From: Dmitry Eremin-Solenikov Date: Fri, 21 Oct 2016 00:55:10 +0000 (+0300) Subject: Define GOST R 34.10 curves X-Git-Tag: gnutls_3_6_3~77^2~27 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=549e29dfca54afadd5983861bd6806dcc65fcfbc;p=thirdparty%2Fgnutls.git Define GOST R 34.10 curves Signed-off-by: Dmitry Eremin-Solenikov --- diff --git a/lib/algorithms.h b/lib/algorithms.h index fead2c2ed6..d105b3cd68 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -410,6 +410,7 @@ typedef struct gnutls_ecc_curve_entry_st { gnutls_pk_algorithm_t pk; unsigned size; /* the size in bytes */ unsigned sig_size; /* the size of curve signatures in bytes (EdDSA) */ + unsigned gost_curve; } gnutls_ecc_curve_entry_st; const gnutls_ecc_curve_entry_st diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index a757feb7bb..7537708d90 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -79,6 +79,62 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { .size = 32, .sig_size = 64 }, + { + .name = "CryptoPro-A", + .oid = "1.2.643.2.2.35.1", + .id = GNUTLS_ECC_CURVE_GOST256CPA, + .pk = GNUTLS_PK_UNKNOWN, + .size = 32, + .gost_curve = 1, + }, + { + .name = "CryptoPro-B", + .oid = "1.2.643.2.2.35.2", + .id = GNUTLS_ECC_CURVE_GOST256CPB, + .pk = GNUTLS_PK_UNKNOWN, + .size = 32, + .gost_curve = 1, + }, + { + .name = "CryptoPro-C", + .oid = "1.2.643.2.2.35.3", + .id = GNUTLS_ECC_CURVE_GOST256CPC, + .pk = GNUTLS_PK_UNKNOWN, + .size = 32, + .gost_curve = 1, + }, + { + .name = "CryptoPro-XchA", + .oid = "1.2.643.2.2.36.0", + .id = GNUTLS_ECC_CURVE_GOST256CPXA, + .pk = GNUTLS_PK_UNKNOWN, + .size = 32, + .gost_curve = 1, + }, + { + .name = "CryptoPro-XchB", + .oid = "1.2.643.2.2.36.1", + .id = GNUTLS_ECC_CURVE_GOST256CPXB, + .pk = GNUTLS_PK_UNKNOWN, + .size = 32, + .gost_curve = 1, + }, + { + .name = "TC26-512-A", + .oid = "1.2.643.7.1.2.1.2.1", + .id = GNUTLS_ECC_CURVE_GOST512A, + .pk = GNUTLS_PK_GOST_12_512, + .size = 64, + .gost_curve = 1, + }, + { + .name = "TC26-512-B", + .oid = "1.2.643.7.1.2.1.2.2", + .id = GNUTLS_ECC_CURVE_GOST512B, + .pk = GNUTLS_PK_GOST_12_512, + .size = 64, + .gost_curve = 1, + }, {0, 0, 0} }; @@ -162,6 +218,19 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name) return ret; } +static int _gnutls_ecc_pk_compatible(const gnutls_ecc_curve_entry_st *p, + gnutls_pk_algorithm_t pk) +{ + if (!_gnutls_pk_curve_exists(p->id)) + return 0; + + if (pk == GNUTLS_PK_GOST_01 || + pk == GNUTLS_PK_GOST_12_256) + return p->gost_curve && p->size == 32; + + return pk == p->pk; +} + /*- * _gnutls_ecc_bits_to_curve: * @bits: is a security parameter in bits @@ -175,11 +244,16 @@ gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(gnutls_pk_algorithm_t pk, int bits) if (pk == GNUTLS_PK_ECDSA) ret = GNUTLS_ECC_CURVE_SECP256R1; + else if (pk == GNUTLS_PK_GOST_01 || + pk == GNUTLS_PK_GOST_12_256) + ret = GNUTLS_ECC_CURVE_GOST256CPA; + else if (pk == GNUTLS_PK_GOST_12_512) + ret = GNUTLS_ECC_CURVE_GOST512A; else ret = GNUTLS_ECC_CURVE_ED25519; GNUTLS_ECC_CURVE_LOOP( - if (pk == p->pk && 8 * p->size >= (unsigned)bits && _gnutls_pk_curve_exists(p->id)) { + if (_gnutls_ecc_pk_compatible(p, pk) && 8 * p->size >= (unsigned)bits) { ret = p->id; break; } diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index e95879a543..a1e3aaf0cc 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -912,6 +912,13 @@ typedef enum { * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve * @GNUTLS_ECC_CURVE_X25519: the X25519 curve (ECDH only) * @GNUTLS_ECC_CURVE_ED25519: the Ed25519 curve + * @GNUTLS_ECC_CURVE_GOST256CPA: GOST R 34.10 CryptoPro 256 A curve + * @GNUTLS_ECC_CURVE_GOST256CPB: GOST R 34.10 CryptoPro 256 B curve + * @GNUTLS_ECC_CURVE_GOST256CPC: GOST R 34.10 CryptoPro 256 C curve + * @GNUTLS_ECC_CURVE_GOST256CPXA: GOST R 34.10 CryptoPro 256 XchA curve + * @GNUTLS_ECC_CURVE_GOST256CPXB: GOST R 34.10 CryptoPro 256 XchB curve + * @GNUTLS_ECC_CURVE_GOST512A: GOST R 34.10 TC26 512 A curve + * @GNUTLS_ECC_CURVE_GOST512B: GOST R 34.10 TC26 512 B curve * * Enumeration of ECC curves. */ @@ -924,7 +931,14 @@ typedef enum { GNUTLS_ECC_CURVE_SECP192R1, GNUTLS_ECC_CURVE_X25519, GNUTLS_ECC_CURVE_ED25519, - GNUTLS_ECC_CURVE_MAX = GNUTLS_ECC_CURVE_ED25519 + GNUTLS_ECC_CURVE_GOST256CPA, + GNUTLS_ECC_CURVE_GOST256CPB, + GNUTLS_ECC_CURVE_GOST256CPC, + GNUTLS_ECC_CURVE_GOST256CPXA, + GNUTLS_ECC_CURVE_GOST256CPXB, + GNUTLS_ECC_CURVE_GOST512A, + GNUTLS_ECC_CURVE_GOST512B, + GNUTLS_ECC_CURVE_MAX = GNUTLS_ECC_CURVE_GOST512B } gnutls_ecc_curve_t; /**