[thirdparty/openssl.git] / engines / ccgost / gost_sign.c

/**********************************************************************
 *                          gost_sign.c                               *
 *             Copyright (c) 2005-2006 Cryptocom LTD                  *
 *         This file is distributed under the same license as OpenSSL *
 *                                                                    *
 *       Implementation of GOST R 34.10-94 signature algorithm        *
 *       for OpenSSL                                                  *
 *          Requires OpenSSL 0.9.9 for compilation                    *
 **********************************************************************/
#include <string.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/err.h>

#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"

#ifdef DEBUG_SIGN
void dump_signature(const char *message, const unsigned char *buffer,
                    size_t len)
{
    size_t i;
    fprintf(stderr, "signature %s Length=%d", message, len);
    for (i = 0; i < len; i++) {
        if (i % 16 == 0)
            fputc('\n', stderr);
        fprintf(stderr, " %02x", buffer[i]);
    }
    fprintf(stderr, "\nEnd of signature\n");
}

void dump_dsa_sig(const char *message, DSA_SIG *sig)
{
    fprintf(stderr, "%s\nR=", message);
    BN_print_fp(stderr, sig->r);
    fprintf(stderr, "\nS=");
    BN_print_fp(stderr, sig->s);
    fprintf(stderr, "\n");
}

#else

# define dump_signature(a,b,c)
# define dump_dsa_sig(a,b)
#endif

/*
 * Computes signature and returns it as DSA_SIG structure
 */
DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
    BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
    DSA_SIG *newsig = NULL, *ret = NULL;
    BIGNUM *md = hashsum2bn(dgst);
    /* check if H(M) mod q is zero */
    BN_CTX *ctx = BN_CTX_new();
    if (!ctx) {
        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    BN_CTX_start(ctx);
    newsig = DSA_SIG_new();
    if (!newsig) {
        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    tmp = BN_CTX_get(ctx);
    k = BN_CTX_get(ctx);
    tmp2 = BN_CTX_get(ctx);
    if (!tmp || !k || !tmp2) {
        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    BN_mod(tmp, md, dsa->q, ctx);
    if (BN_is_zero(tmp)) {
        BN_one(md);
    }
    do {
        do {
            /*
             * Generate random number k less than q
             */
            BN_rand_range(k, dsa->q);
            /* generate r = (a^x mod p) mod q */
            BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
            if (!(newsig->r)) {
                newsig->r = BN_new();
                if (!newsig->r) {
                    GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
                    goto err;
                }
            }
            BN_mod(newsig->r, tmp, dsa->q, ctx);
        }
        while (BN_is_zero(newsig->r));
        /* generate s = (xr + k(Hm)) mod q */
        BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
        BN_mod_mul(tmp2, k, md, dsa->q, ctx);
        if (!newsig->s) {
            newsig->s = BN_new();
            if (!newsig->s) {
                GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
                goto err;
            }
        }
        BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
    }
    while (BN_is_zero(newsig->s));

    ret = newsig;
 err:
    BN_free(md);
    if (ctx) {
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
    }
    if (!ret && newsig) {
        DSA_SIG_free(newsig);
    }
    return ret;
}

/*
 * Packs signature according to Cryptocom rules
 * and frees up DSA_SIG structure
 */
/*-
int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
        {
        *siglen = 2*order;
        memset(sig,0,*siglen);
        store_bignum(s->r, sig,order);
        store_bignum(s->s, sig + order,order);
        dump_signature("serialized",sig,*siglen);
        DSA_SIG_free(s);
        return 1;
        }
*/
/*
 * Packs signature according to Cryptopro rules
 * and frees up DSA_SIG structure
 */
int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
{
    *siglen = 2 * order;
    memset(sig, 0, *siglen);
    store_bignum(s->s, sig, order);
    store_bignum(s->r, sig + order, order);
    dump_signature("serialized", sig, *siglen);
    DSA_SIG_free(s);
    return 1;
}

/*
 * Verifies signature passed as DSA_SIG structure
 *
 */

int gost_do_verify(const unsigned char *dgst, int dgst_len,
                   DSA_SIG *sig, DSA *dsa)
{
    BIGNUM *md = NULL, *tmp = NULL;
    BIGNUM *q2 = NULL;
    BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
    BIGNUM *tmp2 = NULL, *tmp3 = NULL;
    int ok = 0;
    BN_CTX *ctx = BN_CTX_new();
    if (!ctx) {
        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    BN_CTX_start(ctx);
    if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
        GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
        goto err;
    }
    md = hashsum2bn(dgst);

    tmp = BN_CTX_get(ctx);
    v = BN_CTX_get(ctx);
    q2 = BN_CTX_get(ctx);
    z1 = BN_CTX_get(ctx);
    z2 = BN_CTX_get(ctx);
    tmp2 = BN_CTX_get(ctx);
    tmp3 = BN_CTX_get(ctx);
    u = BN_CTX_get(ctx);
    if (!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    BN_mod(tmp, md, dsa->q, ctx);
    if (BN_is_zero(tmp)) {
        BN_one(md);
    }
    BN_copy(q2, dsa->q);
    BN_sub_word(q2, 2);
    BN_mod_exp(v, md, q2, dsa->q, ctx);
    BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
    BN_sub(tmp, dsa->q, sig->r);
    BN_mod_mul(z2, tmp, v, dsa->p, ctx);
    BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
    BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
    BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
    BN_mod(u, tmp3, dsa->q, ctx);
    ok = (BN_cmp(u, sig->r) == 0);

    if (!ok) {
        GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
    }
err:
    if (md)
        BN_free(md);
    if (ctx) {
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
    }
    return ok;
}

/*
 * Computes public keys for GOST R 34.10-94 algorithm
 *
 */
int gost94_compute_public(DSA *dsa)
{
    /* Now fill algorithm parameters with correct values */
    BN_CTX *ctx;
    if (!dsa->g) {
        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
        return 0;
    }
    ctx = BN_CTX_new();
    if (!ctx) {
        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
        return 0;
    }

    dsa->pub_key = BN_new();
    if (!dsa->pub_key) {
        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
        BN_CTX_free(ctx);
        return 0;
    }
    /* Compute public key  y = a^x mod p */
    BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
    BN_CTX_free(ctx);
    return 1;
}

/*
 * Fill GOST 94 params, searching them in R3410_paramset array
 * by nid of paramset
 *
 */
int fill_GOST94_params(DSA *dsa, int nid)
{
    R3410_params *params = R3410_paramset;
    while (params->nid != NID_undef && params->nid != nid)
        params++;
    if (params->nid == NID_undef) {
        GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
        return 0;
    }
#define dump_signature(a,b,c)
    if (dsa->p) {
        BN_free(dsa->p);
    }
    dsa->p = NULL;
    BN_dec2bn(&(dsa->p), params->p);
    if (dsa->q) {
        BN_free(dsa->q);
    }
    dsa->q = NULL;
    BN_dec2bn(&(dsa->q), params->q);
    if (dsa->g) {
        BN_free(dsa->g);
    }
    dsa->g = NULL;
    BN_dec2bn(&(dsa->g), params->a);
    return 1;
}

/*
 *  Generate GOST R 34.10-94 keypair
 *
 *
 */
int gost_sign_keygen(DSA *dsa)
{
    dsa->priv_key = BN_new();
    if (!dsa->priv_key) {
        GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    BN_rand_range(dsa->priv_key, dsa->q);
    return gost94_compute_public(dsa);
}

/* Unpack signature according to cryptocom rules  */
/*-
DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
        {
        DSA_SIG *s;
        s = DSA_SIG_new();
        if (s == NULL)
                {
                GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
        s->r = getbnfrombuf(sig, siglen/2);
        s->s = getbnfrombuf(sig + siglen/2, siglen/2);
        return s;
        }
*/
/* Unpack signature according to cryptopro rules  */
DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
{
    DSA_SIG *s;

    s = DSA_SIG_new();
    if (s == NULL) {
        GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    s->s = getbnfrombuf(sig, siglen / 2);
    s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
    return s;
}

/* Convert little-endian byte array into bignum */
BIGNUM *hashsum2bn(const unsigned char *dgst)
{
    unsigned char buf[32];
    int i;
    for (i = 0; i < 32; i++) {
        buf[31 - i] = dgst[i];
    }
    return getbnfrombuf(buf, 32);
}

/* Convert byte buffer to bignum, skipping leading zeros*/
BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
{
    while (*buf == 0 && len > 0) {
        buf++;
        len--;
    }
    if (len) {
        return BN_bin2bn(buf, len, NULL);
    } else {
        BIGNUM *b = BN_new();
        BN_zero(b);
        return b;
    }
}

/*
 * Pack bignum into byte buffer of given size, filling all leading bytes by
 * zeros
 */
int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
{
    int bytes = BN_num_bytes(bn);
    if (bytes > len)
        return 0;
    memset(buf, 0, len);
    BN_bn2bin(bn, buf + len - bytes);
    return 1;
}
Commit	Line	Data
a04549cc DSH	1	/**********************************************************************
	2	* gost_sign.c *
	3	* Copyright (c) 2005-2006 Cryptocom LTD *
	4	* This file is distributed under the same license as OpenSSL *
	5	* *
8711efb4	6	* Implementation of GOST R 34.10-94 signature algorithm *
a04549cc DSH	7	* for OpenSSL *
	8	* Requires OpenSSL 0.9.9 for compilation *
	9	**********************************************************************/
	10	#include <string.h>
	11	#include <openssl/rand.h>
	12	#include <openssl/bn.h>
	13	#include <openssl/dsa.h>
f50ffd10	14	#include <openssl/err.h>
a04549cc	15	#include <openssl/evp.h>
8817e2e0	16	#include <openssl/err.h>
a04549cc	17
926c41bd DSH	18	#include "gost_params.h"
926c41bd DSH	19	#include "gost_lcl.h"
a04549cc DSH	20	#include "e_gost_err.h"
a04549cc DSH	21
926c41bd	22	#ifdef DEBUG_SIGN
0f113f3e MC	23	void dump_signature(const char message, const unsigned char buffer,
	24	size_t len)
	25	{
	26	size_t i;
	27	fprintf(stderr, "signature %s Length=%d", message, len);
	28	for (i = 0; i < len; i++) {
	29	if (i % 16 == 0)
	30	fputc('\n', stderr);
	31	fprintf(stderr, " %02x", buffer[i]);
	32	}
	33	fprintf(stderr, "\nEnd of signature\n");
	34	}
a04549cc	35
926c41bd	36	void dump_dsa_sig(const char message, DSA_SIG sig)
0f113f3e MC	37	{
	38	fprintf(stderr, "%s\nR=", message);
	39	BN_print_fp(stderr, sig->r);
	40	fprintf(stderr, "\nS=");
	41	BN_print_fp(stderr, sig->s);
	42	fprintf(stderr, "\n");
	43	}
a04549cc DSH	44
	45	#else
	46
0f113f3e MC	47	# define dump_signature(a,b,c)
0f113f3e MC	48	# define dump_dsa_sig(a,b)
a04549cc DSH	49	#endif
	50
	51	/*
	52	* Computes signature and returns it as DSA_SIG structure
	53	*/
0f113f3e MC	54	DSA_SIG gost_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
	55	{
	56	BIGNUM k = NULL, tmp = NULL, *tmp2 = NULL;
68249414	57	DSA_SIG newsig = NULL, ret = NULL;
0f113f3e MC	58	BIGNUM *md = hashsum2bn(dgst);
	59	/* check if H(M) mod q is zero */
	60	BN_CTX *ctx = BN_CTX_new();
61986d32	61	if (!ctx) {
8817e2e0 MC	62	GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
	63	goto err;
	64	}
0f113f3e	65	BN_CTX_start(ctx);
8817e2e0	66	newsig = DSA_SIG_new();
0f113f3e MC	67	if (!newsig) {
	68	GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
	69	goto err;
	70	}
	71	tmp = BN_CTX_get(ctx);
	72	k = BN_CTX_get(ctx);
	73	tmp2 = BN_CTX_get(ctx);
61986d32	74	if (!tmp \|\| !k \|\| !tmp2) {
8817e2e0 MC	75	GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
	76	goto err;
	77	}
0f113f3e MC	78	BN_mod(tmp, md, dsa->q, ctx);
	79	if (BN_is_zero(tmp)) {
	80	BN_one(md);
	81	}
	82	do {
	83	do {
	84	/*
	85	* Generate random number k less than q
	86	*/
	87	BN_rand_range(k, dsa->q);
	88	/* generate r = (a^x mod p) mod q */
	89	BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
8817e2e0	90	if (!(newsig->r)) {
0f113f3e	91	newsig->r = BN_new();
61986d32	92	if (!newsig->r) {
8817e2e0 MC	93	GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
	94	goto err;
	95	}
	96	}
0f113f3e MC	97	BN_mod(newsig->r, tmp, dsa->q, ctx);
	98	}
	99	while (BN_is_zero(newsig->r));
	100	/* generate s = (xr + k(Hm)) mod q */
	101	BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
	102	BN_mod_mul(tmp2, k, md, dsa->q, ctx);
8817e2e0	103	if (!newsig->s) {
0f113f3e	104	newsig->s = BN_new();
61986d32	105	if (!newsig->s) {
8817e2e0 MC	106	GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
	107	goto err;
	108	}
	109	}
0f113f3e MC	110	BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
	111	}
	112	while (BN_is_zero(newsig->s));
8817e2e0 MC	113
8817e2e0 MC	114	ret = newsig;
0f113f3e MC	115	err:
0f113f3e MC	116	BN_free(md);
61986d32	117	if (ctx) {
8817e2e0 MC	118	BN_CTX_end(ctx);
	119	BN_CTX_free(ctx);
	120	}
61986d32	121	if (!ret && newsig) {
8817e2e0 MC	122	DSA_SIG_free(newsig);
	123	}
	124	return ret;
0f113f3e	125	}
a04549cc DSH	126
	127	/*
	128	* Packs signature according to Cryptocom rules
	129	* and frees up DSA_SIG structure
	130	*/
1d97c843	131	/*-
926c41bd	132	int pack_sign_cc(DSA_SIG s,int order,unsigned char sig, size_t *siglen)
0f113f3e MC	133	{
	134	siglen = 2order;
	135	memset(sig,0,*siglen);
	136	store_bignum(s->r, sig,order);
	137	store_bignum(s->s, sig + order,order);
	138	dump_signature("serialized",sig,*siglen);
	139	DSA_SIG_free(s);
	140	return 1;
	141	}
10f0c85c	142	*/
a04549cc DSH	143	/*
	144	* Packs signature according to Cryptopro rules
	145	* and frees up DSA_SIG structure
	146	*/
0f113f3e MC	147	int pack_sign_cp(DSA_SIG s, int order, unsigned char sig, size_t *siglen)
	148	{
	149	siglen = 2 order;
	150	memset(sig, 0, *siglen);
	151	store_bignum(s->s, sig, order);
	152	store_bignum(s->r, sig + order, order);
	153	dump_signature("serialized", sig, *siglen);
	154	DSA_SIG_free(s);
	155	return 1;
	156	}
a04549cc DSH	157
	158	/*
	159	* Verifies signature passed as DSA_SIG structure
	160	*
926c41bd	161	*/
a04549cc DSH	162
a04549cc DSH	163	int gost_do_verify(const unsigned char *dgst, int dgst_len,
0f113f3e MC	164	DSA_SIG sig, DSA dsa)
0f113f3e MC	165	{
8817e2e0	166	BIGNUM md = NULL, tmp = NULL;
0f113f3e MC	167	BIGNUM *q2 = NULL;
	168	BIGNUM u = NULL, v = NULL, z1 = NULL, z2 = NULL;
	169	BIGNUM tmp2 = NULL, tmp3 = NULL;
06affe3d	170	int ok = 0;
0f113f3e	171	BN_CTX *ctx = BN_CTX_new();
61986d32	172	if (!ctx) {
8817e2e0 MC	173	GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
	174	goto err;
	175	}
0f113f3e MC	176
	177	BN_CTX_start(ctx);
	178	if (BN_cmp(sig->s, dsa->q) >= 1 \|\| BN_cmp(sig->r, dsa->q) >= 1) {
	179	GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
8817e2e0	180	goto err;
0f113f3e MC	181	}
	182	md = hashsum2bn(dgst);
	183
	184	tmp = BN_CTX_get(ctx);
	185	v = BN_CTX_get(ctx);
	186	q2 = BN_CTX_get(ctx);
	187	z1 = BN_CTX_get(ctx);
	188	z2 = BN_CTX_get(ctx);
	189	tmp2 = BN_CTX_get(ctx);
	190	tmp3 = BN_CTX_get(ctx);
	191	u = BN_CTX_get(ctx);
61986d32	192	if (!tmp \|\| !v \|\| !q2 \|\| !z1 \|\| !z2 \|\| !tmp2 \|\| !tmp3 \|\| !u) {
8817e2e0 MC	193	GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
	194	goto err;
	195	}
a04549cc	196
0f113f3e MC	197	BN_mod(tmp, md, dsa->q, ctx);
	198	if (BN_is_zero(tmp)) {
	199	BN_one(md);
	200	}
	201	BN_copy(q2, dsa->q);
	202	BN_sub_word(q2, 2);
	203	BN_mod_exp(v, md, q2, dsa->q, ctx);
	204	BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
	205	BN_sub(tmp, dsa->q, sig->r);
	206	BN_mod_mul(z2, tmp, v, dsa->p, ctx);
	207	BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
	208	BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
	209	BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
	210	BN_mod(u, tmp3, dsa->q, ctx);
06affe3d	211	ok = (BN_cmp(u, sig->r) == 0);
0f113f3e	212
06affe3d	213	if (!ok) {
0f113f3e MC	214	GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
0f113f3e MC	215	}
8817e2e0	216	err:
61986d32 VD	217	if (md)
	218	BN_free(md);
	219	if (ctx) {
8817e2e0 MC	220	BN_CTX_end(ctx);
	221	BN_CTX_free(ctx);
	222	}
06affe3d	223	return ok;
0f113f3e	224	}
a04549cc DSH	225
	226	/*
	227	* Computes public keys for GOST R 34.10-94 algorithm
926c41bd	228	*
a04549cc DSH	229	*/
a04549cc DSH	230	int gost94_compute_public(DSA *dsa)
0f113f3e MC	231	{
0f113f3e MC	232	/* Now fill algorithm parameters with correct values */
8817e2e0	233	BN_CTX *ctx;
0f113f3e MC	234	if (!dsa->g) {
	235	GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
	236	return 0;
	237	}
8817e2e0	238	ctx = BN_CTX_new();
61986d32	239	if (!ctx) {
8817e2e0 MC	240	GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
	241	return 0;
	242	}
	243
0f113f3e	244	dsa->pub_key = BN_new();
61986d32	245	if (!dsa->pub_key) {
8817e2e0 MC	246	GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
	247	BN_CTX_free(ctx);
	248	return 0;
	249	}
	250	/* Compute public key y = a^x mod p */
0f113f3e MC	251	BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
	252	BN_CTX_free(ctx);
	253	return 1;
	254	}
a04549cc DSH	255
	256	/*
	257	* Fill GOST 94 params, searching them in R3410_paramset array
	258	* by nid of paramset
926c41bd DSH	259	*
926c41bd DSH	260	*/
0f113f3e MC	261	int fill_GOST94_params(DSA *dsa, int nid)
	262	{
	263	R3410_params *params = R3410_paramset;
	264	while (params->nid != NID_undef && params->nid != nid)
	265	params++;
	266	if (params->nid == NID_undef) {
	267	GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
	268	return 0;
	269	}
a04549cc	270	#define dump_signature(a,b,c)
0f113f3e MC	271	if (dsa->p) {
	272	BN_free(dsa->p);
	273	}
	274	dsa->p = NULL;
	275	BN_dec2bn(&(dsa->p), params->p);
	276	if (dsa->q) {
	277	BN_free(dsa->q);
	278	}
	279	dsa->q = NULL;
	280	BN_dec2bn(&(dsa->q), params->q);
	281	if (dsa->g) {
	282	BN_free(dsa->g);
	283	}
	284	dsa->g = NULL;
	285	BN_dec2bn(&(dsa->g), params->a);
	286	return 1;
	287	}
a04549cc DSH	288
	289	/*
	290	* Generate GOST R 34.10-94 keypair
a04549cc	291	*
926c41bd DSH	292	*
	293	*/
	294	int gost_sign_keygen(DSA *dsa)
0f113f3e MC	295	{
0f113f3e MC	296	dsa->priv_key = BN_new();
61986d32	297	if (!dsa->priv_key) {
8817e2e0 MC	298	GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
	299	return 0;
	300	}
0f113f3e MC	301	BN_rand_range(dsa->priv_key, dsa->q);
	302	return gost94_compute_public(dsa);
	303	}
926c41bd	304
a04549cc	305	/* Unpack signature according to cryptocom rules */
1d97c843	306	/*-
926c41bd	307	DSA_SIG unpack_cc_signature(const unsigned char sig,size_t siglen)
0f113f3e MC	308	{
	309	DSA_SIG *s;
	310	s = DSA_SIG_new();
	311	if (s == NULL)
	312	{
	313	GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,ERR_R_MALLOC_FAILURE);
	314	return(NULL);
	315	}
	316	s->r = getbnfrombuf(sig, siglen/2);
	317	s->s = getbnfrombuf(sig + siglen/2, siglen/2);
	318	return s;
	319	}
10f0c85c	320	*/
a04549cc	321	/* Unpack signature according to cryptopro rules */
0f113f3e MC	322	DSA_SIG unpack_cp_signature(const unsigned char sig, size_t siglen)
	323	{
	324	DSA_SIG *s;
a04549cc	325
0f113f3e MC	326	s = DSA_SIG_new();
	327	if (s == NULL) {
	328	GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, ERR_R_MALLOC_FAILURE);
	329	return NULL;
	330	}
	331	s->s = getbnfrombuf(sig, siglen / 2);
	332	s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
	333	return s;
	334	}
926c41bd	335
a04549cc	336	/* Convert little-endian byte array into bignum */
926c41bd	337	BIGNUM hashsum2bn(const unsigned char dgst)
0f113f3e MC	338	{
	339	unsigned char buf[32];
	340	int i;
	341	for (i = 0; i < 32; i++) {
	342	buf[31 - i] = dgst[i];
	343	}
	344	return getbnfrombuf(buf, 32);
	345	}
a04549cc DSH	346
a04549cc DSH	347	/* Convert byte buffer to bignum, skipping leading zeros*/
0f113f3e MC	348	BIGNUM getbnfrombuf(const unsigned char buf, size_t len)
	349	{
	350	while (*buf == 0 && len > 0) {
	351	buf++;
	352	len--;
	353	}
	354	if (len) {
	355	return BN_bin2bn(buf, len, NULL);
	356	} else {
	357	BIGNUM *b = BN_new();
	358	BN_zero(b);
	359	return b;
	360	}
	361	}
926c41bd	362
0f113f3e MC	363	/*
	364	* Pack bignum into byte buffer of given size, filling all leading bytes by
	365	* zeros
	366	*/
	367	int store_bignum(BIGNUM bn, unsigned char buf, int len)
	368	{
	369	int bytes = BN_num_bytes(bn);
	370	if (bytes > len)
	371	return 0;
	372	memset(buf, 0, len);
	373	BN_bn2bin(bn, buf + len - bytes);
	374	return 1;
	375	}