diff options
Diffstat (limited to 'SoftHSMv2/src/lib/crypto')
| -rw-r--r-- | SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp | 93 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp | 30 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp | 34 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/crypto/test/GOSTTests.h | 2 |
4 files changed, 152 insertions, 7 deletions
diff --git a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp index 890f135..e5bb3b4 100644 --- a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp +++ b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp @@ -38,6 +38,12 @@ #include "BotanRNG.h" #include "BotanUtil.h" #include <string.h> +#include <botan/pkcs8.h> +#include <botan/ber_dec.h> +#include <botan/der_enc.h> +#include <botan/asn1_oid.h> +#include <botan/oids.h> +#include <botan/version.h> // Constructors BotanGOSTPrivateKey::BotanGOSTPrivateKey() @@ -151,14 +157,93 @@ bool BotanGOSTPrivateKey::deserialise(ByteString& serialised) ByteString BotanGOSTPrivateKey::PKCS8Encode() { ByteString der; - // TODO - return der; + createBotanKey(); + if (eckey == NULL) return der; + // Force EC_DOMPAR_ENC_OID + const size_t PKCS8_VERSION = 0; +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) + const std::vector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); + const Botan::secure_vector<Botan::byte> ber = + Botan::DER_Encoder() + .start_cons(Botan::SEQUENCE) + .encode(PKCS8_VERSION) + .encode(alg_id) + .encode(eckey->private_key_bits(), Botan::OCTET_STRING) + .end_cons() + .get_contents(); +#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::vector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); + const Botan::secure_vector<Botan::byte> ber = + Botan::DER_Encoder() + .start_cons(Botan::SEQUENCE) + .encode(PKCS8_VERSION) + .encode(alg_id) + .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) + .end_cons() + .get_contents(); +#else + const Botan::MemoryVector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); + const Botan::SecureVector<Botan::byte> ber = + Botan::DER_Encoder() + .start_cons(Botan::SEQUENCE) + .encode(PKCS8_VERSION) + .encode(alg_id) + .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) + .end_cons() + .get_contents(); +#endif + der.resize(ber.size()); + memcpy(&der[0], &ber[0], ber.size()); + return der; } // Decode from PKCS#8 BER -bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/) +bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& ber) { - return false; + Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); + if (source.end_of_data()) return false; +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + Botan::secure_vector<Botan::byte> keydata; +#else + Botan::SecureVector<Botan::byte> keydata; +#endif + Botan::AlgorithmIdentifier alg_id; + Botan::GOST_3410_PrivateKey* key = NULL; + try + { + Botan::BER_Decoder(source) + .start_cons(Botan::SEQUENCE) + .decode_and_check<size_t>(0, "Unknown PKCS #8 version number") + .decode(alg_id) + .decode(keydata, Botan::OCTET_STRING) + .discard_remaining() + .end_cons(); + if (keydata.empty()) + throw Botan::Decoding_Error("PKCS #8 private key decoding failed"); + if (Botan::OIDS::lookup(alg_id.oid).compare("GOST-34.10")) + { + ERROR_MSG("Decoded private key not GOST-34.10"); + + return false; + } + key = new Botan::GOST_3410_PrivateKey(alg_id, keydata); + if (key == NULL) return false; + + setFromBotan(key); + + delete key; + } + catch (std::exception& e) + { + ERROR_MSG("Decode failed on %s", e.what()); + + return false; + } + + return true; } // Retrieve the Botan representation of the key diff --git a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp index 6371e8f..a68b720 100644 --- a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp +++ b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp @@ -36,6 +36,7 @@ #include "OSSLGOSTPrivateKey.h" #include "OSSLUtil.h" #include <string.h> +#include <openssl/x509.h> #include <openssl/ec.h> // DER of a private key @@ -172,13 +173,36 @@ bool OSSLGOSTPrivateKey::deserialise(ByteString& serialised) ByteString OSSLGOSTPrivateKey::PKCS8Encode() { ByteString der; - // TODO + if (pkey == NULL) return der; + PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(pkey); + if (p8inf == NULL) return der; + int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL); + if (len < 0) + { + PKCS8_PRIV_KEY_INFO_free(p8inf); + return der; + } + der.resize(len); + unsigned char* priv = &der[0]; + int len2 = i2d_PKCS8_PRIV_KEY_INFO(p8inf, &priv); + PKCS8_PRIV_KEY_INFO_free(p8inf); + if (len2 != len) der.wipe(); return der; } // Decode from PKCS#8 BER -bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/) +bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& ber) { - return false; + int len = ber.size(); + if (len <= 0) return false; + const unsigned char* priv = ber.const_byte_str(); + PKCS8_PRIV_KEY_INFO* p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &priv, len); + if (p8 == NULL) return false; + EVP_PKEY* key = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (key == NULL) return false; + setFromOSSL(key); + EVP_PKEY_free(key); + return true; } #endif diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp index 91f6876..50d42e0 100644 --- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp +++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp @@ -264,6 +264,40 @@ void GOSTTests::testSerialisation() gost->recycleKeyPair(dKP); } +void GOSTTests::testPKCS8() +{ + AsymmetricKeyPair* kp; + ECParameters *p; + ByteString curve = "06072a850302022301"; + + // Get parameters + p = new ECParameters; + CPPUNIT_ASSERT(p != NULL); + p->setEC(curve); + + // Generate key-pair + CPPUNIT_ASSERT(gost->generateKeyPair(&kp, p)); + CPPUNIT_ASSERT(kp != NULL); + + GOSTPrivateKey* priv = (GOSTPrivateKey*) kp->getPrivateKey(); + CPPUNIT_ASSERT(priv != NULL); + + // Encode and decode the private key + ByteString pkcs8 = priv->PKCS8Encode(); + CPPUNIT_ASSERT(pkcs8.size() != 0); + + GOSTPrivateKey* dPriv = (GOSTPrivateKey*) gost->newPrivateKey(); + CPPUNIT_ASSERT(dPriv != NULL); + + CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8)); + + CPPUNIT_ASSERT(priv->getD() == dPriv->getD()); + CPPUNIT_ASSERT(priv->getEC() == dPriv->getEC()); + + gost->recycleKeyPair(kp); + gost->recyclePrivateKey(dPriv); +} + void GOSTTests::testSigningVerifying() { AsymmetricKeyPair* kp; diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h index f243392..ac6bf01 100644 --- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h +++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h @@ -47,6 +47,7 @@ class GOSTTests : public CppUnit::TestFixture CPPUNIT_TEST(testHashKnownVector); CPPUNIT_TEST(testKeyGeneration); CPPUNIT_TEST(testSerialisation); + CPPUNIT_TEST(testPKCS8); CPPUNIT_TEST(testSigningVerifying); CPPUNIT_TEST(testSignVerifyKnownVector); CPPUNIT_TEST_SUITE_END(); @@ -57,6 +58,7 @@ public: void testHashKnownVector(); void testKeyGeneration(); void testSerialisation(); + void testPKCS8(); void testSigningVerifying(); void testSignVerifyKnownVector(); |