lib: implement support for updated GOST PublicKeyParameters

Recomendation for standardization R 1323565.1.023-2018 has made changes
to PublicKeyParameters for GOST R 34.10-2012 keys. It has removed
encryptionParamSet (since now S-BOX is basically fixed as TC26-Z) and
made digestParamSet OPTIONAL (as it can be concluded from public key
OID). Implement these requirements.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2 files changed, 30 insertions, 21 deletions

diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index 00f1950acb..e42f5e0962 100644
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -453,6 +453,8 @@ _gnutls_x509_read_gost_params(uint8_t * der, int dersize,
 	gnutls_gost_paramset_t param;
 
 	if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(),
+				       algo == GNUTLS_PK_GOST_01 ?
+				       "GNUTLS.GOSTParametersOld" :
 				       "GNUTLS.GOSTParameters",
 				       &spk)) != ASN1_SUCCESS) {
 		gnutls_assert();
@@ -487,7 +489,8 @@ _gnutls_x509_read_gost_params(uint8_t * der, int dersize,
 	/* Read the digest */
 	oid_size = sizeof(oid);
 	ret = asn1_read_value(spk, "digestParamSet", oid, &oid_size);
-	if (ret != ASN1_SUCCESS) {
+	if (ret != ASN1_SUCCESS &&
+	    ret != ASN1_ELEMENT_NOT_FOUND) {
 		gnutls_assert();
 		ret = _gnutls_asn2err(ret);
 		goto cleanup;
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 5cd6763cd0..9035ea1706 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -540,7 +540,10 @@ _gnutls_x509_write_gost_params(gnutls_pk_params_st * params,
 
 
 	if ((result = asn1_create_element
-	     (_gnutls_get_gnutls_asn(), "GNUTLS.GOSTParameters", &spk))
+	     (_gnutls_get_gnutls_asn(),
+	      params->algo == GNUTLS_PK_GOST_01 ?
+	      "GNUTLS.GOSTParametersOld" :
+	      "GNUTLS.GOSTParameters", &spk))
 	    != ASN1_SUCCESS) {
 		gnutls_assert();
 		return _gnutls_asn2err(result);
@@ -554,21 +557,22 @@ _gnutls_x509_write_gost_params(gnutls_pk_params_st * params,
 		goto cleanup;
 	}
 
+	/* For compatibility per R 1323565.1.023—2018 provide digest OID only
+	 * for GOST-2001 keys or GOST-2012 keys with CryptoPro curves. Do not
+	 * set this optional paramter for TC26 curves */
 	if (params->algo == GNUTLS_PK_GOST_01)
 		oid = HASH_OID_GOST_R_3411_94_CRYPTOPRO_PARAMS;
-	else if (params->algo == GNUTLS_PK_GOST_12_256)
+	else if (params->algo == GNUTLS_PK_GOST_12_256 &&
+		 (params->curve == GNUTLS_ECC_CURVE_GOST256CPA ||
+		  params->curve == GNUTLS_ECC_CURVE_GOST256CPB ||
+		  params->curve == GNUTLS_ECC_CURVE_GOST256CPC ||
+		  params->curve == GNUTLS_ECC_CURVE_GOST256CPXA ||
+		  params->curve == GNUTLS_ECC_CURVE_GOST256CPXB))
 		oid = HASH_OID_STREEBOG_256;
-	else if (params->algo == GNUTLS_PK_GOST_12_512)
-		oid = HASH_OID_STREEBOG_512;
-	else {
-		gnutls_assert();
-		result = GNUTLS_E_INVALID_REQUEST;
-		goto cleanup;
-	}
+	else
+		oid = NULL;
 
-	if ((result =
-	     asn1_write_value(spk, "digestParamSet", oid,
-			      1)) != ASN1_SUCCESS) {
+	if ((result = asn1_write_value(spk, "digestParamSet", oid, oid ? 1 : 0)) != ASN1_SUCCESS) {
 		gnutls_assert();
 		result = _gnutls_asn2err(result);
 		goto cleanup;
@@ -581,15 +585,17 @@ _gnutls_x509_write_gost_params(gnutls_pk_params_st * params,
 		goto cleanup;
 	}
 
-	if (params->gost_params == _gnutls_gost_paramset_default(params->algo))
-		oid = NULL;
+	if (params->algo == GNUTLS_PK_GOST_01) {
+		if (params->gost_params == _gnutls_gost_paramset_default(params->algo))
+			oid = NULL;
 
-	if ((result =
-	     asn1_write_value(spk, "encryptionParamSet", oid,
-			      oid ? 1 : 0)) != ASN1_SUCCESS) {
-		gnutls_assert();
-		result = _gnutls_asn2err(result);
-		goto cleanup;
+		if ((result =
+		     asn1_write_value(spk, "encryptionParamSet", oid,
+				      oid ? 1 : 0)) != ASN1_SUCCESS) {
+			gnutls_assert();
+			result = _gnutls_asn2err(result);
+			goto cleanup;
+		}
 	}
 
 	result = _gnutls_x509_der_encode(spk, "", der, 0);