/* * EVP_PKEY_METHOD callback derive. Implements VKO R 34.10-2001 * algorithm */ int pkey_gost2001_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { /* * Public key of peer in the ctx field peerkey Our private key in the ctx * pkey ukm is in the algorithm specific context data */ EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx); EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx); struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); if (!data->shared_ukm) { GOSTerr(GOST_F_PKEY_GOST2001_DERIVE, GOST_R_UKM_NOT_SET); return 0; } if (key == NULL) { *keylen = 32; return 32; } *keylen = VKO_compute_key(key, 32, EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)), (EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm); return 1; }
static int dh_cms_decrypt(CMS_RecipientInfo *ri) { EVP_PKEY_CTX *pctx; pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); if (!pctx) return 0; /* See if we need to set peer key */ if (!EVP_PKEY_CTX_get0_peerkey(pctx)) { X509_ALGOR *alg; ASN1_BIT_STRING *pubkey; if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, NULL, NULL, NULL)) return 0; if (!alg || !pubkey) return 0; if (!dh_cms_set_peerkey(pctx, alg, pubkey)) { DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR); return 0; } } /* Set DH derivation parameters and initialise unwrap context */ if (!dh_cms_set_shared_info(pctx, ri)) { DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR); return 0; } return 1; }
/* * EVP_PKEY_METHOD callback derive. * Implements VKO R 34.10-2001/2012 algorithms */ int pkey_gost_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { /* * Public key of peer in the ctx field peerkey * Our private key in the ctx pkey * ukm is in the algorithm specific context data */ EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx); EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx); struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); int dgst_nid = NID_undef; if (!data || !data->shared_ukm) { GOSTerr(GOST_F_PKEY_GOST_EC_DERIVE, GOST_R_UKM_NOT_SET); return 0; } if (key == NULL) { *keylen = 32; return 32; } EVP_PKEY_get_default_digest_nid(my_key, &dgst_nid); *keylen = VKO_compute_key(key, 32, EC_KEY_get0_public_key(EVP_PKEY_get0(peer_key)), (EC_KEY *)EVP_PKEY_get0(my_key), data->shared_ukm, dgst_nid); return (*keylen) ? 1 : 0; }
// Argh! This is one more of these OpenSSL-style schizophrenic APIs, where // depending on whether a parameter is NULL or not, different values are // expected... static int bcrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *outKey, size_t *outKeyLen) { *outKeyLen = X25519_KEYLEN; // First usage: a query for how many bytes the caller needs to allocate. if (outKey == NULL) return 1; // Second usage: writing into outkey the derived secret. // Note: this does NOT give you the actual bytes for the SECRET_HANDLE. (See // http://stackoverflow.com/questions/87694/im-using-wincrypt-for-diffie-hellman-can-i-export-the-shared-secret-in-plain // for something vaguely related). BCryptExportKey works for a KEY_HANDLE, not // a SECRET_HANDLE... and the type is defined as void* in the public Windows // 10 headers. bcrypt_x25519_key *pkey = EVP_PKEY_get0(EVP_PKEY_CTX_get0_pkey(ctx)); bcrypt_x25519_key *peerkey = EVP_PKEY_get0(EVP_PKEY_CTX_get0_peerkey(ctx)); BCRYPT_SECRET_HANDLE hSecret = NULL; if (!NT_SUCCESS(BCryptSecretAgreement(pkey->pair, peerkey->pair, &hSecret, 0))) { fprintf(stderr, "Cannot compute agreement\n"); return 0; } // Writing out a dummy value in the meanwhile... memset(outKey, 0, X25519_KEYLEN); return 1; }
int pkey_gost94_derive(EVP_PKEY_CTX *ctx,unsigned char *key,size_t *keylen) { EVP_PKEY *pubk = EVP_PKEY_CTX_get0_peerkey(ctx); EVP_PKEY *mykey = EVP_PKEY_CTX_get0_pkey(ctx); *keylen = 32; if (key == NULL) return 1; return make_cp_exchange_key(gost_get0_priv_key(mykey), pubk, key); }
/* * EVP_PKEY_METHOD callback decrypt * Implementation of GOST2001 key transport, cryptopo variation */ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, const unsigned char *in, size_t in_len) { const unsigned char *p = in; EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx); GOST_KEY_TRANSPORT *gkt = NULL; int ret = 0; unsigned char wrappedKey[44]; unsigned char sharedKey[32]; gost_ctx ctx; const struct gost_cipher_info *param = NULL; EVP_PKEY *eph_key = NULL, *peerkey = NULL; if (!key) { *key_len = 32; return 1; } gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len); if (!gkt) { GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); return -1; } /* If key transport structure contains public key, use it */ eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key); if (eph_key) { if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) { GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_INCOMPATIBLE_PEER_KEY); goto err; } } else { /* Set control "public key from client certificate used" */ if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) { GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_CTRL_CALL_FAILED); goto err; } } peerkey = EVP_PKEY_CTX_get0_peerkey(pctx); if (!peerkey) { GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_NO_PEER_KEY); goto err; } param = get_encryption_params(gkt->key_agreement_info->cipher); if (!param) { goto err; } gost_init(&ctx, param->sblock); OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8); memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8); OPENSSL_assert(gkt->key_info->encrypted_key->length == 32); memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32); OPENSSL_assert(gkt->key_info->imit->length == 4); memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4); VKO_compute_key(sharedKey, 32, EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)), EVP_PKEY_get0(priv), wrappedKey); if (!keyUnwrapCryptoPro(&ctx, sharedKey, wrappedKey, key)) { GOSTerr(GOST_F_PKEY_GOST01CP_DECRYPT, GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; } ret = 1; err: EVP_PKEY_free(eph_key); GOST_KEY_TRANSPORT_free(gkt); return ret; }
int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, const unsigned char *key, size_t key_len) { GOST_KEY_TRANSPORT *gkt = NULL; EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx); struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); const struct gost_cipher_info *param = get_encryption_params(NULL); unsigned char ukm[8], shared_key[32], crypted_key[44]; int ret = 0; int key_is_ephemeral = 1; gost_ctx cctx; EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx); if (data->shared_ukm) { memcpy(ukm, data->shared_ukm, 8); } else if (out) { if (RAND_bytes(ukm, 8) <= 0) { GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_RANDOM_GENERATOR_FAILURE); return 0; } } /* Check for private key in the peer_key of context */ if (sec_key) { key_is_ephemeral = 0; if (!gost_get0_priv_key(sec_key)) { GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR); goto err; } } else { key_is_ephemeral = 1; if (out) { sec_key = EVP_PKEY_new(); EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new()); EVP_PKEY_copy_parameters(sec_key, pubk); if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) { goto err; } } } if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list) { param = gost_cipher_list + 1; } if (out) { VKO_compute_key(shared_key, 32, EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)), EVP_PKEY_get0(sec_key), ukm); gost_init(&cctx, param->sblock); keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key); } gkt = GOST_KEY_TRANSPORT_new(); if (!gkt) { goto err; } if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) { goto err; } if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) { goto err; } if (!ASN1_OCTET_STRING_set (gkt->key_info->encrypted_key, crypted_key + 8, 32)) { goto err; } if (key_is_ephemeral) { if (!X509_PUBKEY_set (&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) { GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_CANNOT_PACK_EPHEMERAL_KEY); goto err; } } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); if (key_is_ephemeral) EVP_PKEY_free(sec_key); if (!key_is_ephemeral) { /* Set control "public key from client certificate used" */ if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) { GOSTerr(GOST_F_PKEY_GOST01CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED); goto err; } } if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0) ret = 1; GOST_KEY_TRANSPORT_free(gkt); return ret; err: if (key_is_ephemeral) EVP_PKEY_free(sec_key); GOST_KEY_TRANSPORT_free(gkt); return -1; }
int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char* key, size_t key_len ) { GOST_KEY_TRANSPORT *gkt=NULL; unsigned char shared_key[32], ukm[8],crypted_key[44]; const struct gost_cipher_info *param=get_encryption_params(NULL); EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(ctx); struct gost_pmeth_data *data = (gost_pmeth_data*)EVP_PKEY_CTX_get_data(ctx); gost_ctx cctx; int key_is_ephemeral=1; EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx); /* Do not use vizir cipher parameters with cryptopro */ if (!get_gost_engine_param(GOST_PARAM_CRYPT_PARAMS) && param == gost_cipher_list) { param= gost_cipher_list+1; } if (mykey) { /* If key already set, it is not ephemeral */ key_is_ephemeral=0; if (!gost_get0_priv_key(mykey)) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR); goto err; } } else { /* Otherwise generate ephemeral key */ key_is_ephemeral = 1; if (out) { mykey = EVP_PKEY_new(); EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk),DSA_new()); EVP_PKEY_copy_parameters(mykey,pubk); if (!gost_sign_keygen((DSA*)EVP_PKEY_get0(mykey))) { goto err; } } } if (out) make_cp_exchange_key(gost_get0_priv_key(mykey),pubk,shared_key); if (data->shared_ukm) { TINYCLR_SSL_MEMCPY(ukm,data->shared_ukm,8); } else if (out) { if (RAND_bytes(ukm,8)<=0) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_RANDOM_GENERATOR_FAILURE); goto err; } } if (out) { gost_init(&cctx,param->sblock); keyWrapCryptoPro(&cctx,shared_key,ukm,key,crypted_key); } gkt = GOST_KEY_TRANSPORT_new(); if (!gkt) { goto memerr; } if(!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm,8)) { goto memerr; } if (!ASN1_OCTET_STRING_set(gkt->key_info->imit,crypted_key+40,4)) { goto memerr; } if (!ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key,crypted_key+8,32)) { goto memerr; } if (key_is_ephemeral) { if (!X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key,out?mykey:pubk)) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_CANNOT_PACK_EPHEMERAL_KEY); goto err; } if (out) EVP_PKEY_free(mykey); } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); *outlen = i2d_GOST_KEY_TRANSPORT(gkt,out?&out:NULL); if (*outlen == 0) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); goto err; } if (!key_is_ephemeral) { /* Set control "public key from client certificate used" */ if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_CTRL_CALL_FAILED); goto err; } } GOST_KEY_TRANSPORT_free(gkt); return 1; memerr: if (key_is_ephemeral) { EVP_PKEY_free(mykey); } GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_MALLOC_FAILURE); err: GOST_KEY_TRANSPORT_free(gkt); return -1; }
/* EVP_PLEY_METHOD callback decrypt for * GOST R 34.10-94 cryptopro modification */ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len,const unsigned char *in, size_t in_len) { const unsigned char *p = in; GOST_KEY_TRANSPORT *gkt = NULL; unsigned char wrappedKey[44]; unsigned char sharedKey[32]; gost_ctx cctx; const struct gost_cipher_info *param=NULL; EVP_PKEY *eph_key=NULL, *peerkey=NULL; EVP_PKEY *priv= EVP_PKEY_CTX_get0_pkey(ctx); if (!key) { *key_len = 32; return 1; } gkt = d2i_GOST_KEY_TRANSPORT(NULL,(const unsigned char **)&p, in_len); if (!gkt) { GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT,GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); return 0; } eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key); if (eph_key) { if (EVP_PKEY_derive_set_peer(ctx, eph_key) <= 0) { GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_INCOMPATIBLE_PEER_KEY); goto err; } } else { /* Set control "public key from client certificate used" */ if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) { GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_CTRL_CALL_FAILED); goto err; } } peerkey = EVP_PKEY_CTX_get0_peerkey(ctx); if (!peerkey) { GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_NO_PEER_KEY); goto err; } param = get_encryption_params(gkt->key_agreement_info->cipher); gost_init(&cctx,param->sblock); OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); TINYCLR_SSL_MEMCPY(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); OPENSSL_assert(gkt->key_info->encrypted_key->length==32); TINYCLR_SSL_MEMCPY(wrappedKey+8,gkt->key_info->encrypted_key->data,32); OPENSSL_assert(gkt->key_info->imit->length==4); TINYCLR_SSL_MEMCPY(wrappedKey+40,gkt->key_info->imit->data,4); make_cp_exchange_key(gost_get0_priv_key(priv),peerkey,sharedKey); if (!keyUnwrapCryptoPro(&cctx,sharedKey,wrappedKey,key)) { GOSTerr(GOST_F_PKEY_GOST94CP_DECRYPT, GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; } EVP_PKEY_free(eph_key); GOST_KEY_TRANSPORT_free(gkt); return 1; err: EVP_PKEY_free(eph_key); GOST_KEY_TRANSPORT_free(gkt); return -1; }