1 /* $OpenBSD: gostr341001_key.c,v 1.5 2015/02/14 06:40:04 jsing Exp $ */
3 * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
4 * Copyright (c) 2005-2006 Cryptocom LTD
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
32 * 6. Redistributions of any form whatsoever must retain the following
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
54 #include <openssl/opensslconf.h>
56 #ifndef OPENSSL_NO_GOST
57 #include <openssl/bn.h>
58 #include <openssl/err.h>
59 #include <openssl/gost.h>
60 #include <openssl/objects.h>
61 #include "gost_locl.h"
79 ret = malloc(sizeof(GOST_KEY));
81 GOSTerr(GOST_F_GOST_KEY_NEW, ERR_R_MALLOC_FAILURE);
88 ret->digest_nid = NID_undef;
93 GOST_KEY_free(GOST_KEY *r)
100 i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
104 EC_GROUP_free(r->group);
105 EC_POINT_free(r->pub_key);
106 BN_clear_free(r->priv_key);
108 explicit_bzero((void *)r, sizeof(GOST_KEY));
113 GOST_KEY_check_key(const GOST_KEY *key)
117 BIGNUM *order = NULL;
118 EC_POINT *point = NULL;
120 if (key == NULL || key->group == NULL || key->pub_key == NULL) {
121 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
124 if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) {
125 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
128 if ((ctx = BN_CTX_new()) == NULL)
130 if ((point = EC_POINT_new(key->group)) == NULL)
133 /* testing whether the pub_key is on the elliptic curve */
134 if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) {
135 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
138 /* testing whether pub_key * order is the point at infinity */
139 if ((order = BN_new()) == NULL)
141 if (EC_GROUP_get_order(key->group, order, ctx) == 0) {
142 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
145 if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order,
147 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
150 if (EC_POINT_is_at_infinity(key->group, point) == 0) {
151 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
155 * in case the priv_key is present : check if generator * priv_key ==
158 if (key->priv_key != NULL) {
159 if (BN_cmp(key->priv_key, order) >= 0) {
160 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
163 if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL,
165 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY, ERR_R_EC_LIB);
168 if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) {
169 GOSTerr(GOST_F_GOST_KEY_CHECK_KEY,
170 EC_R_INVALID_PRIVATE_KEY);
178 EC_POINT_free(point);
183 GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y)
187 EC_POINT *point = NULL;
190 if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
191 GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
192 ERR_R_PASSED_NULL_PARAMETER);
199 point = EC_POINT_new(key->group);
203 if ((tx = BN_CTX_get(ctx)) == NULL)
205 if ((ty = BN_CTX_get(ctx)) == NULL)
207 if (EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y,
210 if (EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty,
214 * Check if retrieved coordinates match originals: if not, values are
217 if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) {
218 GOSTerr(GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
219 EC_R_COORDINATES_OUT_OF_RANGE);
222 if (GOST_KEY_set_public_key(key, point) == 0)
225 if (GOST_KEY_check_key(key) == 0)
231 EC_POINT_free(point);
238 GOST_KEY_get0_group(const GOST_KEY *key)
244 GOST_KEY_set_group(GOST_KEY *key, const EC_GROUP *group)
246 EC_GROUP_free(key->group);
247 key->group = EC_GROUP_dup(group);
248 return (key->group == NULL) ? 0 : 1;
252 GOST_KEY_get0_private_key(const GOST_KEY *key)
254 return key->priv_key;
258 GOST_KEY_set_private_key(GOST_KEY *key, const BIGNUM *priv_key)
260 BN_clear_free(key->priv_key);
261 key->priv_key = BN_dup(priv_key);
262 return (key->priv_key == NULL) ? 0 : 1;
266 GOST_KEY_get0_public_key(const GOST_KEY *key)
272 GOST_KEY_set_public_key(GOST_KEY *key, const EC_POINT *pub_key)
274 EC_POINT_free(key->pub_key);
275 key->pub_key = EC_POINT_dup(pub_key, key->group);
276 return (key->pub_key == NULL) ? 0 : 1;
280 GOST_KEY_get_digest(const GOST_KEY *key)
282 return key->digest_nid;
285 GOST_KEY_set_digest(GOST_KEY *key, int digest_nid)
287 if (digest_nid == NID_id_GostR3411_94_CryptoProParamSet ||
288 digest_nid == NID_id_tc26_gost3411_2012_256 ||
289 digest_nid == NID_id_tc26_gost3411_2012_512) {
290 key->digest_nid = digest_nid;
298 GOST_KEY_get_size(const GOST_KEY *r)
301 BIGNUM *order = NULL;
302 const EC_GROUP *group;
306 group = GOST_KEY_get0_group(r);
310 if ((order = BN_new()) == NULL)
313 if (EC_GROUP_get_order(group, order, NULL) == 0) {
314 BN_clear_free(order);
318 i = BN_num_bytes(order);
319 BN_clear_free(order);