Initial GOST MAC support. Not fully working yet... (a4346646) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

engines/Makefile

+1 −0

Original line number	Diff line number	Diff line
		@@ -131,6 +131,7 @@ errors:
		$(PERL) ../util/mkerr.pl -conf e_$$l.ec \
		-nostatic -staticloader -write e_$$l.c; \
		done
		(cd ccgost; $(MAKE) PERL=$(PERL) errors)

		tests:

engines/ccgost/e_gost_err.c

+87 −80

Original line number	Diff line number	Diff line
		/* e_gost_err.c */
		/* ====================================================================
		* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
		* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
		*
		* Redistribution and use in source and binary forms, with or without
		* modification, are permitted provided that the following conditions
		@@ -103,7 +103,11 @@ static ERR_STRING_DATA GOST_str_functs[]=
		{ERR_FUNC(GOST_F_PKEY_GOST_CTRL), "PKEY_GOST_CTRL"},
		{ERR_FUNC(GOST_F_PKEY_GOST_CTRL01_STR), "PKEY_GOST_CTRL01_STR"},
		{ERR_FUNC(GOST_F_PKEY_GOST_CTRL94_STR), "PKEY_GOST_CTRL94_STR"},
		{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL), "PKEY_GOST_MAC_CTRL"},
		{ERR_FUNC(GOST_F_PKEY_GOST_MAC_CTRL_STR), "PKEY_GOST_MAC_CTRL_STR"},
		{ERR_FUNC(GOST_F_PKEY_GOST_MAC_KEYGEN), "PKEY_GOST_MAC_KEYGEN"},
		{ERR_FUNC(GOST_F_PRIV_DECODE_GOST_94), "PRIV_DECODE_GOST_94"},
		{ERR_FUNC(GOST_F_PRIV_DECODE_MAC), "PRIV_DECODE_MAC"},
		{ERR_FUNC(GOST_F_PUB_DECODE_GOST01), "PUB_DECODE_GOST01"},
		{ERR_FUNC(GOST_F_PUB_DECODE_GOST94), "PUB_DECODE_GOST94"},
		{ERR_FUNC(GOST_F_PUB_ENCODE_GOST01), "PUB_ENCODE_GOST01"},
		@@ -118,6 +122,7 @@ static ERR_STRING_DATA GOST_str_reasons[]=
		{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"},
		{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"},
		{ERR_REASON(GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT),"ctx not initialized for encrypt"},
		{ERR_REASON(GOST_R_DECODE_ERROR) ,"decode error"},
		{ERR_REASON(GOST_R_ERROR_COMPUTING_MAC) ,"error computing mac"},
		{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"},
		{ERR_REASON(GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO),"error packing key transport info"},
		@@ -132,10 +137,12 @@ static ERR_STRING_DATA GOST_str_reasons[]=
		{ERR_REASON(GOST_R_INVALID_ENCRYPTED_KEY_SIZE),"invalid encrypted key size"},
		{ERR_REASON(GOST_R_INVALID_GOST94_PARMSET),"invalid gost94 parmset"},
		{ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"},
		{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"},
		{ERR_REASON(GOST_R_INVALID_PARAMSET) ,"invalid paramset"},
		{ERR_REASON(GOST_R_KEY_IS_NOT_INITALIZED),"key is not initalized"},
		{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"},
		{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"},
		{ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"},
		{ERR_REASON(GOST_R_MALLOC_FAILURE) ,"malloc failure"},
		{ERR_REASON(GOST_R_NOT_ENOUGH_SPACE_FOR_KEY),"not enough space for key"},
		{ERR_REASON(GOST_R_NO_MEMORY) ,"no memory"},

engines/ccgost/e_gost_err.h

+7 −0

Original line number	Diff line number	Diff line
		@@ -100,7 +100,11 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
		#define GOST_F_PKEY_GOST_CTRL 114
		#define GOST_F_PKEY_GOST_CTRL01_STR 115
		#define GOST_F_PKEY_GOST_CTRL94_STR 116
		#define GOST_F_PKEY_GOST_MAC_CTRL 138
		#define GOST_F_PKEY_GOST_MAC_CTRL_STR 139
		#define GOST_F_PKEY_GOST_MAC_KEYGEN 140
		#define GOST_F_PRIV_DECODE_GOST_94 117
		#define GOST_F_PRIV_DECODE_MAC 141
		#define GOST_F_PUB_DECODE_GOST01 136
		#define GOST_F_PUB_DECODE_GOST94 134
		#define GOST_F_PUB_ENCODE_GOST01 135
		@@ -112,6 +116,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
		#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 129
		#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 114
		#define GOST_R_CTX_NOT_INITIALIZED_FOR_ENCRYPT 115
		#define GOST_R_DECODE_ERROR 134
		#define GOST_R_ERROR_COMPUTING_MAC 116
		#define GOST_R_ERROR_COMPUTING_SHARED_KEY 117
		#define GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO 118
		@@ -126,10 +131,12 @@ void ERR_GOST_error(int function, int reason, char *file, int line);
		#define GOST_R_INVALID_ENCRYPTED_KEY_SIZE 123
		#define GOST_R_INVALID_GOST94_PARMSET 127
		#define GOST_R_INVALID_IV_LENGTH 102
		#define GOST_R_INVALID_MAC_KEY_LENGTH 135
		#define GOST_R_INVALID_PARAMSET 103
		#define GOST_R_KEY_IS_NOT_INITALIZED 104
		#define GOST_R_KEY_IS_NOT_INITIALIZED 105
		#define GOST_R_KEY_PARAMETERS_MISSING 131
		#define GOST_R_MAC_KEY_NOT_SET 136
		#define GOST_R_MALLOC_FAILURE 124
		#define GOST_R_NOT_ENOUGH_SPACE_FOR_KEY 125
		#define GOST_R_NO_MEMORY 106

engines/ccgost/gost_ameth.c

+80 −0

Original line number	Diff line number	Diff line
		@@ -9,6 +9,7 @@
		**********************************************************************/
		#include <openssl/engine.h>
		#include <openssl/evp.h>
		#include <openssl/asn1.h>
		#include <string.h>
		#include "gost_params.h"
		#include "gost_lcl.h"
		@@ -706,7 +707,80 @@ static int pkey_bits_gost(const EVP_PKEY *pk)
		{
		return 256;
		}
		/------------------------ ASN1 METHOD for GOST MAC -------------------/
		static void mackey_free_gost(EVP_PKEY *pk)
		{
		if (pk->pkey.ptr) {
		OPENSSL_free(pk->pkey.ptr);
		}
		}
		static int priv_decode_mac(EVP_PKEY pk, PKCS8_PRIV_KEY_INFO p8inf)
		{
		X509_ALGOR *palg = NULL;
		int priv_len = 0;
		ASN1_OBJECT *palg_obj = NULL;
		ASN1_OCTET_STRING *s=NULL;
		const unsigned char pkey_buf = NULL, p = NULL;
		unsigned char *keybuf=NULL;
		if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf))
		{
		return 0;
		}
		p = pkey_buf;
		if (V_ASN1_OCTET_STRING != *p)
		{
		GOSTerr(GOST_F_PRIV_DECODE_MAC,
		GOST_R_DECODE_ERROR);
		return 0;
		}
		s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len);
		if (!s \|\| s->length!=32)
		{
		GOSTerr(GOST_F_PRIV_DECODE_MAC,
		GOST_R_DECODE_ERROR);
		return 0;
		}
		keybuf = OPENSSL_malloc(32);
		memcpy(keybuf,s->data,32);
		EVP_PKEY_assign(pk,EVP_PKEY_base_id(pk),keybuf);
		ASN1_STRING_free(s);
		return 1;
		}

		static int priv_encode_mac(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY pk)
		{
		ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
		ASN1_STRING *key = ASN1_STRING_new();
		unsigned char priv_buf=NULL, data = EVP_PKEY_get0((EVP_PKEY *)pk);
		int priv_len;

		ASN1_STRING_set(key, data, 32);
		priv_len = i2d_ASN1_OCTET_STRING(key,&priv_buf);
		ASN1_STRING_free(key);
		return PKCS8_pkey_set0(p8,algobj,0,V_ASN1_NULL,NULL,priv_buf,priv_len);
		}

		static int priv_print_mac(BIO out,const EVP_PKEY pkey, int indent,
		ASN1_PCTX *pctx)
		{
		unsigned char data = EVP_PKEY_get0((EVP_PKEY )pkey);
		int i;
		if (!BIO_indent(out, indent,128)) return 0;
		for (i=0; i<32;i++) {
		BIO_printf(out,"%02x",data[i]);
		}
		return 1;
		}
		static int mac_ctrl_gost(EVP_PKEY pkey, int op, long arg1, void arg2)
		{
		switch (op)
		{
		case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
		(int )arg2 = NID_id_Gost28147_89_MAC;
		return 2;
		}
		return -2;
		}
		/* ----------------------------------------------------------------------*/
		int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD *ameth, const char pemstr, const char* info)
		{
		@@ -749,6 +823,12 @@ int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD *ameth, const char pems

		EVP_PKEY_asn1_set_ctrl (*ameth, pkey_ctrl_gost);
		break;
		case NID_id_Gost28147_89_MAC:
		EVP_PKEY_asn1_set_free(*ameth, mackey_free_gost);
		EVP_PKEY_asn1_set_private(*ameth, priv_decode_mac,
		priv_encode_mac, priv_print_mac);
		EVP_PKEY_asn1_set_ctrl(*ameth,mac_ctrl_gost);
		break;
		}
		return 1;
		}

engines/ccgost/gost_crypt.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -551,7 +551,9 @@ int gost_imit_init_vizir(EVP_MD_CTX *ctx)
		int gost_imit_init_cpa(EVP_MD_CTX *ctx)
		{
		struct ossl_gost_imit_ctx *c = ctx->md_data;
		memset(c,0,sizeof(struct ossl_gost_imit_ctx));
		memset(c->buffer,0,16);
		c->count = 0;
		c->bytes_left=0;
		c->key_meshing=1;
		gost_init(&(c->cctx),&Gost28147_CryptoProParamSetA);
		return 1;