-key} -iv $p{-iv} -in test$count.enc`; + is($?,0,"$p{-name} - decrypt successful"); + is($otext,$p{-cleartext},"$p{-name} - decrypted correctly"); + unlink "test$count.enc"; + unlink "test$count.clear"; + delete $ENV{'CRYPT_PARAMS'}; +} + +$key = '0123456789ABCDEF' x 4; +$iv = '0000000000000000'; +$clear1 = "The quick brown fox jumps over the lazy dog\n"; + +crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => '07f4102c6185c4a09e676e269bfa4bc9c5df6575916b879bd13a893a2285ee6690107cdeef7a315d2eb54bfa', + -alg => 'gost89', + -name=> 'CFB short text, paramset A'); + +crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => '11465c1c9708033e784fbb5536f2719c38353cb488b01f195c20d4c027022e8300d98bb66c138afbe878c88b', + -alg => 'gost89', + -name=> 'CFB short text, paramset B'); + +crypt_test(-paramset=> "1.2.643.2.2.31.3", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => '2f213b390c9b6ceb18de479686d23f4f03c76644a0aab8894b50b71a3bbb3c027ec4c2d569ba0e6a873bd46e', + -alg => 'gost89', + -name=> 'CFB short text, paramset C'); + +crypt_test(-paramset=> "1.2.643.2.2.31.4", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => 'e835f59a7fdfd84764efe1e987660327f5d0de187afea72f9cd040983a5e5bbeb4fe1aa5ff85d623ebc4d435', + -alg => 'gost89', + -name=> 'CFB short text, paramset D'); + + +crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => 'bcb821452e459f10f92019171e7c3b27b87f24b174306667f67704812c07b70b5e7420f74a9d54feb4897df8', + -alg => 'gost89-cnt', + -name=> 'CNT short text'); + +crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => 'bcb821452e459f10f92019171e7c3b27b87f24b174306667f67704812c07b70b5e7420f74a9d54feb4897df8', + -alg => 'gost89-cnt', + -name=> 'CNT short text, paramset param doesnt affect cnt'); + + +crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => 'cf3f5f713b3d10abd0c6f7bafb6aaffe13dfc12ef5c844f84873aeaaf6eb443a9747c9311b86f97ba3cdb5c4', + -alg => 'gost89-cnt-12', + -name=> 'CNT-12 short text'); + +crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => 'cf3f5f713b3d10abd0c6f7bafb6aaffe13dfc12ef5c844f84873aeaaf6eb443a9747c9311b86f97ba3cdb5c4', + -alg => 'gost89-cnt-12', + -name=> 'CNT-12 short text, paramset param doesnt affect cnt'); + + +crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => '3a3293e75089376572da44966cd1759c29d2f1e5e1c3fa9674909a63026da3dc51a4266bff37fb74a3a07155c9ca8fcf', + -alg => 'gost89-cbc', + -name=> 'CBC short text, paramset A'); + + +crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => '11465c1c9708033e784fbb5536f2719c38353cb488b01f195c20d4c027022e8300d98bb66c138afbe878c88b', + -alg => 'gost89', + -name=> 'CBC short text, paramset B'); + +crypt_test(-paramset=> "1.2.643.2.2.31.3", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => '987c0fb3d84530467a1973791e0a25e33c5d14591976f8c1573bdb9d056eb7b353f66fef3ffe2e3524583b3997123c8a', + -alg => 'gost89-cbc', + -name=> 'CBC short text, paramset C'); + +crypt_test(-paramset=> "1.2.643.2.2.31.4", -key => $key, -iv => $iv, + -cleartext => $clear1, + -ciphertext => 'e076b09822d4786a2863125d16594d765d8acd0f360e52df42e9d52c8e6c0e6595b5f6bbecb04a22c8ae5f4f87c1523b', + -alg => 'gost89-cbc', + -name=> 'CBC short text, paramset D'); + +unlink test.cnf; diff --git a/test/Makefile.am b/test/Makefile.am new file mode 100644 index 0000000..2a00f54 --- /dev/null +++ b/test/Makefile.am @@ -0,0 +1,4 @@ +PERL=@PERL@ + +test: + $(PERL) ./run_tests diff --git a/test/run_tests b/test/run_tests new file mode 100644 index 0000000..ad93e3f --- /dev/null +++ b/test/run_tests @@ -0,0 +1,5 @@ +#!/usr/bin/perl +use TAP::Harness; + +my $harness = TAP::Harness->new(); +$harness->runtests(glob("*.t"));