2006-09-17 13:00:18 +00:00
|
|
|
/**********************************************************************
|
2006-09-21 13:04:43 +00:00
|
|
|
* gost_eng.c *
|
2006-09-17 13:00:18 +00:00
|
|
|
* Copyright (c) 2005-2006 Cryptocom LTD *
|
|
|
|
* This file is distributed under the same license as OpenSSL *
|
|
|
|
* *
|
|
|
|
* Main file of GOST engine *
|
|
|
|
* for OpenSSL *
|
|
|
|
* Requires OpenSSL 0.9.9 for compilation *
|
|
|
|
**********************************************************************/
|
|
|
|
#include <string.h>
|
2008-03-16 21:05:46 +00:00
|
|
|
#include <openssl/crypto.h>
|
|
|
|
#include <openssl/err.h>
|
2006-09-17 13:00:18 +00:00
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/engine.h>
|
|
|
|
#include <openssl/obj_mac.h>
|
|
|
|
#include "e_gost_err.h"
|
2006-09-21 13:04:43 +00:00
|
|
|
#include "gost_lcl.h"
|
2006-09-17 13:00:18 +00:00
|
|
|
static const char *engine_gost_id = "gost";
|
2015-01-22 03:29:12 +00:00
|
|
|
static const char *engine_gost_name =
|
|
|
|
"Reference implementation of GOST engine";
|
2006-09-17 13:00:18 +00:00
|
|
|
|
|
|
|
/* Symmetric cipher and digest function registrar */
|
|
|
|
|
|
|
|
static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
|
2015-01-22 03:29:12 +00:00
|
|
|
const int **nids, int nid);
|
2006-09-17 13:00:18 +00:00
|
|
|
|
|
|
|
static int gost_digests(ENGINE *e, const EVP_MD **digest,
|
2015-01-22 03:29:12 +00:00
|
|
|
const int **nids, int ind);
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
|
|
|
|
const int **nids, int nid);
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
|
|
|
|
const int **nids, int nid);
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 };
|
2006-09-17 13:00:18 +00:00
|
|
|
|
|
|
|
static int gost_digest_nids[] =
|
2015-01-22 03:29:12 +00:00
|
|
|
{ NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 };
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
static int gost_pkey_meth_nids[] = { NID_id_GostR3410_94,
|
|
|
|
NID_id_GostR3410_2001, NID_id_Gost28147_89_MAC, 0
|
|
|
|
};
|
2006-09-17 13:00:18 +00:00
|
|
|
|
1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
|
|
|
static EVP_PKEY_METHOD *pmeth_GostR3410_94 = NULL,
|
2015-01-22 03:29:12 +00:00
|
|
|
*pmeth_GostR3410_2001 = NULL, *pmeth_Gost28147_MAC = NULL;
|
2006-09-17 13:00:18 +00:00
|
|
|
|
1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
|
|
|
static EVP_PKEY_ASN1_METHOD *ameth_GostR3410_94 = NULL,
|
2015-01-22 03:29:12 +00:00
|
|
|
*ameth_GostR3410_2001 = NULL, *ameth_Gost28147_MAC = NULL;
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2006-09-21 13:04:43 +00:00
|
|
|
static int gost_engine_init(ENGINE *e)
|
2015-01-22 03:29:12 +00:00
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
2006-09-21 13:04:43 +00:00
|
|
|
|
|
|
|
static int gost_engine_finish(ENGINE *e)
|
2015-01-22 03:29:12 +00:00
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2006-09-21 13:04:43 +00:00
|
|
|
static int gost_engine_destroy(ENGINE *e)
|
2015-01-22 03:29:12 +00:00
|
|
|
{
|
|
|
|
gost_param_free();
|
2012-09-01 11:30:35 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
pmeth_GostR3410_94 = NULL;
|
|
|
|
pmeth_GostR3410_2001 = NULL;
|
|
|
|
pmeth_Gost28147_MAC = NULL;
|
|
|
|
ameth_GostR3410_94 = NULL;
|
|
|
|
ameth_GostR3410_2001 = NULL;
|
|
|
|
ameth_Gost28147_MAC = NULL;
|
|
|
|
return 1;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
static int bind_gost(ENGINE *e, const char *id)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
if (id && strcmp(id, engine_gost_id))
|
|
|
|
return 0;
|
2015-02-12 12:16:20 +00:00
|
|
|
if (ameth_GostR3410_94) {
|
|
|
|
printf("GOST engine already loaded\n");
|
|
|
|
goto end;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
if (!ENGINE_set_id(e, engine_gost_id)) {
|
|
|
|
printf("ENGINE_set_id failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if (!ENGINE_set_name(e, engine_gost_name)) {
|
|
|
|
printf("ENGINE_set_name failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if (!ENGINE_set_digests(e, gost_digests)) {
|
|
|
|
printf("ENGINE_set_digests failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if (!ENGINE_set_ciphers(e, gost_ciphers)) {
|
|
|
|
printf("ENGINE_set_ciphers failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if (!ENGINE_set_pkey_meths(e, gost_pkey_meths)) {
|
|
|
|
printf("ENGINE_set_pkey_meths failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if (!ENGINE_set_pkey_asn1_meths(e, gost_pkey_asn1_meths)) {
|
|
|
|
printf("ENGINE_set_pkey_asn1_meths failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
/* Control function and commands */
|
|
|
|
if (!ENGINE_set_cmd_defns(e, gost_cmds)) {
|
|
|
|
fprintf(stderr, "ENGINE_set_cmd_defns failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if (!ENGINE_set_ctrl_function(e, gost_control_func)) {
|
|
|
|
fprintf(stderr, "ENGINE_set_ctrl_func failed\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if (!ENGINE_set_destroy_function(e, gost_engine_destroy)
|
|
|
|
|| !ENGINE_set_init_function(e, gost_engine_init)
|
|
|
|
|| !ENGINE_set_finish_function(e, gost_engine_finish)) {
|
|
|
|
goto end;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
if (!register_ameth_gost
|
|
|
|
(NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94",
|
|
|
|
"GOST R 34.10-94"))
|
|
|
|
goto end;
|
|
|
|
if (!register_ameth_gost
|
|
|
|
(NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001",
|
|
|
|
"GOST R 34.10-2001"))
|
|
|
|
goto end;
|
|
|
|
if (!register_ameth_gost(NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC,
|
|
|
|
"GOST-MAC", "GOST 28147-89 MAC"))
|
|
|
|
goto end;
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
if (!register_pmeth_gost(NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
|
|
|
|
goto end;
|
|
|
|
if (!register_pmeth_gost(NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
|
|
|
|
goto end;
|
|
|
|
if (!register_pmeth_gost
|
|
|
|
(NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
|
|
|
|
goto end;
|
|
|
|
if (!ENGINE_register_ciphers(e)
|
|
|
|
|| !ENGINE_register_digests(e)
|
|
|
|
|| !ENGINE_register_pkey_meths(e)
|
|
|
|
/* These two actually should go in LIST_ADD command */
|
|
|
|
|| !EVP_add_cipher(&cipher_gost)
|
|
|
|
|| !EVP_add_cipher(&cipher_gost_cpacnt)
|
|
|
|
|| !EVP_add_digest(&digest_gost)
|
|
|
|
|| !EVP_add_digest(&imit_gost_cpa)
|
|
|
|
) {
|
|
|
|
goto end;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
ERR_load_GOST_strings();
|
|
|
|
ret = 1;
|
|
|
|
end:
|
|
|
|
return ret;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2006-12-22 09:21:29 +00:00
|
|
|
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
|
2006-09-21 13:24:46 +00:00
|
|
|
IMPLEMENT_DYNAMIC_BIND_FN(bind_gost)
|
2015-01-22 03:29:12 +00:00
|
|
|
IMPLEMENT_DYNAMIC_CHECK_FN()
|
|
|
|
#endif /* ndef OPENSSL_NO_DYNAMIC_ENGINE */
|
2006-09-17 13:00:18 +00:00
|
|
|
static int gost_digests(ENGINE *e, const EVP_MD **digest,
|
2015-01-22 03:29:12 +00:00
|
|
|
const int **nids, int nid)
|
|
|
|
{
|
|
|
|
int ok = 1;
|
|
|
|
if (!digest) {
|
|
|
|
*nids = gost_digest_nids;
|
|
|
|
return 2;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* printf("Digest no %d requested\n",nid);
|
|
|
|
*/
|
|
|
|
if (nid == NID_id_GostR3411_94) {
|
|
|
|
*digest = &digest_gost;
|
|
|
|
} else if (nid == NID_id_Gost28147_89_MAC) {
|
|
|
|
*digest = &imit_gost_cpa;
|
|
|
|
} else {
|
|
|
|
ok = 0;
|
|
|
|
*digest = NULL;
|
|
|
|
}
|
|
|
|
return ok;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int gost_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
|
|
|
|
const int **nids, int nid)
|
|
|
|
{
|
|
|
|
int ok = 1;
|
|
|
|
if (!cipher) {
|
|
|
|
*nids = gost_cipher_nids;
|
|
|
|
return 2; /* two ciphers are supported */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nid == NID_id_Gost28147_89) {
|
|
|
|
*cipher = &cipher_gost;
|
|
|
|
} else if (nid == NID_gost89_cnt) {
|
|
|
|
*cipher = &cipher_gost_cpacnt;
|
|
|
|
} else {
|
|
|
|
ok = 0;
|
|
|
|
*cipher = NULL;
|
|
|
|
}
|
|
|
|
return ok;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
static int gost_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
|
|
|
|
const int **nids, int nid)
|
|
|
|
{
|
|
|
|
if (!pmeth) {
|
|
|
|
*nids = gost_pkey_meth_nids;
|
|
|
|
return 3;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
switch (nid) {
|
|
|
|
case NID_id_GostR3410_94:
|
|
|
|
*pmeth = pmeth_GostR3410_94;
|
|
|
|
return 1;
|
|
|
|
case NID_id_GostR3410_2001:
|
|
|
|
*pmeth = pmeth_GostR3410_2001;
|
|
|
|
return 1;
|
|
|
|
case NID_id_Gost28147_89_MAC:
|
|
|
|
*pmeth = pmeth_Gost28147_MAC;
|
|
|
|
return 1;
|
|
|
|
default:;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
*pmeth = NULL;
|
|
|
|
return 0;
|
|
|
|
}
|
2006-09-17 13:00:18 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth,
|
|
|
|
const int **nids, int nid)
|
|
|
|
{
|
|
|
|
if (!ameth) {
|
|
|
|
*nids = gost_pkey_meth_nids;
|
|
|
|
return 3;
|
|
|
|
}
|
|
|
|
switch (nid) {
|
|
|
|
case NID_id_GostR3410_94:
|
|
|
|
*ameth = ameth_GostR3410_94;
|
|
|
|
return 1;
|
|
|
|
case NID_id_GostR3410_2001:
|
|
|
|
*ameth = ameth_GostR3410_2001;
|
|
|
|
return 1;
|
|
|
|
case NID_id_Gost28147_89_MAC:
|
|
|
|
*ameth = ameth_Gost28147_MAC;
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
default:;
|
|
|
|
}
|
|
|
|
|
|
|
|
*ameth = NULL;
|
|
|
|
return 0;
|
|
|
|
}
|
2006-09-21 13:04:43 +00:00
|
|
|
|
|
|
|
#ifdef OPENSSL_NO_DYNAMIC_ENGINE
|
|
|
|
static ENGINE *engine_gost(void)
|
2015-01-22 03:29:12 +00:00
|
|
|
{
|
|
|
|
ENGINE *ret = ENGINE_new();
|
|
|
|
if (!ret)
|
|
|
|
return NULL;
|
|
|
|
if (!bind_gost(ret, engine_gost_id)) {
|
|
|
|
ENGINE_free(ret);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
2006-09-21 13:04:43 +00:00
|
|
|
|
2015-01-22 03:29:12 +00:00
|
|
|
void ENGINE_load_gost(void)
|
|
|
|
{
|
|
|
|
ENGINE *toadd;
|
|
|
|
if (pmeth_GostR3410_94)
|
|
|
|
return;
|
|
|
|
toadd = engine_gost();
|
|
|
|
if (!toadd)
|
|
|
|
return;
|
|
|
|
ENGINE_add(toadd);
|
|
|
|
ENGINE_free(toadd);
|
|
|
|
ERR_clear_error();
|
|
|
|
}
|
|
|
|
#endif
|