diff options
| -rw-r--r-- | README.gost | 4 | ||||
| -rw-r--r-- | gost_ameth.c | 32 | ||||
| -rw-r--r-- | gost_ctl.c | 13 | ||||
| -rw-r--r-- | gost_lcl.h | 4 |
4 files changed, 37 insertions, 16 deletions
diff --git a/README.gost b/README.gost index 9ed86a5..d6d5464 100644 --- a/README.gost +++ b/README.gost @@ -81,6 +81,10 @@ And section which describes configuration of the engine should contain default_algorithms = ALL CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet +If you want use unmask private key format, you must add: + PK_PARAMS = UNMASK +to [gost_section] + Where engine_id parameter specifies name of engine (should be "gost"). dynamic_path is a location of the loadable shared library implementing the engine. If the engine is compiled statically or is located in the OpenSSL diff --git a/gost_ameth.c b/gost_ameth.c index 005fbf7..b2d6aba 100644 --- a/gost_ameth.c +++ b/gost_ameth.c @@ -19,6 +19,8 @@ #include "gost_lcl.h" #include "e_gost_err.h" +#define PK_UNMASK_PARAM "UNMASK" + /* * Pack bignum into byte buffer of given size, filling all leading bytes by * zeros @@ -415,10 +417,9 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) { ASN1_OBJECT *algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk)); ASN1_STRING *params = encode_gost_algor_params(pk); - unsigned char /**priv_buf = NULL,*/ *buf = NULL; - int key_len = pkey_bits_gost(pk), /*priv_len = 0,*/ i = 0; + unsigned char *buf = NULL; + int key_len = pkey_bits_gost(pk), i = 0; - /*ASN1_STRING *octet = NULL;*/ if (!params) { return 0; } @@ -440,18 +441,25 @@ static int priv_encode_gost(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) buf[key_len - 1 - i] = tmp; } -/* - octet = ASN1_STRING_new(); - ASN1_OCTET_STRING_set(octet, buf, key_len); + /* unmasked private key */ + const char *pk_param = get_gost_engine_param(GOST_PARAM_PK_PARAMS); + if(pk_param != NULL && strcmp(pk_param, PK_UNMASK_PARAM) == 0) { + ASN1_STRING *octet = NULL; + int priv_len = 0; + unsigned char *priv_buf = NULL; + + octet = ASN1_STRING_new(); + ASN1_OCTET_STRING_set(octet, buf, key_len); + priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf); + ASN1_STRING_free(octet); + OPENSSL_free(buf); - priv_len = i2d_ASN1_OCTET_STRING(octet, &priv_buf); - ASN1_STRING_free(octet); - OPENSSL_free(buf); + return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, + priv_buf, priv_len); + } return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, - priv_buf, priv_len); */ - return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, - buf, key_len); + buf, key_len); } /* --------- printing keys --------------------------------*/ @@ -15,7 +15,7 @@ #include "gost_lcl.h" static char *gost_params[GOST_PARAM_MAX + 1] = { NULL }; -static const char *gost_envnames[] = { "CRYPT_PARAMS", "GOST_PBE_HMAC" }; +static const char *gost_envnames[] = { "CRYPT_PARAMS", "GOST_PBE_HMAC", "PK_PARAMS" }; const ENGINE_CMD_DEFN gost_cmds[] = { {GOST_CTRL_CRYPT_PARAMS, @@ -26,6 +26,10 @@ const ENGINE_CMD_DEFN gost_cmds[] = { "PBE_PARAMS", "Shortname of default digest alg for PBE", ENGINE_CMD_FLAG_STRING}, + {GOST_CTRL_PK_PARAMS, + "PK_PARAMS", + "Private key format params", + ENGINE_CMD_FLAG_STRING}, {0, NULL, NULL, 0} }; @@ -44,8 +48,9 @@ int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) { int param = cmd - ENGINE_CMD_BASE; int ret = 0; - if (param < 0 || param > GOST_PARAM_MAX) + if (param < 0 || param > GOST_PARAM_MAX) { return -1; + } ret = gost_set_default_param(param, p); return ret; } @@ -73,11 +78,13 @@ int gost_set_default_param(int param, const char *value) if (param < 0 || param > GOST_PARAM_MAX) return 0; tmp = getenv(gost_envnames[param]); + /* * if there is value in the environment, use it, else -passed string * */ - if (!tmp) + if (!tmp) { tmp = value; + } OPENSSL_free(gost_params[param]); gost_params[param] = BUF_strdup(tmp); @@ -21,9 +21,11 @@ /* Control commands */ # define GOST_PARAM_CRYPT_PARAMS 0 # define GOST_PARAM_PBE_PARAMS 1 -# define GOST_PARAM_MAX 1 +# define GOST_PARAM_PK_PARAMS 2 +# define GOST_PARAM_MAX 2 # define GOST_CTRL_CRYPT_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_CRYPT_PARAMS) # define GOST_CTRL_PBE_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_PBE_PARAMS) +# define GOST_CTRL_PK_PARAMS (ENGINE_CMD_BASE+GOST_PARAM_PK_PARAMS) typedef struct R3410_ec { int nid; |