GOST update to draft-01 format (not enabled by default, experimental).

diff --git a/dnssec_verify.c b/dnssec_verify.c
index 2f341add5012744a49da58e86d30924b62b5f2f7..17cbafd025dca5d17d0970ef0eddd4ad3d226b8e 100644 (file)
--- a/dnssec_verify.c
+++ b/dnssec_verify.c
@@ -1521,14 +1521,18 @@ ldns_gost2pkey_raw(unsigned char* key, size_t keylen)
                0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40};
        unsigned char encoded[37+64];
        const unsigned char* pp;
-       if(keylen != 64) {
+       if(keylen != 66) {
                /* key wrong size */
                return NULL;
        }
+       if(key[0] != 0 || key[1] != 0) {
+               /* unsupported GOST algo or digest paramset */
+               return NULL;
+       }
 
        /* create evp_key */
        memmove(encoded, asn, 37);
-       memmove(encoded+37, key, 64);
+       memmove(encoded+37, key+2, 64);
        pp = (unsigned char*)&encoded[0];
 
        return d2i_PUBKEY(NULL, &pp, sizeof(encoded));

diff --git a/host2str.c b/host2str.c
index 7a2f23ef542f237ce9e582eee7128c424f3595b3..dae4e765f6a5c52505ddba026995e22e4ee22416 100644 (file)
--- a/host2str.c
+++ b/host2str.c
@@ -1379,6 +1379,8 @@ ldns_gost_key2buffer_str(ldns_buffer *output, EVP_PKEY *p)
        ldns_rdf *b64_bignum;
        ldns_status status;
 
+       ldns_buffer_printf(output, "GostAsn1: ");
+
        ret = i2d_PrivateKey(p, &pp);
        b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, ret, pp);
        status = ldns_rdf2buffer_str(output, b64_bignum);
@@ -1686,7 +1688,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
                                /* no format defined, use blob */
 #if defined(HAVE_SSL) && defined(USE_GOST)
                                ldns_buffer_printf(output, "Private-key-format: v1.2\n");
-                               ldns_buffer_printf(output, "Algorithm: 211 (GOST)\n");
+                               ldns_buffer_printf(output, "Algorithm: %d (GOST)\n", LDNS_SIGN_GOST);
                                status = ldns_gost_key2buffer_str(output, k->_key.key);
 #endif
                                break;

diff --git a/keys.c b/keys.c
index ebf67b1a3aeaf3dbe9449d1d909bfc9d6b624219..4d03542460d9426151cd8497af2d73ce466a819f 100644 (file)
--- a/keys.c
+++ b/keys.c
@@ -153,7 +153,6 @@ ldns_key_EVP_load_gost_id(void)
 static EVP_PKEY*
 ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr)
 {
-       ssize_t len;
        char token[16384];
        const unsigned char* pp;
        int gost_id;
@@ -164,9 +163,15 @@ ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr)
        if(!gost_id)
                return NULL;
 
-       len = ldns_fget_token_l(fp, token, "", sizeof(token), line_nr);
-       if(len == -1)
+       if (ldns_fget_keyword_data_l(fp, "GostAsn1", ": ", token, "\n", 
+               sizeof(token), line_nr) == -1)
                return NULL;
+       while(strlen(token) < 96) {
+               /* read more b64 from the file, b64 split on multiple lines */
+               if(ldns_fget_token_l(fp, token+strlen(token), "\n",
+                       sizeof(token)-strlen(token), line_nr) == -1)
+                       return NULL;
+       }
        if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
                return NULL;
        pp = (unsigned char*)ldns_rdf_data(b64rdf);
@@ -261,7 +266,7 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
                fprintf(stderr, "version of ldns\n");
 #endif
        }
-       if (strncmp(d, "211 GOST", 4) == 0) {
+       if (strncmp(d, "249 GOST", 4) == 0) {
 #ifdef USE_GOST
                alg = LDNS_SIGN_GOST;
 #else
@@ -1106,10 +1111,13 @@ ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
                return false;
        }
        /* omit ASN header */
+       /* insert parameters */
+       data[0] = 0;
+       data[1] = 0;
        for(i=0; i<64; i++)
-               data[i] = pp[i+37];
+               data[i+2] = pp[i+37];
        CRYPTO_free(pp);
-       *size = 64;
+       *size = 66;
        return true;
 }
 #endif /* USE_GOST */

diff --git a/ldns/keys.h b/ldns/keys.h
index 89eff3cf0c5bd06f0a75e281408720193cb098be..d158c51f238b8c18952f539c3f44556581b75750 100644 (file)
--- a/ldns/keys.h
+++ b/ldns/keys.h
@@ -48,7 +48,7 @@ enum ldns_enum_algorithm
         LDNS_RSASHA1_NSEC3      = 7,
         LDNS_RSASHA256          = 8,   /* RFC 5702 */
         LDNS_RSASHA512          = 10,  /* RFC 5702 */
-        LDNS_GOST               = 211, /* not official */
+        LDNS_GOST               = 249, /* not official */
         LDNS_INDIRECT           = 252,
         LDNS_PRIVATEDNS         = 253,
         LDNS_PRIVATEOID         = 254