1#ifndef GOST_TOOLS_H 2#define GOST_TOOLS_H 3/********************************************************************** 4 * gost_lcl.h * 5 * Copyright (c) 2006 Cryptocom LTD * 6 * This file is distributed under the same license as OpenSSL * 7 * * 8 * Internal declarations used in GOST engine * 9 * OpenSSL 0.9.9 libraries required to compile and use * 10 * this code * 11 **********************************************************************/ 12#include <openssl/bn.h> 13#include <openssl/evp.h> 14#include <openssl/dsa.h> 15#include <openssl/asn1t.h> 16#include <openssl/x509.h> 17#include <openssl/engine.h> 18#include <openssl/ec.h> 19#include "gost89.h" 20#include "gosthash.h" 21/* Control commands */ 22#define GOST_PARAM_CRYPT_PARAMS 0 23#define GOST_PARAM_MAX 0 24#define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS) 25 26 extern const ENGINE_CMD_DEFN gost_cmds[]; 27 int gost_control_func(ENGINE *e,int cmd, long i, void *p, void (*f)(void)); 28 const char *get_gost_engine_param(int param); 29 int gost_set_default_param(int param, const char *value); 30 void gost_param_free(void); 31 32/* method registration */ 33 34 int register_ameth_gost (int nid, EVP_PKEY_ASN1_METHOD **ameth, const char* pemstr, const char* info); 35 int register_pmeth_gost (int id, EVP_PKEY_METHOD **pmeth, int flags); 36 37/* Gost-specific pmeth control-function parameters */ 38/* For GOST R34.10 parameters */ 39#define param_ctrl_string "paramset" 40#define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1) 41/* For GOST 28147 MAC */ 42#define key_ctrl_string "key" 43#define hexkey_ctrl_string "hexkey" 44#define EVP_PKEY_CTRL_GOST_MAC_HEXKEY (EVP_PKEY_ALG_CTRL+3) 45/* Pmeth internal representation */ 46 struct gost_pmeth_data { 47 int sign_param_nid; /* Should be set whenever parameters are filled */ 48 EVP_MD *md; 49 unsigned char *shared_ukm; 50 int peer_key_used; 51 }; 52 53 struct gost_mac_pmeth_data { 54 int key_set; 55 EVP_MD *md; 56 unsigned char key[32]; 57 } ; 58/* GOST-specific ASN1 structures */ 59 60 61typedef struct { 62 ASN1_OCTET_STRING *encrypted_key; 63 ASN1_OCTET_STRING *imit; 64} GOST_KEY_INFO; 65 66DECLARE_ASN1_FUNCTIONS(GOST_KEY_INFO) 67 68typedef struct { 69 ASN1_OBJECT *cipher; 70 X509_PUBKEY *ephem_key; 71 ASN1_OCTET_STRING *eph_iv; 72} GOST_KEY_AGREEMENT_INFO; 73 74DECLARE_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO) 75 76typedef struct { 77 GOST_KEY_INFO *key_info; 78 GOST_KEY_AGREEMENT_INFO *key_agreement_info; 79} GOST_KEY_TRANSPORT; 80 81DECLARE_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT) 82 83typedef struct { /* FIXME incomplete */ 84 GOST_KEY_TRANSPORT *gkt; 85} GOST_CLIENT_KEY_EXCHANGE_PARAMS; 86 87/* Hacks to shorten symbols to 31 characters or less, or OpenVMS. 88 This mimics what's done in symhacks.h, but since this is a very 89 local header file, I prefered to put this hack directly here. 90 -- Richard Levitte */ 91#ifdef OPENSSL_SYS_VMS 92#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_it 93#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_it GOST_CLIENT_KEY_EXC_PARAMS_it 94#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_new 95#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_new GOST_CLIENT_KEY_EXC_PARAMS_new 96#undef GOST_CLIENT_KEY_EXCHANGE_PARAMS_free 97#define GOST_CLIENT_KEY_EXCHANGE_PARAMS_free GOST_CLIENT_KEY_EXC_PARAMS_free 98#undef d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS 99#define d2i_GOST_CLIENT_KEY_EXCHANGE_PARAMS d2i_GOST_CLIENT_KEY_EXC_PARAMS 100#undef i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS 101#define i2d_GOST_CLIENT_KEY_EXCHANGE_PARAMS i2d_GOST_CLIENT_KEY_EXC_PARAMS 102#endif /* End of hack */ 103DECLARE_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS) 104typedef struct { 105 ASN1_OBJECT *key_params; 106 ASN1_OBJECT *hash_params; 107 ASN1_OBJECT *cipher_params; 108} GOST_KEY_PARAMS; 109 110DECLARE_ASN1_FUNCTIONS(GOST_KEY_PARAMS) 111 112typedef struct { 113 ASN1_OCTET_STRING *iv; 114 ASN1_OBJECT *enc_param_set; 115} GOST_CIPHER_PARAMS; 116 117DECLARE_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS) 118/*============== Message digest and cipher related structures ==========*/ 119 /* Structure used as EVP_MD_CTX-md_data. 120 * It allows to avoid storing in the md-data pointers to 121 * dynamically allocated memory. 122 * 123 * I cannot invent better way to avoid memory leaks, because 124 * openssl insist on invoking Init on Final-ed digests, and there 125 * is no reliable way to find out whether pointer in the passed 126 * md_data is valid or not. 127 * */ 128struct ossl_gost_digest_ctx { 129 gost_hash_ctx dctx; 130 gost_ctx cctx; 131}; 132/* EVP_MD structure for GOST R 34.11 */ 133extern EVP_MD digest_gost; 134/* EVP_MD structure for GOST 28147 in MAC mode */ 135extern EVP_MD imit_gost_cpa; 136/* Cipher context used for EVP_CIPHER operation */ 137struct ossl_gost_cipher_ctx { 138 int paramNID; 139 unsigned int count; 140 int key_meshing; 141 gost_ctx cctx; 142}; 143/* Structure to map parameter NID to S-block */ 144struct gost_cipher_info { 145 int nid; 146 gost_subst_block *sblock; 147 int key_meshing; 148}; 149/* Context for MAC */ 150struct ossl_gost_imit_ctx { 151 gost_ctx cctx; 152 unsigned char buffer[8]; 153 unsigned char partial_block[8]; 154 unsigned int count; 155 int key_meshing; 156 int bytes_left; 157 int key_set; 158}; 159/* Table which maps parameter NID to S-blocks */ 160extern struct gost_cipher_info gost_cipher_list[]; 161/* Find encryption params from ASN1_OBJECT */ 162const struct gost_cipher_info *get_encryption_params(ASN1_OBJECT *obj); 163/* Implementation of GOST 28147-89 cipher in CFB and CNT modes */ 164extern EVP_CIPHER cipher_gost; 165extern EVP_CIPHER cipher_gost_cpacnt; 166#define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3) 167#define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4) 168/* EVP_PKEY_METHOD key encryption callbacks */ 169/* From gost94_keyx.c */ 170int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len ); 171 172int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* in, size_t in_len ); 173/* From gost2001_keyx.c */ 174int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len ); 175 176int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* in, size_t in_len ); 177/* derive functions */ 178/* From gost2001_keyx.c */ 179int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 180/* From gost94_keyx.c */ 181int pkey_gost94_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 182/* Internal functions for signature algorithms */ 183int fill_GOST94_params(DSA *dsa,int nid); 184int fill_GOST2001_params(EC_KEY *eckey, int nid); 185int gost_sign_keygen(DSA *dsa) ; 186int gost2001_keygen(EC_KEY *ec) ; 187 188DSA_SIG *gost_do_sign(const unsigned char *dgst,int dlen, DSA *dsa) ; 189DSA_SIG *gost2001_do_sign(const unsigned char *dgst,int dlen, EC_KEY *eckey); 190 191int gost_do_verify(const unsigned char *dgst, int dgst_len, 192 DSA_SIG *sig, DSA *dsa) ; 193int gost2001_do_verify(const unsigned char *dgst,int dgst_len, 194 DSA_SIG *sig, EC_KEY *ec); 195int gost2001_compute_public(EC_KEY *ec) ; 196int gost94_compute_public(DSA *dsa) ; 197/*============== miscellaneous functions============================= */ 198/* from gost_sign.c */ 199/* Convert GOST R 34.11 hash sum to bignum according to standard */ 200BIGNUM *hashsum2bn(const unsigned char *dgst) ; 201/* Store bignum in byte array of given length, prepending by zeros 202 * if nesseccary */ 203int store_bignum(BIGNUM *bn, unsigned char *buf,int len); 204/* Read bignum, which can have few MSB all-zeros from buffer*/ 205BIGNUM *getbnfrombuf(const unsigned char *buf,size_t len); 206/* Pack GOST R 34.10 signature according to CryptoPro rules */ 207int pack_sign_cp(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen); 208/* Unpack GOST R 34.10 signature according to CryptoPro rules */ 209DSA_SIG *unpack_cp_signature(const unsigned char *sig,size_t siglen) ; 210/* from ameth.c */ 211/* Get private key as BIGNUM from both R 34.10-94 and R 34.10-2001 keys*/ 212/* Returns pointer into EVP_PKEY structure */ 213BIGNUM* gost_get0_priv_key(const EVP_PKEY *pkey) ; 214/* Find NID by GOST 94 parameters */ 215int gost94_nid_by_params(DSA *p) ; 216 217 218#endif 219