/* ------------------ private key functions -----------------------------*/ static int priv_decode_gost( EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf) { const unsigned char *pkey_buf = NULL,*p=NULL; int priv_len = 0; BIGNUM *pk_num=NULL; int ret =0; X509_ALGOR *palg =NULL; ASN1_OBJECT *palg_obj = NULL; ASN1_INTEGER *priv_key=NULL; if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf)) return 0; p = pkey_buf; if (!decode_gost_algor_params(pk,palg)) { return 0; } if (V_ASN1_OCTET_STRING == *p) { /* New format - Little endian octet string */ unsigned char rev_buf[32]; int i; ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len); if (!s||s->length !=32) { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } for (i=0;i<32;i++) { rev_buf[31-i]=s->data[i]; } ASN1_STRING_free(s); pk_num = getbnfrombuf(rev_buf,32); } else { priv_key=d2i_ASN1_INTEGER(NULL,&p,priv_len); if (!priv_key) return 0; ret= ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL))!=NULL) ; ASN1_INTEGER_free(priv_key); if (!ret) { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } } ret= gost_set_priv_key(pk,pk_num); BN_free(pk_num); return ret; }
static int priv_decode_gost(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf) { const unsigned char *pkey_buf = NULL, *p = NULL; int priv_len = 0; BIGNUM *pk_num = NULL; int ret = 0; X509_ALGOR *palg = NULL; ASN1_OBJECT *palg_obj = NULL; ASN1_INTEGER *priv_key = NULL; int expected_key_len = 32; if (!PKCS8_pkey_get0(&palg_obj, &pkey_buf, &priv_len, &palg, p8inf)) return 0; p = pkey_buf; if (!decode_gost_algor_params(pk, palg)) { return 0; } expected_key_len = pkey_bits_gost(pk) > 0 ? pkey_bits_gost(pk) / 8 : 0; if (expected_key_len == 0) { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } if (priv_len % expected_key_len == 0) { /* Key is not wrapped but masked */ pk_num = unmask_priv_key(pk, pkey_buf, expected_key_len, priv_len / expected_key_len - 1); } else if (V_ASN1_OCTET_STRING == *p) { /* New format - Little endian octet string */ ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL, &p, priv_len); if (!s || ((s->length != 32) && (s->length != 64))) { ASN1_STRING_free(s); GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } pk_num = hashsum2bn(s->data, s->length); ASN1_STRING_free(s); } else if (V_ASN1_INTEGER == *p) { priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len); if (!priv_key) { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } pk_num = ASN1_INTEGER_to_BN(priv_key, NULL); ASN1_INTEGER_free(priv_key); } else if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == *p) { MASKED_GOST_KEY *mgk = NULL; mgk = d2i_MASKED_GOST_KEY(NULL, &p, priv_len); if (!mgk) { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } priv_len = mgk->masked_priv_key->length; if (priv_len % expected_key_len) { MASKED_GOST_KEY_free(mgk); GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } pk_num = unmask_priv_key(pk, mgk->masked_priv_key->data, expected_key_len, priv_len / expected_key_len - 1); MASKED_GOST_KEY_free(mgk); } else { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } if (pk_num == NULL) { GOSTerr(GOST_F_PRIV_DECODE_GOST, EVP_R_DECODE_ERROR); return 0; } ret = gost_set_priv_key(pk, pk_num); BN_free(pk_num); return ret; }