/*
* Computes 256 bit Key exchange key as specified in RFC 4357
*/
static int make_cp_exchange_key(BIGNUM *priv_key, EVP_PKEY *pubk,
unsigned char *shared_key)
{
unsigned char dh_key[128];
int ret;
gost_hash_ctx hash_ctx;
DH *dh = DH_new();
if (!dh)
return 0;
memset(dh_key, 0, 128);
dh->g = BN_dup(pubk->pkey.dsa->g);
dh->p = BN_dup(pubk->pkey.dsa->p);
dh->priv_key = BN_dup(priv_key);
ret =
compute_pair_key_le(dh_key, ((DSA *)(EVP_PKEY_get0(pubk)))->pub_key,
dh);
DH_free(dh);
if (!ret)
return 0;
init_gost_hash_ctx(&hash_ctx, &GostR3411_94_CryptoProParamSet);
start_hash(&hash_ctx);
hash_block(&hash_ctx, dh_key, 128);
finish_hash(&hash_ctx, shared_key);
done_gost_hash_ctx(&hash_ctx);
return 1;
}
/* Implementation of CryptoPro VKO 34.10-2001 algorithm */
static int VKO_compute_key (unsigned char *shared_key, size_t shared_key_size, const EC_POINT * pub_key,
EC_KEY * priv_key, const unsigned char *ukm)
{
unsigned char ukm_be[8], databuf[64], hashbuf[64];
BIGNUM *UKM = NULL, *p = NULL, *order = NULL, *X = NULL, *Y = NULL;
const BIGNUM *key = EC_KEY_get0_private_key (priv_key);
EC_POINT *pnt = EC_POINT_new (EC_KEY_get0_group (priv_key));
int i;
gost_hash_ctx hash_ctx;
BN_CTX *ctx = BN_CTX_new ();
for (i = 0; i < 8; i++)
{
ukm_be[7 - i] = ukm[i];
}
BN_CTX_start (ctx);
UKM = getbnfrombuf (ukm_be, 8);
p = BN_CTX_get (ctx);
order = BN_CTX_get (ctx);
X = BN_CTX_get (ctx);
Y = BN_CTX_get (ctx);
EC_GROUP_get_order (EC_KEY_get0_group (priv_key), order, ctx);
BN_mod_mul (p, key, UKM, order, ctx);
EC_POINT_mul (EC_KEY_get0_group (priv_key), pnt, NULL, pub_key, p, ctx);
EC_POINT_get_affine_coordinates_GFp (EC_KEY_get0_group (priv_key), pnt, X, Y, ctx);
/*Serialize elliptic curve point same way as we do it when saving
* key */
store_bignum (Y, databuf, 32);
store_bignum (X, databuf + 32, 32);
/* And reverse byte order of whole buffer */
for (i = 0; i < 64; i++)
{
hashbuf[63 - i] = databuf[i];
}
init_gost_hash_ctx (&hash_ctx, &GostR3411_94_CryptoProParamSet);
start_hash (&hash_ctx);
hash_block (&hash_ctx, hashbuf, 64);
finish_hash (&hash_ctx, shared_key);
done_gost_hash_ctx (&hash_ctx);
BN_free (UKM);
BN_CTX_end (ctx);
BN_CTX_free (ctx);
EC_POINT_free (pnt);
return 32;
}
int hash_stream(gost_hash_ctx * ctx, int fd, char *sum)
{
unsigned char buffer[BUF_SIZE];
ssize_t bytes;
int i;
start_hash(ctx);
while ((bytes = read(fd, buffer, BUF_SIZE)) > 0) {
hash_block(ctx, buffer, bytes);
}
if (bytes < 0) {
return 0;
}
finish_hash(ctx, buffer);
for (i = 0; i < 32; i++) {
sprintf(sum + 2 * i, "%02x", buffer[31 - i]);
}
return 1;
}
