From 9d98d8f4554f3c892478f674ff222804b67c07cc Mon Sep 17 00:00:00 2001 From: gecheim Date: Thu, 11 Mar 2021 12:41:04 +0300 Subject: [PATCH 1/5] Fix CMake build --- CMakeLists.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 6a7766652..78974cf23 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -80,6 +80,8 @@ endif(NOT CMAKE_BUILD_TYPE) message(STATUS "Build Configuration: ${CMAKE_BUILD_TYPE}") +add_definitions(-DDEFAULT_UMASK=0077) + # Build Modules Path set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_SOURCE_DIR}/modules From bec4a9d278ca6f441947698fd0c6b2547c98008e Mon Sep 17 00:00:00 2001 From: gecheim Date: Thu, 11 Mar 2021 13:12:57 +0300 Subject: [PATCH 2/5] Add support GOST 2012 256 keys with Botan --- src/lib/SoftHSM.cpp | 89 ++++++++++++++++++++---- src/lib/SoftHSM.h | 6 +- src/lib/crypto/AsymmetricAlgorithm.h | 2 + src/lib/crypto/BotanCryptoFactory.cpp | 51 ++++++++++++++ src/lib/crypto/BotanCryptoFactory.h | 3 + src/lib/crypto/BotanGOST2012.cpp | 34 +++++++++ src/lib/crypto/BotanGOST2012.h | 14 ++++ src/lib/crypto/BotanGOST2012_512.cpp | 31 +++++++++ src/lib/crypto/BotanGOST2012_512.h | 14 ++++ src/lib/crypto/BotanGOSTR3411_12_256.cpp | 12 ++++ src/lib/crypto/BotanGOSTR3411_12_256.h | 13 ++++ src/lib/crypto/BotanGOSTR3411_12_512.cpp | 11 +++ src/lib/crypto/BotanGOSTR3411_12_512.h | 13 ++++ src/lib/crypto/CMakeLists.txt | 8 +++ src/lib/crypto/CryptoFactory.h | 5 ++ src/lib/crypto/HashAlgorithm.h | 4 +- src/lib/pkcs11/pkcs11.h | 38 ++++++---- src/lib/slot_mgr/Token.h | 2 +- 18 files changed, 320 insertions(+), 30 deletions(-) create mode 100644 src/lib/crypto/BotanGOST2012.cpp create mode 100644 src/lib/crypto/BotanGOST2012.h create mode 100644 src/lib/crypto/BotanGOST2012_512.cpp create mode 100644 src/lib/crypto/BotanGOST2012_512.h create mode 100644 src/lib/crypto/BotanGOSTR3411_12_256.cpp create mode 100644 src/lib/crypto/BotanGOSTR3411_12_256.h create mode 100644 src/lib/crypto/BotanGOSTR3411_12_512.cpp create mode 100644 src/lib/crypto/BotanGOSTR3411_12_512.h diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp index 1101d5411..dd73ae473 100644 --- a/src/lib/SoftHSM.cpp +++ b/src/lib/SoftHSM.cpp @@ -137,6 +137,8 @@ static CK_RV newP11Object(CK_OBJECT_CLASS objClass, CK_KEY_TYPE keyType, CK_CERT *p11object = new P11DHPublicKeyObj(); else if (keyType == CKK_GOSTR3410) *p11object = new P11GOSTPublicKeyObj(); + else if (keyType == CKK_GOSTR3410_512) + *p11object = new P11GOSTPublicKeyObj(); else if (keyType == CKK_EC_EDWARDS) *p11object = new P11EDPublicKeyObj(); else @@ -811,8 +813,12 @@ void SoftHSM::prepareSupportedMecahnisms(std::mapgetAsymmetricAlgorithm(AsymAlgo::GOST); + // Get the CKA_PRIVATE attribute, when the attribute is not present use default false + bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false); + ByteString param; + if (isKeyPrivate) + { + if(!token->decrypt(key->getByteStringValue(CKA_GOSTR3411_PARAMS), param)) + return CKR_PUBLIC_KEY_INVALID; + } + else + { + param = key->getByteStringValue(CKA_GOSTR3411_PARAMS); + } + AsymAlgo::Type type = CryptoFactory::i()->getGOSTType(param); + if(type == AsymAlgo::Unknown) + { + ERROR_MSG("Cannot parse GOST key type"); + return CKR_PUBLIC_KEY_INVALID; + } + asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(type); if (asymCrypto == NULL) return CKR_MECHANISM_INVALID; privateKey = asymCrypto->newPrivateKey(); @@ -6013,6 +6043,9 @@ CK_RV SoftHSM::C_GenerateKeyPair case CKM_GOSTR3410_KEY_PAIR_GEN: keyType = CKK_GOSTR3410; break; + case CKM_GOSTR3410_512_KEY_PAIR_GEN: + keyType = CKK_GOSTR3410_512; + break; #endif #ifdef WITH_EDDSA case CKM_EC_EDWARDS_KEY_PAIR_GEN: @@ -6044,6 +6077,8 @@ CK_RV SoftHSM::C_GenerateKeyPair return CKR_TEMPLATE_INCONSISTENT; if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN && keyType != CKK_GOSTR3410) return CKR_TEMPLATE_INCONSISTENT; + if (pMechanism->mechanism == CKM_GOSTR3410_512_KEY_PAIR_GEN && keyType != CKK_GOSTR3410_512) + return CKR_TEMPLATE_INCONSISTENT; if (pMechanism->mechanism == CKM_EC_EDWARDS_KEY_PAIR_GEN && keyType != CKK_EC_EDWARDS) return CKR_TEMPLATE_INCONSISTENT; @@ -6067,6 +6102,8 @@ CK_RV SoftHSM::C_GenerateKeyPair return CKR_TEMPLATE_INCONSISTENT; if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN && keyType != CKK_GOSTR3410) return CKR_TEMPLATE_INCONSISTENT; + if (pMechanism->mechanism == CKM_GOSTR3410_512_KEY_PAIR_GEN && keyType != CKK_GOSTR3410_512) + return CKR_TEMPLATE_INCONSISTENT; if (pMechanism->mechanism == CKM_EC_EDWARDS_KEY_PAIR_GEN && keyType != CKK_EC_EDWARDS) return CKR_TEMPLATE_INCONSISTENT; @@ -6123,13 +6160,14 @@ CK_RV SoftHSM::C_GenerateKeyPair } // Generate GOST keys - if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN) + if (pMechanism->mechanism == CKM_GOSTR3410_KEY_PAIR_GEN || pMechanism->mechanism == CKM_GOSTR3410_512_KEY_PAIR_GEN) { return this->generateGOST(hSession, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey, - ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate); + ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate, + keyType); } // Generate EDDSA keys @@ -9844,7 +9882,8 @@ CK_RV SoftHSM::generateGOST CK_BBOOL isPublicKeyOnToken, CK_BBOOL isPublicKeyPrivate, CK_BBOOL isPrivateKeyOnToken, - CK_BBOOL isPrivateKeyPrivate) + CK_BBOOL isPrivateKeyPrivate, + CK_KEY_TYPE keyType) { *phPublicKey = CK_INVALID_HANDLE; *phPrivateKey = CK_INVALID_HANDLE; @@ -9881,10 +9920,25 @@ CK_RV SoftHSM::generateGOST } } + AsymAlgo::Type algo = AsymAlgo::GOST; // The parameters must be specified to be able to generate a key pair. - if (param_3410.size() == 0 || param_3411.size() == 0) { - INFO_MSG("Missing parameter(s) in pPublicKeyTemplate"); - return CKR_TEMPLATE_INCOMPLETE; + if (keyType != CKK_GOSTR3410_512) + { + if(param_3411.size() == 0) + { + param_3411 = ByteString("06082a85030701010202"); + algo = AsymAlgo::GOST2012; + } + else if (param_3410.size() == 0) + { + INFO_MSG("Missing parameter(s) in pPublicKeyTemplate"); + return CKR_TEMPLATE_INCOMPLETE; + } + } + else + { + param_3411 = ByteString("06082a85030701010203"); + algo = AsymAlgo::GOST2012_512; } // Set the parameters @@ -9893,7 +9947,7 @@ CK_RV SoftHSM::generateGOST // Generate key pair AsymmetricKeyPair* kp = NULL; - AsymmetricAlgorithm* gost = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST); + AsymmetricAlgorithm* gost = CryptoFactory::i()->getAsymmetricAlgorithm(algo); if (gost == NULL) return CKR_GENERAL_ERROR; if (!gost->generateKeyPair(&kp, &p)) { @@ -9912,12 +9966,11 @@ CK_RV SoftHSM::generateGOST { const CK_ULONG maxAttribs = 32; CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY; - CK_KEY_TYPE publicKeyType = CKK_GOSTR3410; CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = { { CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) }, { CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) }, { CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) }, - { CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, }; CK_ULONG publicKeyAttribsCount = 4; @@ -9937,6 +9990,19 @@ CK_RV SoftHSM::generateGOST publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i]; } } + if (param_3410.size() == 0) + { + const ByteString &str = p.getEC(); + publicKeyAttribs[publicKeyAttribsCount].type = CKA_GOSTR3410_PARAMS; + publicKeyAttribs[publicKeyAttribsCount].pValue = const_cast(str.const_byte_str()); + publicKeyAttribs[publicKeyAttribsCount++].ulValueLen = str.size(); + } + if(algo == AsymAlgo::GOST2012 || algo == AsymAlgo::GOST2012_512) + { + publicKeyAttribs[publicKeyAttribsCount].type = CKA_GOSTR3411_PARAMS; + publicKeyAttribs[publicKeyAttribsCount].pValue = const_cast(param_3411.const_byte_str()); + publicKeyAttribs[publicKeyAttribsCount++].ulValueLen = param_3411.size(); + } if (rv == CKR_OK) rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE); @@ -9984,12 +10050,11 @@ CK_RV SoftHSM::generateGOST { const CK_ULONG maxAttribs = 32; CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY; - CK_KEY_TYPE privateKeyType = CKK_GOSTR3410; CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = { { CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) }, { CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) }, { CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) }, - { CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, }; CK_ULONG privateKeyAttribsCount = 4; if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount)) diff --git a/src/lib/SoftHSM.h b/src/lib/SoftHSM.h index 852eddedb..2ac0c2d25 100644 --- a/src/lib/SoftHSM.h +++ b/src/lib/SoftHSM.h @@ -337,8 +337,7 @@ class SoftHSM CK_BBOOL isPrivate ); CK_RV generateGOST - ( - CK_SESSION_HANDLE hSession, + (CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, @@ -348,7 +347,8 @@ class SoftHSM CK_BBOOL isPublicKeyOnToken, CK_BBOOL isPublicKeyPrivate, CK_BBOOL isPrivateKeyOnToken, - CK_BBOOL isPrivateKeyPrivate + CK_BBOOL isPrivateKeyPrivate, + CK_KEY_TYPE keyType ); CK_RV generateGeneric ( diff --git a/src/lib/crypto/AsymmetricAlgorithm.h b/src/lib/crypto/AsymmetricAlgorithm.h index b0f02fd6b..500f64185 100644 --- a/src/lib/crypto/AsymmetricAlgorithm.h +++ b/src/lib/crypto/AsymmetricAlgorithm.h @@ -53,6 +53,8 @@ struct AsymAlgo ECDH, ECDSA, GOST, + GOST2012, + GOST2012_512, EDDSA }; }; diff --git a/src/lib/crypto/BotanCryptoFactory.cpp b/src/lib/crypto/BotanCryptoFactory.cpp index 4ad743df8..91c183c01 100644 --- a/src/lib/crypto/BotanCryptoFactory.cpp +++ b/src/lib/crypto/BotanCryptoFactory.cpp @@ -50,11 +50,20 @@ #include "BotanSHA512.h" #ifdef WITH_GOST #include "BotanGOST.h" +#include "BotanGOST2012.h" +#include "BotanGOST2012_512.h" #include "BotanGOSTR3411.h" +#include "BotanGOSTR3411_12_256.h" +#include "BotanGOSTR3411_12_512.h" +//#include "../object_store/OSObject.h" +//#include "../slot_mgr/Token.h" +#include #endif #include "BotanMAC.h" #ifdef WITH_EDDSA #include "BotanEDDSA.h" + +#include #endif // Constructor @@ -144,6 +153,10 @@ AsymmetricAlgorithm* BotanCryptoFactory::getAsymmetricAlgorithm(AsymAlgo::Type a #ifdef WITH_GOST case AsymAlgo::GOST: return new BotanGOST(); + case AsymAlgo::GOST2012: + return new BotanGOST2012(); + case AsymAlgo::GOST2012_512: + return new BotanGOST2012_512(); #endif #ifdef WITH_EDDSA case AsymAlgo::EDDSA: @@ -180,6 +193,10 @@ HashAlgorithm* BotanCryptoFactory::getHashAlgorithm(HashAlgo::Type algorithm) #ifdef WITH_GOST case HashAlgo::GOST: return new BotanGOSTR3411(); + case HashAlgo::GOST2012_256: + return new BotanGOSTR3411_12_256(); + case HashAlgo::GOST2012_512: + return new BotanGOSTR3411_12_512(); #endif default: // No algorithm implementation is available @@ -279,3 +296,37 @@ RNG* BotanCryptoFactory::getRNG(RNGImpl::Type name /* = RNGImpl::Default */) return NULL; } } + +AsymAlgo::Type BotanCryptoFactory::getGOSTType(const ByteString ¶m) +{/* + // Get the CKA_PRIVATE attribute, when the attribute is not present use default false + bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false); + ByteString param; + if (isKeyPrivate) + { + if(!token->decrypt(key->getByteStringValue(CKA_GOSTR3411_PARAMS), param)) + return AsymAlgo::Unknown; + } + else + { + param = key->getByteStringValue(CKA_GOSTR3411_PARAMS); + }*/ + if(param.size() == 0) + return AsymAlgo::Unknown; + Botan::BER_Decoder dec(param.const_byte_str(), param.size()); + Botan::OID oid; + Botan::OID gost_256({1,2,643,7,1,1,2,2}), gost_512({1,2,643,7,1,1,2,3}); + try { + oid.decode_from(dec); + + } catch (Botan::Exception except) { + ERROR_MSG(except.what()); + return AsymAlgo::Unknown; + } + if(oid == gost_256) + return AsymAlgo::GOST2012; + else if(oid == gost_512) + return AsymAlgo::GOST2012_512; + else + return AsymAlgo::GOST; +} diff --git a/src/lib/crypto/BotanCryptoFactory.h b/src/lib/crypto/BotanCryptoFactory.h index 788ae373d..f5f691bfd 100644 --- a/src/lib/crypto/BotanCryptoFactory.h +++ b/src/lib/crypto/BotanCryptoFactory.h @@ -74,6 +74,9 @@ class BotanCryptoFactory : public CryptoFactory // Get the global RNG (may be an unique RNG per thread) RNG* getRNG(RNGImpl::Type name = RNGImpl::Default); + // Parse GOST key type + AsymAlgo::Type getGOSTType(const ByteString& param); + // Destructor ~BotanCryptoFactory(); diff --git a/src/lib/crypto/BotanGOST2012.cpp b/src/lib/crypto/BotanGOST2012.cpp new file mode 100644 index 000000000..2f35ddd1b --- /dev/null +++ b/src/lib/crypto/BotanGOST2012.cpp @@ -0,0 +1,34 @@ +#include "BotanGOST2012.h" +#include "ECParameters.h" + +#include +#include + +bool BotanGOST2012::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* rng) +{ + ECParameters *p = reinterpret_cast(parameters); + const ByteString &ec = p->getEC(); + Botan::BER_Decoder dec(ec.const_byte_str(), ec.size()); + if(ec.size()) + { + Botan::OID oid; + oid.decode_from(dec); + if (oid != Botan::OID({1,2,643,2,2,35,1}) && + oid != Botan::OID({1,2,643,2,2,35,2}) && + oid != Botan::OID({1,2,643,2,2,35,3}) && + oid != Botan::OID({1,2,643,2,2,36,0}) && + oid != Botan::OID({1,2,643,2,2,36,1}) && + oid != Botan::OID({1,2,643,7,1,2,1,1,1}) + ) + { + ERROR_MSG("Public Key paramSet is not valid for GOST R34.10-2012 256"); + return false; + } + } + else + { + const std::vector &data = Botan::OID({1,2,643,2,2,35,1}).BER_encode(); + p->setEC(ByteString(data.data(), data.size())); + } + return BotanGOST::generateKeyPair(ppKeyPair, parameters, rng); +} diff --git a/src/lib/crypto/BotanGOST2012.h b/src/lib/crypto/BotanGOST2012.h new file mode 100644 index 000000000..997e82a63 --- /dev/null +++ b/src/lib/crypto/BotanGOST2012.h @@ -0,0 +1,14 @@ +#ifndef BOTANGOST2012_H +#define BOTANGOST2012_H + +#include "BotanGOST.h" + +class BotanGOST2012 : public BotanGOST +{ +public: + BotanGOST2012() = default; + + bool generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* rng); +}; + +#endif // BOTANGOST2012_H diff --git a/src/lib/crypto/BotanGOST2012_512.cpp b/src/lib/crypto/BotanGOST2012_512.cpp new file mode 100644 index 000000000..2cb530b84 --- /dev/null +++ b/src/lib/crypto/BotanGOST2012_512.cpp @@ -0,0 +1,31 @@ +#include "BotanGOST2012_512.h" +#include "ECParameters.h" + +#include +#include + +bool BotanGOST2012_512::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* rng) +{ + ECParameters *p = reinterpret_cast(parameters); + const ByteString &ec = p->getEC(); + if(ec.size()) + { + Botan::BER_Decoder dec(ec.const_byte_str(), ec.size()); + Botan::OID oid; + oid.decode_from(dec); + if (oid != Botan::OID({1,2,643,7,1,2,1,2,1}) && + oid != Botan::OID({1,2,643,7,1,2,1,2,2}) && + oid != Botan::OID({1,2,643,7,1,2,1,2,3}) + ) + { + ERROR_MSG("Public Key paramSet is not valid for GOST R34.10-2012 512"); + return false; + } + } + else + { + const std::vector &data = Botan::OID({1,2,643,7,1,2,1,2,1}).BER_encode(); + p->setEC(ByteString(data.data(), data.size())); + } + return BotanGOST::generateKeyPair(ppKeyPair, parameters, rng); +} diff --git a/src/lib/crypto/BotanGOST2012_512.h b/src/lib/crypto/BotanGOST2012_512.h new file mode 100644 index 000000000..423bafdc7 --- /dev/null +++ b/src/lib/crypto/BotanGOST2012_512.h @@ -0,0 +1,14 @@ +#ifndef BOTANGOST2012_512_H +#define BOTANGOST2012_512_H + +#include "BotanGOST.h" + +class BotanGOST2012_512 : public BotanGOST +{ +public: + BotanGOST2012_512() = default; + + bool generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* rng); +}; + +#endif // BOTANGOST2012_512_H diff --git a/src/lib/crypto/BotanGOSTR3411_12_256.cpp b/src/lib/crypto/BotanGOSTR3411_12_256.cpp new file mode 100644 index 000000000..ddf99ebbe --- /dev/null +++ b/src/lib/crypto/BotanGOSTR3411_12_256.cpp @@ -0,0 +1,12 @@ +#include "BotanGOSTR3411_12_256.h" + + +int BotanGOSTR3411_12_256::getHashSize() +{ + return 32; +} + +const char *BotanGOSTR3411_12_256::getHashName() const +{ + return "Streebog-256"; +} diff --git a/src/lib/crypto/BotanGOSTR3411_12_256.h b/src/lib/crypto/BotanGOSTR3411_12_256.h new file mode 100644 index 000000000..fd071fe68 --- /dev/null +++ b/src/lib/crypto/BotanGOSTR3411_12_256.h @@ -0,0 +1,13 @@ +#ifndef BOTANGOSTR3411_12_256_H +#define BOTANGOSTR3411_12_256_H + +#include "BotanHashAlgorithm.h" + +class BotanGOSTR3411_12_256 : public BotanHashAlgorithm +{ + virtual int getHashSize(); +protected: + virtual const char* getHashName() const; +}; + +#endif // BOTANGOSTR3411_12_256_H diff --git a/src/lib/crypto/BotanGOSTR3411_12_512.cpp b/src/lib/crypto/BotanGOSTR3411_12_512.cpp new file mode 100644 index 000000000..266be5d68 --- /dev/null +++ b/src/lib/crypto/BotanGOSTR3411_12_512.cpp @@ -0,0 +1,11 @@ +#include "BotanGOSTR3411_12_512.h" + +int BotanGOSTR3411_12_512::getHashSize() +{ + return 64; +} + +const char *BotanGOSTR3411_12_512::getHashName() const +{ + return "Streebog-512"; +} diff --git a/src/lib/crypto/BotanGOSTR3411_12_512.h b/src/lib/crypto/BotanGOSTR3411_12_512.h new file mode 100644 index 000000000..a07a752be --- /dev/null +++ b/src/lib/crypto/BotanGOSTR3411_12_512.h @@ -0,0 +1,13 @@ +#ifndef BOTANGOSTR3411_12_512_H +#define BOTANGOSTR3411_12_512_H + +#include "BotanHashAlgorithm.h" + +class BotanGOSTR3411_12_512 : public BotanHashAlgorithm +{ + virtual int getHashSize(); +protected: + virtual const char* getHashName() const; +}; + +#endif // BOTANGOSTR3411_12_512_H diff --git a/src/lib/crypto/CMakeLists.txt b/src/lib/crypto/CMakeLists.txt index 0230f5a15..16b962a3f 100644 --- a/src/lib/crypto/CMakeLists.txt +++ b/src/lib/crypto/CMakeLists.txt @@ -109,10 +109,14 @@ if(WITH_BOTAN) BotanEDPrivateKey.cpp BotanEDPublicKey.cpp BotanGOST.cpp + BotanGOST2012.cpp + BotanGOST2012_512.cpp BotanGOSTKeyPair.cpp BotanGOSTPrivateKey.cpp BotanGOSTPublicKey.cpp BotanGOSTR3411.cpp + BotanGOSTR3411_12_256.cpp + BotanGOSTR3411_12_512.cpp BotanHashAlgorithm.cpp BotanMacAlgorithm.cpp BotanMAC.cpp @@ -132,6 +136,10 @@ if(WITH_BOTAN) ) endif(WITH_BOTAN) +if(WITH_GOST) + include_directories(AFTER ${CMAKE_SOURCE_DIR}/lib/object_store/) +endif(WITH_GOST) + include_directories(${INCLUDE_DIRS}) add_library(${PROJECT_NAME} OBJECT ${SOURCES}) diff --git a/src/lib/crypto/CryptoFactory.h b/src/lib/crypto/CryptoFactory.h index 761e47329..be69c919c 100644 --- a/src/lib/crypto/CryptoFactory.h +++ b/src/lib/crypto/CryptoFactory.h @@ -56,6 +56,11 @@ class CryptoFactory virtual bool getFipsSelfTestStatus() const = 0; #endif +#ifdef WITH_GOST + // Parse GOST key type + virtual AsymAlgo::Type getGOSTType(const ByteString ¶m) = 0; +#endif + // Create a concrete instance of a symmetric algorithm virtual SymmetricAlgorithm* getSymmetricAlgorithm(SymAlgo::Type algorithm) = 0; diff --git a/src/lib/crypto/HashAlgorithm.h b/src/lib/crypto/HashAlgorithm.h index ca2ae08b4..9a34d37e0 100644 --- a/src/lib/crypto/HashAlgorithm.h +++ b/src/lib/crypto/HashAlgorithm.h @@ -47,7 +47,9 @@ struct HashAlgo SHA256, SHA384, SHA512, - GOST + GOST, + GOST2012_256, + GOST2012_512, }; }; diff --git a/src/lib/pkcs11/pkcs11.h b/src/lib/pkcs11/pkcs11.h index 9d31ce896..e1d763b8d 100644 --- a/src/lib/pkcs11/pkcs11.h +++ b/src/lib/pkcs11/pkcs11.h @@ -400,6 +400,7 @@ typedef unsigned long ck_key_type_t; #define CKK_SHA224_HMAC (0x2eUL) #define CKK_SEED (0x2fUL) #define CKK_GOSTR3410 (0x30UL) +#define CKK_GOSTR3410_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x003) #define CKK_GOSTR3411 (0x31UL) #define CKK_GOST28147 (0x32UL) #define CKK_EC_EDWARDS (0x40UL) @@ -836,18 +837,27 @@ typedef unsigned long ck_mechanism_type_t; #define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL) #define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL) #define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL) -#define CKM_GOSTR3410_KEY_PAIR_GEN (0x1200UL) -#define CKM_GOSTR3410 (0x1201UL) -#define CKM_GOSTR3410_WITH_GOSTR3411 (0x1202UL) -#define CKM_GOSTR3410_KEY_WRAP (0x1203UL) -#define CKM_GOSTR3410_DERIVE (0x1204UL) -#define CKM_GOSTR3411 (0x1210UL) -#define CKM_GOSTR3411_HMAC (0x1211UL) -#define CKM_GOST28147_KEY_GEN (0x1220UL) -#define CKM_GOST28147_ECB (0x1221UL) -#define CKM_GOST28147 (0x1222UL) -#define CKM_GOST28147_MAC (0x1223UL) -#define CKM_GOST28147_KEY_WRAP (0x1224UL) +#define CKM_GOSTR3410_KEY_PAIR_GEN (0x1200UL) +#define CKM_GOSTR3410 (0x1201UL) +#define CKM_GOSTR3410_WITH_GOSTR3411 (0x1202UL) +#define CKM_GOSTR3410_KEY_WRAP (0x1203UL) +#define CKM_GOSTR3410_DERIVE (0x1204UL) +#define CKM_GOSTR3410_512_KEY_PAIR_GEN (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x005) +#define CKM_GOSTR3410_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x006) +#define CKM_GOSTR3410_12_DERIVE (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x007) +#define CKM_GOSTR3410_WITH_GOSTR3411_12_256 (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x008) +#define CKM_GOSTR3410_WITH_GOSTR3411_12_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x009) +#define CKM_GOSTR3411 (0x1210UL) +#define CKM_GOSTR3411_HMAC (0x1211UL) +#define CKM_GOSTR3411_12_256 (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x012) +#define CKM_GOSTR3411_12_512 (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x013) +#define CKM_GOSTR3411_12_256_HMAC (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x014) +#define CKM_GOSTR3411_12_512_HMAC (CK_VENDOR_PKCS11_RU_TEAM_TC26 | 0x015) +#define CKM_GOST28147_KEY_GEN (0x1220UL) +#define CKM_GOST28147_ECB (0x1221UL) +#define CKM_GOST28147 (0x1222UL) +#define CKM_GOST28147_MAC (0x1223UL) +#define CKM_GOST28147_KEY_WRAP (0x1224UL) #define CKM_DSA_PARAMETER_GEN (0x2000UL) #define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) #define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) @@ -1536,7 +1546,9 @@ struct ck_c_initialize_args #define CKZ_DATA_SPECIFIED (0x01UL) - +/* GOST 2012 specific values */ +#define NSSCK_VENDOR_PKCS11_RU_TEAM (CKR_VENDOR_DEFINED | 0x54321000) +#define CK_VENDOR_PKCS11_RU_TEAM_TC26 NSSCK_VENDOR_PKCS11_RU_TEAM /* Compatibility layer. */ diff --git a/src/lib/slot_mgr/Token.h b/src/lib/slot_mgr/Token.h index 8f674335a..526dadd7f 100644 --- a/src/lib/slot_mgr/Token.h +++ b/src/lib/slot_mgr/Token.h @@ -35,7 +35,7 @@ #include "config.h" #include "ByteString.h" -#include "ObjectStore.h" +#include #include "ObjectStoreToken.h" #include "SecureDataManager.h" #include "cryptoki.h" From c4c05ee764c7c202e9c684b008bad405d6978d56 Mon Sep 17 00:00:00 2001 From: gecheim Date: Thu, 11 Mar 2021 15:07:53 +0300 Subject: [PATCH 3/5] fix build without CMake fix build with static botan --- src/bin/keyconv/CMakeLists.txt | 2 +- src/lib/CMakeLists.txt | 2 +- src/lib/crypto/Makefile.am | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/bin/keyconv/CMakeLists.txt b/src/bin/keyconv/CMakeLists.txt index 578f657a2..468117f6f 100644 --- a/src/bin/keyconv/CMakeLists.txt +++ b/src/bin/keyconv/CMakeLists.txt @@ -20,7 +20,7 @@ endif(WITH_BOTAN) include_directories(${INCLUDE_DIRS}) add_executable(${PROJECT_NAME} ${SOURCES}) -target_link_libraries(${PROJECT_NAME} ${CRYPTO_LIBS}) +target_link_libraries(${PROJECT_NAME} ${CRYPTO_LIBS} pthread) install(TARGETS ${PROJECT_NAME} DESTINATION ${CMAKE_INSTALL_BINDIR} diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index 895bb98bf..a47d599da 100644 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -59,7 +59,7 @@ endif() # Static Library Config ############################################################################### add_library(${PROJECT_NAME}-static STATIC ${SOURCES}) -target_link_libraries(${PROJECT_NAME}-static ${STATIC_FILES}) +target_link_libraries(${PROJECT_NAME}-static ${STATIC_FILES} pthread) set_target_properties(${PROJECT_NAME}-static PROPERTIES OUTPUT_NAME ${PROJECT_NAME} ) diff --git a/src/lib/crypto/Makefile.am b/src/lib/crypto/Makefile.am index e23848fa2..c8b780ef1 100644 --- a/src/lib/crypto/Makefile.am +++ b/src/lib/crypto/Makefile.am @@ -115,10 +115,14 @@ libsofthsm_crypto_la_SOURCES += BotanAES.cpp \ BotanEDPrivateKey.cpp \ BotanEDPublicKey.cpp \ BotanGOST.cpp \ + BotanGOST2012.cpp \ + BotanGOST2012_512.cpp \ BotanGOSTKeyPair.cpp \ BotanGOSTPrivateKey.cpp \ BotanGOSTPublicKey.cpp \ BotanGOSTR3411.cpp \ + BotanGOSTR3411_12_256.cpp \ + BotanGOSTR3411_12_512.cpp \ BotanHashAlgorithm.cpp \ BotanMAC.cpp \ BotanMacAlgorithm.cpp \ From 09dedc1eed2b0d8ee95eccb4b01be944c4c34934 Mon Sep 17 00:00:00 2001 From: gecheim Date: Thu, 11 Mar 2021 15:30:38 +0300 Subject: [PATCH 4/5] fix failing build with openssl --- src/lib/crypto/BotanCryptoFactory.h | 2 ++ src/lib/crypto/OSSLCryptoFactory.cpp | 19 +++++++++++++++++++ src/lib/crypto/OSSLCryptoFactory.h | 5 +++++ 3 files changed, 26 insertions(+) diff --git a/src/lib/crypto/BotanCryptoFactory.h b/src/lib/crypto/BotanCryptoFactory.h index f5f691bfd..7d0c60336 100644 --- a/src/lib/crypto/BotanCryptoFactory.h +++ b/src/lib/crypto/BotanCryptoFactory.h @@ -74,8 +74,10 @@ class BotanCryptoFactory : public CryptoFactory // Get the global RNG (may be an unique RNG per thread) RNG* getRNG(RNGImpl::Type name = RNGImpl::Default); +#ifdef WITH_GOST // Parse GOST key type AsymAlgo::Type getGOSTType(const ByteString& param); +#endif // Destructor ~BotanCryptoFactory(); diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp index ace4bcb95..1909d473c 100644 --- a/src/lib/crypto/OSSLCryptoFactory.cpp +++ b/src/lib/crypto/OSSLCryptoFactory.cpp @@ -293,6 +293,25 @@ void OSSLCryptoFactory::reset() instance.reset(); } +AsymAlgo::Type OSSLCryptoFactory::getGOSTType(const ByteString& param) +{ + char* name = new char[param.size() + 1]; + memset(name, 0, param.size() + 1); + memcpy(name, param.const_byte_str(), param.size()); + int nid = OBJ_txt2nid(name); + if(nid <= 0) + return AsymAlgo::Unknown; + switch (nid) + { + case NID_id_GostR3411_2012_256: + return AsymAlgo::GOST2012; + case NID_id_GostR3411_2012_512: + return AsymAlgo::GOST2012_512; + default: + return AsymAlgo::GOST; + } +} + #ifdef WITH_FIPS bool OSSLCryptoFactory::getFipsSelfTestStatus() const { diff --git a/src/lib/crypto/OSSLCryptoFactory.h b/src/lib/crypto/OSSLCryptoFactory.h index d718b69f7..cb11fe0ca 100644 --- a/src/lib/crypto/OSSLCryptoFactory.h +++ b/src/lib/crypto/OSSLCryptoFactory.h @@ -58,6 +58,11 @@ class OSSLCryptoFactory : public CryptoFactory virtual bool getFipsSelfTestStatus() const; #endif +#ifdef WITH_GOST + // Parse GOST key type + AsymAlgo::Type getGOSTType(const ByteString& param); +#endif + // Create a concrete instance of a symmetric algorithm virtual SymmetricAlgorithm* getSymmetricAlgorithm(SymAlgo::Type algorithm); From 42fbff713e77afe27d7b466b24cfad9dea69df1f Mon Sep 17 00:00:00 2001 From: gecheim Date: Mon, 12 Jul 2021 20:34:49 +0300 Subject: [PATCH 5/5] add support mechanism CKM_GOSTR3410_WITH_GOSTR3411_12_512 and CKM_GOSTR3410_WITH_GOSTR3411_12_256 --- src/lib/SoftHSM.cpp | 8 ++ src/lib/crypto/AsymmetricAlgorithm.h | 2 + src/lib/crypto/BotanGOST.h | 2 +- src/lib/crypto/BotanGOST2012.cpp | 145 +++++++++++++++++++++++++++ src/lib/crypto/BotanGOST2012.h | 8 ++ src/lib/crypto/BotanGOST2012_512.cpp | 144 ++++++++++++++++++++++++++ src/lib/crypto/BotanGOST2012_512.h | 10 ++ 7 files changed, 318 insertions(+), 1 deletion(-) diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp index dd73ae473..3868eabc3 100644 --- a/src/lib/SoftHSM.cpp +++ b/src/lib/SoftHSM.cpp @@ -4351,6 +4351,14 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan mechanism = AsymMech::GOST_GOST; bAllowMultiPartOp = true; break; + case CKM_GOSTR3410_WITH_GOSTR3411_12_256: + mechanism = AsymMech::GOST_GOST_256; + bAllowMultiPartOp = true; + break; + case CKM_GOSTR3410_WITH_GOSTR3411_12_512: + mechanism = AsymMech::GOST_GOST_512; + bAllowMultiPartOp = true; + break; #endif #ifdef WITH_EDDSA case CKM_EDDSA: diff --git a/src/lib/crypto/AsymmetricAlgorithm.h b/src/lib/crypto/AsymmetricAlgorithm.h index 500f64185..0d61547cf 100644 --- a/src/lib/crypto/AsymmetricAlgorithm.h +++ b/src/lib/crypto/AsymmetricAlgorithm.h @@ -89,6 +89,8 @@ struct AsymMech ECDSA, GOST, GOST_GOST, + GOST_GOST_256, + GOST_GOST_512, EDDSA }; }; diff --git a/src/lib/crypto/BotanGOST.h b/src/lib/crypto/BotanGOST.h index a8085ab1b..d91ccfd81 100644 --- a/src/lib/crypto/BotanGOST.h +++ b/src/lib/crypto/BotanGOST.h @@ -74,7 +74,7 @@ class BotanGOST : public AsymmetricAlgorithm virtual PrivateKey* newPrivateKey(); virtual AsymmetricParameters* newParameters(); -private: +protected: Botan::PK_Signer* signer; Botan::PK_Verifier* verifier; }; diff --git a/src/lib/crypto/BotanGOST2012.cpp b/src/lib/crypto/BotanGOST2012.cpp index 2f35ddd1b..c4bcaaa37 100644 --- a/src/lib/crypto/BotanGOST2012.cpp +++ b/src/lib/crypto/BotanGOST2012.cpp @@ -1,8 +1,13 @@ #include "BotanGOST2012.h" +#ifdef WITH_GOST +#include "BotanGOSTKeyPair.h" +#include "BotanRNG.h" +#include "BotanCryptoFactory.h" #include "ECParameters.h" #include #include +#include bool BotanGOST2012::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* rng) { @@ -32,3 +37,143 @@ bool BotanGOST2012::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricPar } return BotanGOST::generateKeyPair(ppKeyPair, parameters, rng); } + +// Signing functions +bool BotanGOST2012::signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, + const void* param /* = NULL */, const size_t paramLen /* = 0 */) +{ + if (!AsymmetricAlgorithm::signInit(privateKey, mechanism, param, paramLen)) + { + return false; + } + + // Check if the private key is the right type + if (!privateKey->isOfType(BotanGOSTPrivateKey::type)) + { + ERROR_MSG("Invalid key type supplied"); + + ByteString dummy; + AsymmetricAlgorithm::signFinal(dummy); + + return false; + } + + std::string emsa; + + switch (mechanism) + { + case AsymMech::GOST: + emsa = "Raw"; + break; + case AsymMech::GOST_GOST_256: + emsa = "EMSA1(Streebog-256)"; + break; + default: + ERROR_MSG("Invalid mechanism supplied (%i)", mechanism); + + ByteString dummy; + AsymmetricAlgorithm::signFinal(dummy); + + return false; + } + + BotanGOSTPrivateKey* pk = (BotanGOSTPrivateKey*) currentPrivateKey; + Botan::GOST_3410_PrivateKey* botanKey = pk->getBotanKey(); + + if (botanKey == NULL) + { + ERROR_MSG("Could not get the Botan private key"); + + ByteString dummy; + AsymmetricAlgorithm::signFinal(dummy); + + return false; + } + + try + { + BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); + signer = new Botan::PK_Signer(*botanKey, *rng->getRNG(), emsa); + } + catch (Botan::Exception except) + { + ERROR_MSG("Could not create the signer token. msg: %s", except.what()); + + ByteString dummy; + AsymmetricAlgorithm::signFinal(dummy); + + return false; + } + + return true; +} + +// Verification functions +bool BotanGOST2012::verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, + const void* param /* = NULL */, const size_t paramLen /* = 0 */) +{ + if (!AsymmetricAlgorithm::verifyInit(publicKey, mechanism, param, paramLen)) + { + return false; + } + + // Check if the public key is the right type + if (!publicKey->isOfType(BotanGOSTPublicKey::type)) + { + ERROR_MSG("Invalid key type supplied"); + + ByteString dummy; + AsymmetricAlgorithm::verifyFinal(dummy); + + return false; + } + + std::string emsa; + + switch (mechanism) + { + case AsymMech::GOST: + emsa = "Raw"; + break; + case AsymMech::GOST_GOST_256: + emsa = "EMSA1(Streebog-256)"; + break; + default: + ERROR_MSG("Invalid mechanism supplied (%i)", mechanism); + + ByteString dummy; + AsymmetricAlgorithm::verifyFinal(dummy); + + return false; + } + + BotanGOSTPublicKey* pk = (BotanGOSTPublicKey*) currentPublicKey; + Botan::GOST_3410_PublicKey* botanKey = pk->getBotanKey(); + + if (botanKey == NULL) + { + ERROR_MSG("Could not get the Botan public key"); + + ByteString dummy; + AsymmetricAlgorithm::verifyFinal(dummy); + + return false; + } + + try + { + verifier = new Botan::PK_Verifier(*botanKey, emsa); + } + catch (...) + { + ERROR_MSG("Could not create the verifier token"); + + ByteString dummy; + AsymmetricAlgorithm::verifyFinal(dummy); + + return false; + } + + return true; +} +#endif diff --git a/src/lib/crypto/BotanGOST2012.h b/src/lib/crypto/BotanGOST2012.h index 997e82a63..f4dd62467 100644 --- a/src/lib/crypto/BotanGOST2012.h +++ b/src/lib/crypto/BotanGOST2012.h @@ -3,12 +3,20 @@ #include "BotanGOST.h" +#ifdef WITH_GOST class BotanGOST2012 : public BotanGOST { public: BotanGOST2012() = default; bool generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* rng); + + // Signing functions + virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0); + + // Verification functions + virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0); }; +#endif #endif // BOTANGOST2012_H diff --git a/src/lib/crypto/BotanGOST2012_512.cpp b/src/lib/crypto/BotanGOST2012_512.cpp index 2cb530b84..f971d8ba7 100644 --- a/src/lib/crypto/BotanGOST2012_512.cpp +++ b/src/lib/crypto/BotanGOST2012_512.cpp @@ -1,4 +1,8 @@ #include "BotanGOST2012_512.h" +#ifdef WITH_GOST +#include "BotanGOSTKeyPair.h" +#include "BotanRNG.h" +#include "BotanCryptoFactory.h" #include "ECParameters.h" #include @@ -29,3 +33,143 @@ bool BotanGOST2012_512::generateKeyPair(AsymmetricKeyPair** ppKeyPair, Asymmetri } return BotanGOST::generateKeyPair(ppKeyPair, parameters, rng); } + +// Signing functions +bool BotanGOST2012_512::signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, + const void* param /* = NULL */, const size_t paramLen /* = 0 */) +{ + if (!AsymmetricAlgorithm::signInit(privateKey, mechanism, param, paramLen)) + { + return false; + } + + // Check if the private key is the right type + if (!privateKey->isOfType(BotanGOSTPrivateKey::type)) + { + ERROR_MSG("Invalid key type supplied"); + + ByteString dummy; + AsymmetricAlgorithm::signFinal(dummy); + + return false; + } + + std::string emsa; + + switch (mechanism) + { + case AsymMech::GOST: + emsa = "Raw"; + break; + case AsymMech::GOST_GOST_512: + emsa = "EMSA1(Streebog-512)"; + break; + default: + ERROR_MSG("Invalid mechanism supplied (%i)", mechanism); + + ByteString dummy; + AsymmetricAlgorithm::signFinal(dummy); + + return false; + } + + BotanGOSTPrivateKey* pk = (BotanGOSTPrivateKey*) currentPrivateKey; + Botan::GOST_3410_PrivateKey* botanKey = pk->getBotanKey(); + + if (botanKey == NULL) + { + ERROR_MSG("Could not get the Botan private key"); + + ByteString dummy; + AsymmetricAlgorithm::signFinal(dummy); + + return false; + } + + try + { + BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); + signer = new Botan::PK_Signer(*botanKey, *rng->getRNG(), emsa); + } + catch (...) + { + ERROR_MSG("Could not create the signer token"); + + ByteString dummy; + AsymmetricAlgorithm::signFinal(dummy); + + return false; + } + + return true; +} + +// Verification functions +bool BotanGOST2012_512::verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, + const void* param /* = NULL */, const size_t paramLen /* = 0 */) +{ + if (!AsymmetricAlgorithm::verifyInit(publicKey, mechanism, param, paramLen)) + { + return false; + } + + // Check if the public key is the right type + if (!publicKey->isOfType(BotanGOSTPublicKey::type)) + { + ERROR_MSG("Invalid key type supplied"); + + ByteString dummy; + AsymmetricAlgorithm::verifyFinal(dummy); + + return false; + } + + std::string emsa; + + switch (mechanism) + { + case AsymMech::GOST: + emsa = "Raw"; + break; + case AsymMech::GOST_GOST_512: + emsa = "EMSA1(Streebog-512)"; + break; + default: + ERROR_MSG("Invalid mechanism supplied (%i)", mechanism); + + ByteString dummy; + AsymmetricAlgorithm::verifyFinal(dummy); + + return false; + } + + BotanGOSTPublicKey* pk = (BotanGOSTPublicKey*) currentPublicKey; + Botan::GOST_3410_PublicKey* botanKey = pk->getBotanKey(); + + if (botanKey == NULL) + { + ERROR_MSG("Could not get the Botan public key"); + + ByteString dummy; + AsymmetricAlgorithm::verifyFinal(dummy); + + return false; + } + + try + { + verifier = new Botan::PK_Verifier(*botanKey, emsa); + } + catch (...) + { + ERROR_MSG("Could not create the verifier token"); + + ByteString dummy; + AsymmetricAlgorithm::verifyFinal(dummy); + + return false; + } + + return true; +} +#endif diff --git a/src/lib/crypto/BotanGOST2012_512.h b/src/lib/crypto/BotanGOST2012_512.h index 423bafdc7..297a21932 100644 --- a/src/lib/crypto/BotanGOST2012_512.h +++ b/src/lib/crypto/BotanGOST2012_512.h @@ -3,12 +3,22 @@ #include "BotanGOST.h" +#ifdef WITH_GOST + class BotanGOST2012_512 : public BotanGOST { public: BotanGOST2012_512() = default; bool generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* rng); + + // Signing functions + virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0); + + // Verification functions + virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0); }; +#endif + #endif // BOTANGOST2012_512_H