diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-09-20 07:53:15 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-09-20 07:53:15 +0000 |
| commit | 96f2e1923a8c32dcfe21e6a7b64b5861f4f31bdf (patch) | |
| tree | 5589384e5b97b716539e3dc97062a956bc68c417 | |
| parent | d165c2a37f7d072cc88db88ec97f057a9ac6e4aa (diff) | |
| parent | 7339f222c9ea52cd6c1177f7d749cd0dba278203 (diff) | |
| download | gnutls-96f2e1923a8c32dcfe21e6a7b64b5861f4f31bdf.tar.gz | |
Merge branch 'gost-endianness' into 'master'
GOST endianness
See merge request gnutls/gnutls!755
| -rw-r--r-- | lib/mpi.c | 26 | ||||
| -rw-r--r-- | lib/mpi.h | 1 | ||||
| -rw-r--r-- | lib/pk.c | 6 | ||||
| -rw-r--r-- | lib/privkey_raw.c | 6 | ||||
| -rw-r--r-- | lib/pubkey.c | 15 | ||||
| -rw-r--r-- | lib/x509/output.c | 14 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 12 | ||||
| -rw-r--r-- | src/certtool-common.c | 15 | ||||
| -rw-r--r-- | tests/cert-tests/data/gost-cert.pem | 5 | ||||
| -rw-r--r-- | tests/key-export-pkcs8.c | 6 | ||||
| -rw-r--r-- | tests/key-import-export.c | 6 |
11 files changed, 89 insertions, 23 deletions
@@ -175,6 +175,32 @@ _gnutls_mpi_init_scan_le(bigint_t * ret_mpi, const void *buffer, size_t nbytes) return 0; } +int _gnutls_mpi_dprint_le(const bigint_t a, gnutls_datum_t * dest) +{ + int ret; + uint8_t *buf = NULL; + size_t bytes = 0; + + if (dest == NULL || a == NULL) + return GNUTLS_E_INVALID_REQUEST; + + _gnutls_mpi_print_le(a, NULL, &bytes); + if (bytes != 0) + buf = gnutls_malloc(bytes); + if (buf == NULL) + return GNUTLS_E_MEMORY_ERROR; + + ret = _gnutls_mpi_print_le(a, buf, &bytes); + if (ret < 0) { + gnutls_free(buf); + return ret; + } + + dest->data = buf; + dest->size = bytes; + return 0; +} + /* Always has the first bit zero */ int _gnutls_mpi_dprint_lz(const bigint_t a, gnutls_datum_t * dest) { @@ -79,6 +79,7 @@ int _gnutls_mpi_init_scan_nz(bigint_t * ret_mpi, const void *buffer, int _gnutls_mpi_init_scan_le(bigint_t * ret_mpi, const void *buffer, size_t nbytes); +int _gnutls_mpi_dprint_le(const bigint_t a, gnutls_datum_t * dest); int _gnutls_mpi_dprint_lz(const bigint_t a, gnutls_datum_t * dest); int _gnutls_mpi_dprint(const bigint_t a, gnutls_datum_t * dest); int _gnutls_mpi_dprint_size(const bigint_t a, gnutls_datum_t * dest, @@ -1096,11 +1096,7 @@ int _gnutls_params_get_gost_raw(const gnutls_pk_params_st* params, unsigned int flags) { int ret; - mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; - - if (flags & GNUTLS_EXPORT_FLAG_NO_LZ) - dprint = _gnutls_mpi_dprint; - + mpi_dprint_func dprint = _gnutls_mpi_dprint_le; if (params == NULL) { gnutls_assert(); diff --git a/lib/privkey_raw.c b/lib/privkey_raw.c index 69c810d140..c78c6b71f8 100644 --- a/lib/privkey_raw.c +++ b/lib/privkey_raw.c @@ -273,6 +273,9 @@ int ret; * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * Note: parameters will be stored with least significant byte first. On + * version 3.6.3 this was incorrectly returned in big-endian format. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.6.3 @@ -481,6 +484,9 @@ error: * GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on * @digest. * + * Note: parameters should be stored with least significant byte first. On + * version 3.6.3 big-endian format was used incorrectly. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * diff --git a/lib/pubkey.c b/lib/pubkey.c index ad8986f6f2..34aea10ad8 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -985,6 +985,9 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key, * the given key. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * Note: parameters will be stored with least significant byte first. On + * version 3.6.3 this was incorrectly returned in big-endian format. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.6.3 @@ -999,10 +1002,7 @@ gnutls_pubkey_export_gost_raw2(gnutls_pubkey_t key, { int ret; - mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; - - if (flags & GNUTLS_EXPORT_FLAG_NO_LZ) - dprint = _gnutls_mpi_dprint; + mpi_dprint_func dprint = _gnutls_mpi_dprint_le; if (key == NULL) { gnutls_assert(); @@ -1530,6 +1530,9 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, * GNUTLS_DIG_STREEBOG_512. If @paramset is set to GNUTLS_GOST_PARAMSET_UNKNOWN * default one will be selected depending on @digest. * + * Note: parameters should be stored with least significant byte first. On + * version 3.6.3 big-endian format was used incorrectly. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -1564,7 +1567,7 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, key->params.curve = curve; key->params.gost_params = paramset; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_X], x->data, x->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1572,7 +1575,7 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_Y], y->data, y->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; diff --git a/lib/x509/output.c b/lib/x509/output.c index 4fc37d6253..9c9d30290f 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -1203,6 +1203,18 @@ print_extensions(gnutls_buffer_st * str, const char *prefix, int type, } } +static void reverse_datum(gnutls_datum_t *d) +{ + unsigned int i; + unsigned char c; + + for (i = 0; i < d->size / 2; i++) { + c = d->data[i]; + d->data[i] = d->data[d->size - i - 1]; + d->data[d->size - i - 1] = c; + } +} + static void print_pubkey(gnutls_buffer_st * str, const char *key_name, gnutls_pubkey_t pubkey, gnutls_x509_spki_st *spki, @@ -1428,6 +1440,8 @@ print_pubkey(gnutls_buffer_st * str, const char *key_name, gnutls_digest_get_name(digest)); addf(str, _("\t\tParamSet: %s\n"), gnutls_gost_paramset_get_name(param)); + reverse_datum(&x); + reverse_datum(&y); if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS) { adds(str, _("\t\tX: ")); diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 0ee32ed960..c018f6dc97 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1197,6 +1197,9 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, * GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on * @digest. * + * Note: parameters should be stored with least significant byte first. On + * version 3.6.3 big-endian format was used incorrectly. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -1226,7 +1229,7 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, key->params.gost_params = paramset; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_X], x->data, x->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1234,7 +1237,7 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_Y], y->data, y->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1242,7 +1245,7 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_K], k->data, k->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1562,6 +1565,9 @@ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * Note: parameters will be stored with least significant byte first. On + * version 3.6.3 this was incorrectly returned in big-endian format. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * diff --git a/src/certtool-common.c b/src/certtool-common.c index e44ed5d5aa..acd314a0ac 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -913,6 +913,18 @@ print_ecc_pkey(FILE * outfile, gnutls_ecc_curve_t curve, } } +static void reverse_datum(gnutls_datum_t *d) +{ + unsigned int i; + unsigned char c; + + for (i = 0; i < d->size / 2; i++) { + c = d->data[i]; + d->data[i] = d->data[d->size - i - 1]; + d->data[d->size - i - 1] = c; + } +} + void print_gost_pkey(FILE * outfile, gnutls_ecc_curve_t curve, gnutls_digest_algorithm_t digest, gnutls_gost_paramset_t paramset, @@ -941,9 +953,12 @@ print_gost_pkey(FILE * outfile, gnutls_ecc_curve_t curve, gnutls_gost_paramset_get_name(paramset)); if (k) { + reverse_datum(k); print_head(outfile, "private key", k->size, cprint); print_hex_datum(outfile, k, cprint); } + reverse_datum(x); + reverse_datum(y); print_head(outfile, "x", x->size, cprint); print_hex_datum(outfile, x, cprint); print_head(outfile, "y", y->size, cprint); diff --git a/tests/cert-tests/data/gost-cert.pem b/tests/cert-tests/data/gost-cert.pem index 1501f83c4c..bec29b8bb5 100644 --- a/tests/cert-tests/data/gost-cert.pem +++ b/tests/cert-tests/data/gost-cert.pem @@ -12,9 +12,8 @@ X.509 Certificate Information: Digest: GOSTR341194 ParamSet: CryptoPro-A X: - 00:e0:35:f2:a8:40:cf:ea:25:63:b5:c1:eb:fa:fd:1d - 7f:45:d6:2a:31:96:56:35:75:25:19:f6:62:69:db:da - eb + e0:35:f2:a8:40:cf:ea:25:63:b5:c1:eb:fa:fd:1d:7f + 45:d6:2a:31:96:56:35:75:25:19:f6:62:69:db:da:eb Y: 57:41:b2:c1:e2:1f:7b:d0:13:c8:dd:eb:9f:ba:cb:42 a3:63:c7:0b:f4:e9:24:d7:dd:e9:34:8d:12:18:67:d8 diff --git a/tests/key-export-pkcs8.c b/tests/key-export-pkcs8.c index 9e684e719b..aa11bd7405 100644 --- a/tests/key-export-pkcs8.c +++ b/tests/key-export-pkcs8.c @@ -55,9 +55,9 @@ unsigned char false_ed25519_x[] = "\xac\xac\x9a\xb3\xc3\x41\x8d\x41\x22\x21\xc1\ unsigned char ed25519_x[] = "\xab\xaf\x98\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x86\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; unsigned char ed25519_k[] = "\x1c\xa9\x23\xdc\x35\xa8\xfd\xd6\x2d\xa8\x98\xb9\x60\x7b\xce\x10\x3d\xf4\x64\xc6\xe5\x4b\x0a\x65\x56\x6a\x3c\x73\x65\x51\xa2\x2f"; -unsigned char gost_x[] = "\x00\xc0\x0f\x88\x63\xd2\xdd\x10\xdf\x3c\x5e\xd8\x1a\xbc\x5a\x3d\x2c\xdd\x50\xbd\xcf\x55\x44\x91\x73\x3c\x60\xa8\xc6\xf4\xe9\xbb\xd0"; -unsigned char gost_y[] = "\x37\x5b\xbd\x56\xfa\xb0\x3c\x6f\x21\x43\xac\x41\x86\xba\xc6\x24\xf5\xb4\x39\x94\x78\x66\x5f\x57\xff\x33\xc8\x0b\x3c\x96\xec\x8a"; -unsigned char gost_k[] = "\x00\xa5\x7f\x2e\x14\xb8\x90\x98\x34\x23\x78\x2f\xcd\x43\xd8\xf9\x66\x19\x31\xca\x1f\x82\xc3\xe0\x67\x1a\x58\xf8\x8a\x2c\x41\x59\x47"; +unsigned char gost_x[] = "\xd0\xbb\xe9\xf4\xc6\xa8\x60\x3c\x73\x91\x44\x55\xcf\xbd\x50\xdd\x2c\x3d\x5a\xbc\x1a\xd8\x5e\x3c\xdf\x10\xdd\xd2\x63\x88\x0f\xc0"; +unsigned char gost_y[] = "\x8a\xec\x96\x3c\x0b\xc8\x33\xff\x57\x5f\x66\x78\x94\x39\xb4\xf5\x24\xc6\xba\x86\x41\xac\x43\x21\x6f\x3c\xb0\xfa\x56\xbd\x5b\x37"; +unsigned char gost_k[] = "\x47\x59\x41\x2c\x8a\xf8\x58\x1a\x67\xe0\xc3\x82\x1f\xca\x31\x19\x66\xf9\xd8\x43\xcd\x2f\x78\x23\x34\x98\x90\xb8\x14\x2e\x7f\xa5"; gnutls_datum_t _dsa_p = {dsa_p, sizeof(dsa_p)-1}; gnutls_datum_t _dsa_q = {dsa_q, sizeof(dsa_q)-1}; diff --git a/tests/key-import-export.c b/tests/key-import-export.c index 143db05632..8fdea07f95 100644 --- a/tests/key-import-export.c +++ b/tests/key-import-export.c @@ -88,9 +88,9 @@ unsigned char false_ed25519_x[] = "\xac\xac\x9a\xb3\xc3\x41\x8d\x41\x22\x21\xc1\ unsigned char ed25519_x[] = "\xab\xaf\x98\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x86\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; unsigned char ed25519_k[] = "\x1c\xa9\x23\xdc\x35\xa8\xfd\xd6\x2d\xa8\x98\xb9\x60\x7b\xce\x10\x3d\xf4\x64\xc6\xe5\x4b\x0a\x65\x56\x6a\x3c\x73\x65\x51\xa2\x2f"; -unsigned char gost_x[] = "\x00\xc0\x0f\x88\x63\xd2\xdd\x10\xdf\x3c\x5e\xd8\x1a\xbc\x5a\x3d\x2c\xdd\x50\xbd\xcf\x55\x44\x91\x73\x3c\x60\xa8\xc6\xf4\xe9\xbb\xd0"; -unsigned char gost_y[] = "\x37\x5b\xbd\x56\xfa\xb0\x3c\x6f\x21\x43\xac\x41\x86\xba\xc6\x24\xf5\xb4\x39\x94\x78\x66\x5f\x57\xff\x33\xc8\x0b\x3c\x96\xec\x8a"; -unsigned char gost_k[] = "\x00\xa5\x7f\x2e\x14\xb8\x90\x98\x34\x23\x78\x2f\xcd\x43\xd8\xf9\x66\x19\x31\xca\x1f\x82\xc3\xe0\x67\x1a\x58\xf8\x8a\x2c\x41\x59\x47"; +unsigned char gost_x[] = "\xd0\xbb\xe9\xf4\xc6\xa8\x60\x3c\x73\x91\x44\x55\xcf\xbd\x50\xdd\x2c\x3d\x5a\xbc\x1a\xd8\x5e\x3c\xdf\x10\xdd\xd2\x63\x88\x0f\xc0"; +unsigned char gost_y[] = "\x8a\xec\x96\x3c\x0b\xc8\x33\xff\x57\x5f\x66\x78\x94\x39\xb4\xf5\x24\xc6\xba\x86\x41\xac\x43\x21\x6f\x3c\xb0\xfa\x56\xbd\x5b\x37"; +unsigned char gost_k[] = "\x47\x59\x41\x2c\x8a\xf8\x58\x1a\x67\xe0\xc3\x82\x1f\xca\x31\x19\x66\xf9\xd8\x43\xcd\x2f\x78\x23\x34\x98\x90\xb8\x14\x2e\x7f\xa5"; gnutls_datum_t _dsa_p = {dsa_p, sizeof(dsa_p)-1}; gnutls_datum_t _dsa_q = {dsa_q, sizeof(dsa_q)-1}; |