1238384Sjkim#ifndef GOST_TOOLS_H
2280304Sjkim# define GOST_TOOLS_H
3238384Sjkim/**********************************************************************
4238384Sjkim *                        gost_lcl.h                                  *
5238384Sjkim *             Copyright (c) 2006 Cryptocom LTD                       *
6238384Sjkim *       This file is distributed under the same license as OpenSSL   *
7238384Sjkim *                                                                    *
8238384Sjkim *         Internal declarations  used in GOST engine                *
9238384Sjkim *         OpenSSL 0.9.9 libraries required to compile and use        *
10238384Sjkim *                              this code                             *
11280304Sjkim **********************************************************************/
12280304Sjkim# include <openssl/bn.h>
13280304Sjkim# include <openssl/evp.h>
14280304Sjkim# include <openssl/dsa.h>
15280304Sjkim# include <openssl/asn1t.h>
16280304Sjkim# include <openssl/x509.h>
17280304Sjkim# include <openssl/engine.h>
18280304Sjkim# include <openssl/ec.h>
19280304Sjkim# include "gost89.h"
20280304Sjkim# include "gosthash.h"
21238384Sjkim/* Control commands */
22280304Sjkim# define GOST_PARAM_CRYPT_PARAMS 0
23280304Sjkim# define GOST_PARAM_MAX 0
24280304Sjkim# define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS)
25238384Sjkim
26280304Sjkimextern const ENGINE_CMD_DEFN gost_cmds[];
27280304Sjkimint gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
28280304Sjkimconst char *get_gost_engine_param(int param);
29280304Sjkimint gost_set_default_param(int param, const char *value);
30280304Sjkimvoid gost_param_free(void);
31238384Sjkim
32238384Sjkim/* method registration */
33238384Sjkim
34280304Sjkimint register_ameth_gost(int nid, EVP_PKEY_ASN1_METHOD **ameth,
35280304Sjkim                        const char *pemstr, const char *info);
36280304Sjkimint register_pmeth_gost(int id, EVP_PKEY_METHOD **pmeth, int flags);
37238384Sjkim
38238384Sjkim/* Gost-specific pmeth control-function parameters */
39238384Sjkim/* For GOST R34.10 parameters */
40280304Sjkim# define param_ctrl_string "paramset"
41280304Sjkim# define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1)
42238384Sjkim/* For GOST 28147 MAC */
43280304Sjkim# define key_ctrl_string "key"
44280304Sjkim# define hexkey_ctrl_string "hexkey"
45280304Sjkim# define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3)
46238384Sjkim/* Pmeth internal representation */
47280304Sjkimstruct gost_pmeth_data {
48280304Sjkim    int sign_param_nid;         /* Should be set whenever parameters are
49280304Sjkim                                 * filled */
50280304Sjkim    EVP_MD *md;
51280304Sjkim    unsigned char *shared_ukm;
52280304Sjkim    int peer_key_used;
53280304Sjkim};
54238384Sjkim
55280304Sjkimstruct gost_mac_pmeth_data {
56280304Sjkim    int key_set;
57280304Sjkim    EVP_MD *md;
58280304Sjkim    unsigned char key[32];
59280304Sjkim};
60238384Sjkim/* GOST-specific ASN1 structures */
61238384Sjkim
62238384Sjkimtypedef struct {
63280304Sjkim    ASN1_OCTET_STRING *encrypted_key;
64280304Sjkim    ASN1_OCTET_STRING *imit;
65238384Sjkim} GOST_KEY_INFO;
66238384Sjkim
67238384SjkimDECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO)
68238384Sjkim
69238384Sjkimtypedef struct {
70280304Sjkim    ASN1_OBJECT *cipher;
71280304Sjkim    X509_PUBKEY *ephem_key;
72280304Sjkim    ASN1_OCTET_STRING *eph_iv;
73238384Sjkim} GOST_KEY_AGREEMENT_INFO;
74238384Sjkim
75238384SjkimDECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO)
76280304Sjkim
77238384Sjkimtypedef struct {
78280304Sjkim    GOST_KEY_INFO *key_info;
79280304Sjkim    GOST_KEY_AGREEMENT_INFO *key_agreement_info;
80238384Sjkim} GOST_KEY_TRANSPORT;
81238384Sjkim
82238384SjkimDECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT)
83238384Sjkim
84280304Sjkimtypedef struct {                /* FIXME incomplete */
85280304Sjkim    GOST_KEY_TRANSPORT *gkt;
86238384Sjkim} GOST_CLIENT_KEY_EXCHANGE_PARAMS;
87238384Sjkim
88280304Sjkim/*
89280304Sjkim * Hacks to shorten symbols to 31 characters or less, or OpenVMS. This mimics
90280304Sjkim * what's done in symhacks.h, but since this is a very local header file, I
91280304Sjkim * prefered to put this hack directly here. -- Richard Levitte
92280304Sjkim */
93280304Sjkim# ifdef OPENSSL_SYS_VMS
94280304Sjkim#  undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_it
95280304Sjkim#  define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it      GOST_CLIENT_KEY_EXC_PARAMS_it
96280304Sjkim#  undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_new
97280304Sjkim#  define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new     GOST_CLIENT_KEY_EXC_PARAMS_new
98280304Sjkim#  undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_free
99280304Sjkim#  define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free    GOST_CLIENT_KEY_EXC_PARAMS_free
100280304Sjkim#  undef d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS
101280304Sjkim#  define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS     d2i_GOST_CLIENT_KEY_EXC_PARAMS
102280304Sjkim#  undef i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS
103280304Sjkim#  define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS     i2d_GOST_CLIENT_KEY_EXC_PARAMS
104280304Sjkim# endif                         /* End of hack */
105238384SjkimDECLARE_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS)
106238384Sjkimtypedef struct {
107280304Sjkim    ASN1_OBJECT *key_params;
108280304Sjkim    ASN1_OBJECT *hash_params;
109280304Sjkim    ASN1_OBJECT *cipher_params;
110238384Sjkim} GOST_KEY_PARAMS;
111238384Sjkim
112238384SjkimDECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS)
113238384Sjkim
114238384Sjkimtypedef struct {
115280304Sjkim    ASN1_OCTET_STRING *iv;
116280304Sjkim    ASN1_OBJECT *enc_param_set;
117280304Sjkim} GOST_CIPHER_PARAMS;
118238384Sjkim
119238384SjkimDECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS)
120238384Sjkim/*============== Message digest  and cipher related structures  ==========*/
121280304Sjkim         /*
122280304Sjkim          * Structure used as EVP_MD_CTX-md_data. It allows to avoid storing
123280304Sjkim          * in the md-data pointers to dynamically allocated memory. I
124280304Sjkim          * cannot invent better way to avoid memory leaks, because openssl
125280304Sjkim          * insist on invoking Init on Final-ed digests, and there is no
126280304Sjkim          * reliable way to find out whether pointer in the passed md_data is
127280304Sjkim          * valid or not.
128280304Sjkim          */
129238384Sjkimstruct ossl_gost_digest_ctx {
130280304Sjkim    gost_hash_ctx dctx;
131280304Sjkim    gost_ctx cctx;
132280304Sjkim};
133238384Sjkim/* EVP_MD structure for GOST R 34.11 */
134238384Sjkimextern EVP_MD digest_gost;
135238384Sjkim/* EVP_MD structure for GOST 28147 in MAC mode */
136238384Sjkimextern EVP_MD imit_gost_cpa;
137238384Sjkim/* Cipher context used for EVP_CIPHER operation */
138238384Sjkimstruct ossl_gost_cipher_ctx {
139280304Sjkim    int paramNID;
140280304Sjkim    unsigned int count;
141280304Sjkim    int key_meshing;
142280304Sjkim    gost_ctx cctx;
143280304Sjkim};
144238384Sjkim/* Structure to map parameter NID to S-block */
145238384Sjkimstruct gost_cipher_info {
146280304Sjkim    int nid;
147280304Sjkim    gost_subst_block *sblock;
148280304Sjkim    int key_meshing;
149238384Sjkim};
150238384Sjkim/* Context for MAC */
151238384Sjkimstruct ossl_gost_imit_ctx {
152280304Sjkim    gost_ctx cctx;
153280304Sjkim    unsigned char buffer[8];
154280304Sjkim    unsigned char partial_block[8];
155280304Sjkim    unsigned int count;
156280304Sjkim    int key_meshing;
157280304Sjkim    int bytes_left;
158280304Sjkim    int key_set;
159280304Sjkim};
160238384Sjkim/* Table which maps parameter NID to S-blocks */
161238384Sjkimextern struct gost_cipher_info gost_cipher_list[];
162238384Sjkim/* Find encryption params from ASN1_OBJECT */
163238384Sjkimconst struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj);
164238384Sjkim/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */
165238384Sjkimextern EVP_CIPHER cipher_gost;
166238384Sjkimextern EVP_CIPHER cipher_gost_cpacnt;
167280304Sjkim# define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
168280304Sjkim# define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
169238384Sjkim/* EVP_PKEY_METHOD key encryption callbacks */
170238384Sjkim/* From gost94_keyx.c */
171280304Sjkimint pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
172280304Sjkim                          size_t *outlen, const unsigned char *key,
173280304Sjkim                          size_t key_len);
174238384Sjkim
175280304Sjkimint pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
176280304Sjkim                          size_t *outlen, const unsigned char *in,
177280304Sjkim                          size_t in_len);
178238384Sjkim/* From gost2001_keyx.c */
179280304Sjkimint pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
180280304Sjkim                          size_t *outlen, const unsigned char *key,
181280304Sjkim                          size_t key_len);
182238384Sjkim
183280304Sjkimint pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
184280304Sjkim                          size_t *outlen, const unsigned char *in,
185280304Sjkim                          size_t in_len);
186238384Sjkim/* derive functions */
187238384Sjkim/* From gost2001_keyx.c */
188280304Sjkimint pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
189280304Sjkim                         size_t *keylen);
190238384Sjkim/* From gost94_keyx.c */
191238384Sjkimint pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
192238384Sjkim/* Internal functions for signature algorithms */
193280304Sjkimint fill_GOST94_params(DSA *dsa, int nid);
194238384Sjkimint fill_GOST2001_params(EC_KEY *eckey, int nid);
195280304Sjkimint gost_sign_keygen(DSA *dsa);
196280304Sjkimint gost2001_keygen(EC_KEY *ec);
197238384Sjkim
198280304SjkimDSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
199280304SjkimDSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey);
200238384Sjkim
201238384Sjkimint gost_do_verify(const unsigned char *dgst, int dgst_len,
202280304Sjkim                   DSA_SIG *sig, DSA *dsa);
203280304Sjkimint gost2001_do_verify(const unsigned char *dgst, int dgst_len,
204280304Sjkim                       DSA_SIG *sig, EC_KEY *ec);
205280304Sjkimint gost2001_compute_public(EC_KEY *ec);
206280304Sjkimint gost94_compute_public(DSA *dsa);
207238384Sjkim/*============== miscellaneous functions============================= */
208238384Sjkim/* from gost_sign.c */
209238384Sjkim/* Convert GOST R 34.11 hash sum to bignum according to standard */
210280304SjkimBIGNUM *hashsum2bn(const unsigned char *dgst);
211280304Sjkim/*
212280304Sjkim * Store bignum in byte array of given length, prepending by zeros if
213280304Sjkim * nesseccary
214280304Sjkim */
215280304Sjkimint store_bignum(BIGNUM *bn, unsigned char *buf, int len);
216280304Sjkim/* Read bignum, which can have few MSB all-zeros    from buffer*/
217280304SjkimBIGNUM *getbnfrombuf(const unsigned char *buf, size_t len);
218238384Sjkim/* Pack GOST R 34.10 signature according to CryptoPro rules */
219280304Sjkimint pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen);
220238384Sjkim/* Unpack GOST R 34.10 signature according to CryptoPro rules */
221280304SjkimDSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen);
222238384Sjkim/* from ameth.c */
223238384Sjkim/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001  keys*/
224238384Sjkim/* Returns pointer into EVP_PKEY structure */
225280304SjkimBIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey);
226238384Sjkim/* Find NID by GOST 94 parameters */
227280304Sjkimint gost94_nid_by_params(DSA *p);
228238384Sjkim
229238384Sjkim#endif
230