├── .cirrus.yml ├── .editorconfig ├── .github ├── before_script.sh ├── script.sh └── workflows │ ├── ci.yml │ ├── codeql-analysis.yml │ ├── coverity.yml │ └── windows.yml ├── .gitignore ├── .gitmodules ├── CMakeLists.txt ├── INSTALL.md ├── LICENSE ├── README.gost ├── README.md ├── README.prov.md ├── benchmark └── sign.c ├── e_gost_err.c ├── e_gost_err.h ├── e_gost_err.proto ├── ecp_id_GostR3410_2001_CryptoPro_A_ParamSet.c ├── ecp_id_GostR3410_2001_CryptoPro_B_ParamSet.c ├── ecp_id_GostR3410_2001_CryptoPro_C_ParamSet.c ├── ecp_id_GostR3410_2001_TestParamSet.c ├── ecp_id_tc26_gost_3410_2012_256_paramSetA.c ├── ecp_id_tc26_gost_3410_2012_512_paramSetA.c ├── ecp_id_tc26_gost_3410_2012_512_paramSetB.c ├── ecp_id_tc26_gost_3410_2012_512_paramSetC.c ├── etalon ├── M1 ├── M2 ├── M3 ├── M4 ├── M5 ├── M6 ├── carry ├── dgst.result ├── gh.dat ├── mac.txt ├── magma.dat └── make4Gb ├── example.conf ├── getopt.h ├── gost-engine.h ├── gost.ec ├── gost.txt ├── gost.txt.old ├── gost12sum.1 ├── gost12sum.c ├── gost89.c ├── gost89.h ├── gost_ameth.c ├── gost_asn1.c ├── gost_crypt.c ├── gost_ctl.c ├── gost_ec_keyx.c ├── gost_ec_sign.c ├── gost_eng.c ├── gost_gost2015.c ├── gost_gost2015.h ├── gost_grasshopper.h ├── gost_grasshopper_cipher.c ├── gost_grasshopper_cipher.h ├── gost_grasshopper_core.c ├── gost_grasshopper_core.h ├── gost_grasshopper_defines.c ├── gost_grasshopper_defines.h ├── gost_grasshopper_galois_precompiled.c ├── gost_grasshopper_math.h ├── gost_grasshopper_precompiled.c ├── gost_grasshopper_precompiled.h ├── gost_keyexpimp.c ├── gost_keywrap.c ├── gost_keywrap.h ├── gost_lcl.h ├── gost_md.c ├── gost_md2012.c ├── gost_omac.c ├── gost_omac_acpkm.c ├── gost_params.c ├── gost_pmeth.c ├── gost_prov.c ├── gost_prov.h ├── gost_prov_cipher.c ├── gost_prov_digest.c ├── gost_prov_mac.c ├── gosthash.c ├── gosthash.h ├── gosthash2012.c ├── gosthash2012.h ├── gosthash2012_const.h ├── gosthash2012_precalc.h ├── gosthash2012_ref.h ├── gosthash2012_sse2.h ├── gostsum.1 ├── gostsum.c ├── openssl_wrap.sh ├── tcl_tests ├── 097.ciphers ├── 098.ciphers ├── _exists ├── aes0.enc ├── aes1.enc ├── apache.try ├── asn.tcl ├── base64.tcl ├── ca.try ├── calchash.tcl ├── calcstat ├── cbc0.enc ├── cbc1.enc ├── cfb0.enc ├── cfb1.enc ├── ciphers.try ├── client.try ├── cms.try ├── cms2.try ├── cms_cs.try ├── cms_io.try ├── cmsenc.try ├── cmsenc_cs.try ├── cmsenc_io.try ├── cmsenc_sc.try ├── cmstc262019.try ├── cnt0.enc ├── cnt1.enc ├── cp10.ciphers ├── cp20.ciphers ├── cp21.ciphers ├── csp3.ciphers ├── csp36.ciphers ├── csp36r2.ciphers ├── csp36r3.ciphers ├── csp36r4.ciphers ├── csp39.ciphers ├── csp4.ciphers ├── csp4r2.ciphers ├── csp4r3.ciphers ├── csp5.ciphers ├── dgst.try ├── dgst_CF.dat ├── dgst_ex1.dat ├── dgst_ex2.dat ├── enc.try ├── engine.try ├── enums.tcl ├── getengine.tcl ├── http.tcl ├── hwkeys.tcl ├── interop.try ├── kbstrike.exe ├── key.pem ├── mac-grasshopper.dat ├── mac-magma.dat ├── mac.try ├── macpkm1.enc ├── magma1.enc ├── magma_acpkm_plain.enc ├── magma_enc ├── magma_plain ├── magma_plain.enc ├── make_other.sh ├── mkn2o.tcl ├── mkoidf.tcl ├── name2oid.tcl ├── name2oid.tst ├── nopath.try ├── ocsp.try ├── oidfile ├── openssl-gost.cnf ├── opnssl.sh ├── ossltest.tcl ├── pkcs12.try ├── pkcs7.tcl ├── pkcs8.try ├── pkgIndex.tcl ├── plain.enc ├── private │ ├── gost2001_A.pem │ ├── gost2001_B.pem │ ├── gost2001_C.pem │ ├── gost2001_XA.pem │ ├── gost2001_XB.pem │ ├── gost2012_256_A.pem │ ├── gost2012_256_B.pem │ ├── gost2012_256_C.pem │ ├── gost2012_256_XA.pem │ ├── gost2012_256_XB.pem │ ├── gost2012_512_A.pem │ ├── gost2012_512_B.pem │ └── rsa_1024.pem ├── req-genpkey.try ├── req-newkey.try ├── runtest.bat ├── runtest.sh ├── runtest1.bat ├── runtest2.bat ├── server.try ├── smime.try ├── smime2.try ├── smime_cs.try ├── smime_io.try ├── smimeenc.try ├── smimeenc_io.try ├── ssl.try ├── tc26_cms │ ├── encrypted_keyagree_a211.pem │ ├── encrypted_keyagree_a221.pem │ ├── encrypted_keytrans_a231.pem │ ├── encrypted_keytrans_a241.pem │ ├── encrypted_kuznyechik_a421.pem │ ├── encrypted_magma_a411.pem │ ├── encryption_key.hex │ ├── hashed_a311.pem │ ├── hashed_a321.pem │ ├── plain │ │ └── text_decrypted.plain │ ├── recipient256_cert.pem │ ├── recipient256_key.pem │ ├── recipient512_cert.pem │ ├── recipient512_key.pem │ ├── root256_cert.pem │ ├── root256_key.pem │ ├── sender256_cert.pem │ ├── sender256_key.pem │ ├── sender512_cert.pem │ ├── sender512_key.pem │ ├── signed_a111.pem │ └── signed_a121.pem ├── test.tcl ├── tmpl.try ├── ts.try ├── vn4.ciphers ├── wcli.try └── yarrowc.tcl ├── test ├── 00-engine.t ├── 00-provider.t ├── 01-digest.t ├── 02-mac.t ├── 03-encrypt.t ├── 04-pkey.t ├── Makefile.am ├── WrapOpenSSL.pm ├── engine.cnf └── provider.cnf ├── test_ciphers.c ├── test_context.c ├── test_curves.c ├── test_derive.c ├── test_digest.c ├── test_gost2814789.c ├── test_gost89.c ├── test_keyexpimp.c ├── test_mgm.c ├── test_params.c ├── test_sign.c ├── test_tls.c └── test_tlstree.c /.cirrus.yml: -------------------------------------------------------------------------------- 1 | FreeBSD_task: 2 | freebsd_instance: 3 | image_family: freebsd-13-1 4 | env: 5 | PREFIX: ${HOME}/opt 6 | PATH: ${PREFIX}/bin:${PATH} 7 | OPENSSL_BRANCH: master 8 | install_script: 9 | - pkg install -y git cmake p5-App-cpanminus gdb pkgconf 10 | - sudo cpanm --notest Test2::V0 11 | update_git_script: 12 | - git submodule update --recursive --init 13 | script: 14 | - git clone --depth 1 -b ${OPENSSL_BRANCH} https://github.com/openssl/openssl.git 15 | - cd openssl 16 | - ./config shared -d --prefix=${PREFIX} --openssldir=${PREFIX} -Wl,-rpath=${PREFIX}/lib && make all install_sw > build.log 2>&1 || (cat build.log && exit 1) 17 | - cd .. 18 | - mkdir build 19 | - cd build 20 | - cmake -DOPENSSL_ROOT_DIR=${PREFIX} -DOPENSSL_ENGINES_DIR=${PREFIX}/engines .. 21 | - make 22 | - make test CTEST_OUTPUT_ON_FAILURE=1 23 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # https://editorconfig.org 2 | 3 | root = true 4 | 5 | [*] 6 | end_of_line = lf 7 | insert_final_newline = true 8 | tab_width = 8 9 | 10 | [*.[ch]] 11 | indent_size = 4 12 | indent_style = space 13 | 14 | [{CMakeLists.txt,*.cmake}] 15 | indent_size = 2 16 | indent_style = space 17 | 18 | [*.yml] 19 | indent_size = 4 20 | indent_style = space 21 | 22 | [COMMIT_EDITMSG] 23 | indent_size = 2 24 | indent_style = space 25 | max_line_length = 80 26 | -------------------------------------------------------------------------------- /.github/before_script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -efux 2 | 3 | # Download cpanm and make it executable as a standalone script 4 | curl -L https://cpanmin.us -o cpanm 5 | chmod 0755 cpanm 6 | 7 | sudo ./cpanm --notest Test2::V0 > build.log 2>&1 \ 8 | || (cat build.log && exit 1) 9 | 10 | if [ "${APT_INSTALL-}" ]; then 11 | sudo apt-get install -y $APT_INSTALL 12 | fi 13 | 14 | git clone --depth 1 -b $OPENSSL_BRANCH https://github.com/openssl/openssl.git 15 | cd openssl 16 | git describe --always --long 17 | 18 | PREFIX=$HOME/opt 19 | 20 | ${SETARCH-} ./config shared -d --prefix=$PREFIX --libdir=lib --openssldir=$PREFIX ${USE_RPATH:+-Wl,-rpath=$PREFIX/lib} 21 | ${SETARCH-} make -s -j$(nproc) build_libs 22 | ${SETARCH-} make -s -j$(nproc) build_programs 23 | make -s install_sw 24 | -------------------------------------------------------------------------------- /.github/script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -efux 2 | 3 | PREFIX=$HOME/opt 4 | PATH=$PREFIX/bin:$PATH 5 | 6 | mkdir build 7 | cd build 8 | cmake -DOPENSSL_ROOT_DIR=$PREFIX -DOPENSSL_ENGINES_DIR=$PREFIX/engines ${ASAN-} .. 9 | make 10 | make test CTEST_OUTPUT_ON_FAILURE=1 11 | if [ -z "${ASAN-}" ]; then 12 | make tcl_tests 13 | fi 14 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | on: [push, pull_request] 3 | 4 | env: 5 | OPENSSL_BRANCH: openssl-3.0 6 | USE_RPATH: yes 7 | 8 | jobs: 9 | gcc-openssl-stable: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v2 13 | with: 14 | submodules: true 15 | - run: .github/before_script.sh 16 | - run: .github/script.sh 17 | 18 | clang-openssl-stable: 19 | runs-on: ubuntu-latest 20 | env: 21 | CC: clang 22 | steps: 23 | - uses: actions/checkout@v2 24 | with: 25 | submodules: true 26 | - run: .github/before_script.sh 27 | - run: .github/script.sh 28 | 29 | macos-openssl-stable: 30 | runs-on: macos-latest 31 | env: 32 | USE_RPATH: 33 | steps: 34 | - uses: actions/checkout@v2 35 | with: 36 | submodules: true 37 | - run: .github/before_script.sh 38 | - run: .github/script.sh 39 | 40 | gcc-openssl-master: 41 | runs-on: ubuntu-latest 42 | env: 43 | OPENSSL_BRANCH: master 44 | steps: 45 | - uses: actions/checkout@v2 46 | with: 47 | submodules: true 48 | - run: .github/before_script.sh 49 | - run: .github/script.sh 50 | 51 | macos-openssl-master: 52 | runs-on: macos-latest 53 | env: 54 | OPENSSL_BRANCH: master 55 | USE_RPATH: 56 | steps: 57 | - uses: actions/checkout@v2 58 | with: 59 | submodules: true 60 | - run: .github/before_script.sh 61 | - run: .github/script.sh 62 | 63 | gcc-asan-openssl-master: 64 | runs-on: ubuntu-latest 65 | env: 66 | OPENSSL_BRANCH: master 67 | ASAN: -DASAN=1 68 | steps: 69 | - uses: actions/checkout@v2 70 | with: 71 | submodules: true 72 | - run: .github/before_script.sh 73 | - run: .github/script.sh 74 | 75 | macos-asan-openssl-master: 76 | runs-on: macos-latest 77 | env: 78 | OPENSSL_BRANCH: master 79 | ASAN: -DASAN=1 80 | USE_RPATH: 81 | steps: 82 | - uses: actions/checkout@v2 83 | with: 84 | submodules: true 85 | - run: .github/before_script.sh 86 | - run: .github/script.sh 87 | 88 | gcc-openssl-stable-x86: 89 | runs-on: ubuntu-latest 90 | env: 91 | CFLAGS: -m32 92 | LDFLAGS: -m32 93 | SETARCH: "setarch i386" 94 | APT_INSTALL: gcc-multilib 95 | steps: 96 | - uses: actions/checkout@v2 97 | with: 98 | submodules: true 99 | - run: .github/before_script.sh 100 | - run: .github/script.sh 101 | 102 | -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | name: "CodeQL" 2 | 3 | env: 4 | OPENSSL_BRANCH: openssl-3.0 5 | #RPATH: "-Wl,-rpath=${PREFIX}/lib" 6 | #PREFIX: ${HOME}/opt 7 | #PATH: ${PREFIX}/bin:${PATH} 8 | 9 | on: 10 | push: 11 | branches: [master, ] 12 | pull_request: 13 | # The branches below must be a subset of the branches above 14 | branches: [master] 15 | schedule: 16 | - cron: '0 2 * * 0' 17 | 18 | jobs: 19 | analyse: 20 | name: Analyse 21 | runs-on: ubuntu-latest 22 | 23 | steps: 24 | - name: Checkout repository 25 | uses: actions/checkout@v2 26 | with: 27 | # We must fetch at least the immediate parents so that if this is 28 | # a pull request then we can checkout the head. 29 | fetch-depth: 2 30 | # gost-engine has submodules 31 | submodules: true 32 | 33 | # If this run was triggered by a pull request event, then checkout 34 | # the head of the pull request instead of the merge commit. 35 | - run: git checkout HEAD^2 36 | if: ${{ github.event_name == 'pull_request' }} 37 | 38 | # Initializes the CodeQL tools for scanning. 39 | - name: Initialize CodeQL 40 | uses: github/codeql-action/init@v1 41 | # languages: cpp 42 | # Override language selection by uncommenting this and choosing your languages 43 | # with: 44 | 45 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 46 | # If this step fails, then you should remove it and run the build manually (see below) 47 | #- name: Autobuild 48 | # uses: github/codeql-action/autobuild@v1 49 | 50 | # ℹ️ Command-line programs to run using the OS shell. 51 | # 📚 https://git.io/JvXDl 52 | 53 | # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines 54 | # and modify them (or add more) to build your code if your project 55 | # uses a compiled language 56 | 57 | - run: | 58 | curl -L https://cpanmin.us | sudo perl - --sudo App::cpanminus 59 | sudo cpanm --notest Test2::V0 > build.log 2>&1 || (cat build.log && exit 1) 60 | if [ "$APT_INSTALL" ]; then sudo apt-get install -y $APT_INSTALL; fi 61 | git clone --depth 1 -b ${OPENSSL_BRANCH} https://github.com/openssl/openssl.git 62 | export PREFIX=`pwd`/opt 63 | export RPATH="-Wl,-rpath=${PREFIX}/lib" 64 | cd openssl 65 | git describe --always --long 66 | ./config shared -d --prefix=${PREFIX} --openssldir=${PREFIX} --libdir=lib ${RPATH} 67 | make -s build_libs 68 | make -s build_programs 69 | make -s install_sw 70 | cd .. 71 | set -e 72 | mkdir build 73 | cd build 74 | cmake -DOPENSSL_ROOT_DIR=${PREFIX} -DOPENSSL_ENGINES_DIR=${PREFIX}/engines ${ASAN} .. 75 | make 76 | 77 | - name: Perform CodeQL Analysis 78 | uses: github/codeql-action/analyze@v1 79 | -------------------------------------------------------------------------------- /.github/workflows/coverity.yml: -------------------------------------------------------------------------------- 1 | name: Coverity 2 | 3 | on: 4 | schedule: 5 | - cron: "0 0 * * *" 6 | workflow_dispatch: 7 | 8 | jobs: 9 | scan: 10 | runs-on: ubuntu-latest 11 | if: ${{ github.repository_owner == 'gost-engine' || github.event_name == 'workflow_dispatch' }} 12 | env: 13 | OPENSSL_BRANCH: openssl-3.0 14 | USE_RPATH: yes 15 | 16 | steps: 17 | - uses: actions/checkout@v2 18 | with: 19 | submodules: true 20 | 21 | - name: Download Coverity build tool 22 | run: | 23 | wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=gost-engine" -O coverity_tool.tar.gz 24 | mkdir coverity_tool 25 | tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool 26 | - name: Build with Coverity build tool 27 | run: | 28 | export PATH=`pwd`/coverity_tool/bin:$PATH 29 | .github/before_script.sh 30 | cov-build --dir cov-int .github/script.sh 31 | - name: Submit build result to Coverity Scan 32 | run: | 33 | tar czvf cov.tar.gz cov-int 34 | curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \ 35 | --form email=chipitsine@gmail.com \ 36 | --form file=@cov.tar.gz \ 37 | --form version="Commit $GITHUB_SHA" \ 38 | --form description="Build submitted via CI" \ 39 | https://scan.coverity.com/builds?project=gost-engine -------------------------------------------------------------------------------- /.github/workflows/windows.yml: -------------------------------------------------------------------------------- 1 | name: CI (windows) 2 | on: [push, pull_request] 3 | 4 | jobs: 5 | msvc-openssl: 6 | runs-on: windows-latest 7 | outputs: 8 | openssl-head: ${{ steps.openssl.outputs.head }} 9 | steps: 10 | - uses: actions/checkout@v2 11 | with: 12 | repository: openssl/openssl 13 | fetch-depth: 0 14 | - run: echo "::set-output name=head::$(git describe --always --long)" 15 | id: openssl 16 | - uses: actions/cache@v4 17 | id: cache 18 | with: 19 | path: _dest 20 | key: ${{ runner.os }}-openssl-${{ steps.openssl.outputs.head }} 21 | - uses: ilammy/msvc-dev-cmd@v1 22 | - name: Build OpenSSL 23 | if: steps.cache.outputs.cache-hit != 'true' 24 | run: | 25 | perl Configure no-makedepend no-tests no-asm VC-WIN64A 26 | perl configdata.pm --dump 27 | nmake /S build_libs build_programs 28 | nmake /S install_sw DESTDIR=_dest 29 | 30 | msvc-engine: 31 | needs: msvc-openssl 32 | runs-on: windows-latest 33 | steps: 34 | - uses: actions/checkout@v2 35 | with: 36 | submodules: true 37 | - uses: actions/cache@v4 38 | with: 39 | path: _dest 40 | key: ${{ runner.os }}-openssl-${{ needs.msvc-openssl.outputs.openssl-head }} 41 | - run: cmake -DOPENSSL_ROOT_DIR="_dest\Program Files\OpenSSL" -DOPENSSL_ENGINES_DIR=bin . 42 | - run: cmake --build . 43 | - name: Run tests 44 | run: | 45 | $env:PATH = "$env:PATH;$pwd\_dest\Program Files\OpenSSL\bin" 46 | $env:OPENSSL_ENGINES = "$pwd\bin\Debug" 47 | $env:OPENSSL_MODULES = "$pwd\bin\Debug" 48 | ctest -C Debug --output-on-failure 49 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "libprov"] 2 | path = libprov 3 | url = https://github.com/provider-corner/libprov.git 4 | -------------------------------------------------------------------------------- /INSTALL.md: -------------------------------------------------------------------------------- 1 | Building and Installation 2 | ========================= 3 | 4 | How to Build 5 | ------------ 6 | 7 | To build and install OpenSSL GOST Engine, you will need 8 | 9 | * OpenSSL 3.0 development version 10 | * an ANSI C compiler 11 | * CMake (3.0 or newer, 3.18 recommended) 12 | 13 | Here is a quick build guide: 14 | 15 | $ git clone https://github.com/gost-engine/engine 16 | $ cd engine 17 | $ git submodule update --init 18 | $ mkdir build 19 | $ cd build 20 | $ cmake -DCMAKE_BUILD_TYPE=Release .. 21 | $ cmake --build . --config Release 22 | 23 | Instead of `Release` you can use `Debug`, `RelWithDebInfo` or `MinSizeRel` configuration. 24 | See [cmake docs](https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html) for details. 25 | You will find built binaries in `../bin` directory. 26 | 27 | If you want to build against a specific OpenSSL instance (you will need it if 28 | you have more than one OpenSSL instance for example), you can use the `cmake` 29 | variable `OPENSSL_ROOT_DIR` to specify absolute path of the desirable OpenSSL 30 | instance: 31 | 32 | $ cmake -DOPENSSL_ROOT_DIR=/PATH/TO/OPENSSL/ .. 33 | 34 | Building against OpenSSL 3.0 requires openssl detection module 35 | (FindOpenSSL.cmake) from CMake 3.18 or higher. More earlier versions may have 36 | problems with it. 37 | 38 | If you use Visual Studio, you can also set `CMAKE_INSTALL_PREFIX` variable 39 | to set install path, like this: 40 | 41 | > cmake -G "Visual Studio 15 Win64" -DCMAKE_PREFIX_PATH=c:\OpenSSL\vc-win64a\ -DCMAKE_INSTALL_PREFIX=c:\OpenSSL\vc-win64a\ .. 42 | 43 | Also instead of `cmake --build` tool you can just open `gost-engine.sln` 44 | in Visual Studio, select configuration and call `Build Solution` manually. 45 | 46 | Instructions how to build OpenSSL 1.1.0 with Microsoft Visual Studio 47 | you can find [there](https://gist.github.com/terrillmoore/995421ea6171a9aa50552f6aa4be0998). 48 | 49 | How to Install 50 | -------------- 51 | 52 | To install GOST Engine you can call: 53 | 54 | # cmake --build . --target install --config Release 55 | 56 | or old plain and Unix only: 57 | 58 | # make install 59 | 60 | The engine library `gost.so` should be installed into OpenSSL engine directory. 61 | 62 | To ensure that it is installed propery call: 63 | 64 | $ openssl version -e 65 | ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1" 66 | 67 | Then check that `gost.so` there 68 | 69 | # ls /usr/lib/i386-linux-gnu/engines-1.1 70 | 71 | Finally, to start using GOST Engine through OpenSSL, you should edit 72 | `openssl.cnf` configuration file as specified below. 73 | 74 | 75 | How to Configure 76 | ---------------- 77 | 78 | The very minimal example of the configuration file is provided in this 79 | distribution and named `example.conf`. 80 | 81 | Configuration file should include following statement in the global 82 | section, i.e. before first bracketed section header (see config(5) for details) 83 | 84 | openssl_conf = openssl_def 85 | 86 | where `openssl_def` is name of the section in configuration file which 87 | describes global defaults. 88 | 89 | This section should contain following statement: 90 | 91 | [openssl_def] 92 | engines = engine_section 93 | 94 | which points to the section which describes list of the engines to be 95 | loaded. This section should contain: 96 | 97 | [engine_section] 98 | gost = gost_section 99 | 100 | And section which describes configuration of the engine should contain 101 | 102 | [gost_section] 103 | engine_id = gost 104 | dynamic_path = /usr/lib/ssl/engines/libgost.so 105 | default_algorithms = ALL 106 | 107 | Various cryptoproviders (e.g. BouncyCastle) has some problems with private key 108 | parsing from PrivateKeyInfo, so if you want to use old private key 109 | representation format, which supported by BC, you will have to add: 110 | 111 | GOST_PK_FORMAT = LEGACY_PK_WRAP 112 | 113 | to `[gost_section]`. 114 | 115 | Where `engine_id` parameter specifies name of engine (should be `gost`). 116 | 117 | `dynamic_path is` a location of the loadable shared library implementing the 118 | engine. If the engine is compiled statically or is located in the OpenSSL 119 | engines directory, this line can be omitted. 120 | 121 | `default_algorithms` parameter specifies that all algorithms, provided by 122 | engine, should be used. 123 | 124 | The `CRYPT_PARAMS` parameter is engine-specific. It allows the user to choose 125 | between different parameter sets of symmetric cipher algorithm. [RFC 4357][1] 126 | specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL 127 | doesn't provide user interface to choose one when encrypting. So use engine 128 | configuration parameter instead. It SHOULD NOT be used nowadays because all 129 | the parameters except the default one are deprecated now. 130 | 131 | Value of this parameter can be either short name, defined in OpenSSL 132 | `obj_dat.h` header file or numeric representation of OID, defined in 133 | [RFC 4357][1]. 134 | 135 | [1]:https://tools.ietf.org/html/rfc4357 "RFC 4357" 136 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # engine 2 | 3 | A reference implementation of the Russian GOST crypto algorithms for OpenSSL 4 | 5 | Compatibility: OpenSSL 3.0 6 | 7 | License: same as the corresponding version of OpenSSL. 8 | 9 | Mailing list: http://www.wagner.pp.ru/list-archives/openssl-gost/ 10 | 11 | Some useful links: https://www.altlinux.org/OSS-GOST-Crypto 12 | 13 | DO NOT TRY BUILDING MASTER BRANCH AGAINST openssl 1.1.1! Use 1_1_1 branch instead! 14 | 15 | # provider 16 | 17 | A reference implementation in the same spirit as the engine, specified 18 | above. 19 | 20 | This is currently work in progress, with only a subset of all intended 21 | functionality implemented: symmetric ciphers, hashes and MACs. 22 | 23 | For more information, see [README.prov.md](README.prov.md) 24 | -------------------------------------------------------------------------------- /README.prov.md: -------------------------------------------------------------------------------- 1 | # GOST provider 2 | 3 | The GOST provider is currently built in parallell with the GOST 4 | engine, and is implemented like a wrapper around the engine code. 5 | 6 | ## Currently implemented 7 | 8 | Symmetric ciphers: 9 | 10 | - gost89 11 | - gost89-cnt 12 | - gost89-cnt-12 13 | - gost89-cbc 14 | - kuznyechik-ecb 15 | - kuznyechik-cbc 16 | - kuznyechik-cfb 17 | - kuznyechik-ofb 18 | - kuznyechik-ctr 19 | - magma-cbc 20 | - magma-ctr 21 | - magma-ctr-acpkm 22 | - magma-ctr-acpkm-omac 23 | - kuznyechik-ctr-acpkm 24 | - kuznyechik-ctr-acpkm-omac 25 | 26 | Hashes: 27 | 28 | - id-tc26-gost3411-12-256 (md_gost12_256) 29 | - id-tc26-gost3411-12-512 (md_gost12_512) 30 | - id-GostR3411-94 (md_gost94) 31 | 32 | MACs: 33 | 34 | - gost-mac 35 | - gost-mac-12 36 | - magma-mac 37 | - kuznyechik-mac 38 | - kuznyechik-ctr-acpkm-omac 39 | 40 | ## TODO, not requiring additional OpenSSL support 41 | 42 | - Basic support for GOST keys, i.e. implementations of KEYMGMT 43 | (including key generation), DECODER and DECODER. 44 | 45 | - Support for these operations using GOST keys: 46 | 47 | - ASYM_CIPHER (encryption and decryption using GOST keys) 48 | - SIGNATURE (signing and verifying using GOST keys) 49 | 50 | ## TODO, which requires additional OpenSSL support 51 | 52 | - TLSTREE support. This may require additional changes in libssl. 53 | Needs investigation. 54 | 55 | - PKCS7 and CMS support. This requires OpenSSL PKCS7 and CMS code 56 | to change for better interfacing with providers. 57 | 58 | ## TODO, far future 59 | 60 | - Refactor the code into being just a provider. This is to be done 61 | when engines aren't supported any more. 62 | -------------------------------------------------------------------------------- /e_gost_err.proto: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in 13 | * the documentation and/or other materials provided with the 14 | * distribution. 15 | * 16 | * 3. All advertising materials mentioning features or use of this 17 | * software must display the following acknowledgment: 18 | * "This product includes software developed by the OpenSSL Project 19 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 20 | * 21 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 22 | * endorse or promote products derived from this software without 23 | * prior written permission. For written permission, please contact 24 | * openssl-core@openssl.org. 25 | * 26 | * 5. Products derived from this software may not be called "OpenSSL" 27 | * nor may "OpenSSL" appear in their names without prior written 28 | * permission of the OpenSSL Project. 29 | * 30 | * 6. Redistributions of any form whatsoever must retain the following 31 | * acknowledgment: 32 | * "This product includes software developed by the OpenSSL Project 33 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 34 | * 35 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 36 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 37 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 38 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 39 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 40 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 41 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 42 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 43 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46 | * OF THE POSSIBILITY OF SUCH DAMAGE. 47 | * ==================================================================== 48 | * 49 | * This product includes cryptographic software written by Eric Young 50 | * (eay@cryptsoft.com). This product includes software written by Tim 51 | * Hudson (tjh@cryptsoft.com). 52 | * 53 | */ 54 | 55 | #ifndef HEADER_GOST_ERR_H 56 | #define HEADER_GOST_ERR_H 57 | 58 | #define GOST_LIB_NAME "GOST engine" 59 | #ifdef __cplusplus 60 | extern "C" { 61 | #endif 62 | -------------------------------------------------------------------------------- /etalon/M1: -------------------------------------------------------------------------------- 1 | 012345678901234567890123456789012345678901234567890123456789012 -------------------------------------------------------------------------------- /etalon/M2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/etalon/M2 -------------------------------------------------------------------------------- /etalon/M3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/etalon/M3 -------------------------------------------------------------------------------- /etalon/M4: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /etalon/M5: -------------------------------------------------------------------------------- 1 | 123456789012345678901234567890 2 | 123456789012345678901234567890 3 | -------------------------------------------------------------------------------- /etalon/M6: -------------------------------------------------------------------------------- 1 | 123456789012345678901234567890 2 | 123456789012345678901234567890 3 | 123456789012345678901234567890 4 | 123456789012345678901234567890 5 | 123456789012345678901234567890 6 | 123456789012345678901234567890 7 | -------------------------------------------------------------------------------- /etalon/carry: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/etalon/carry -------------------------------------------------------------------------------- /etalon/dgst.result: -------------------------------------------------------------------------------- 1 | md_gost12_512(M1)= 1b54d01a4af5b9d5cc3d86d68d285462b19abc2475222f35c085122be4ba1ffa00ad30f8767b3a82384c6574f024c311e2a481332b08ef7f41797891c1646f48 2 | md_gost12_512(M2)= 1e88e62226bfca6f9994f1f2d51569e0daf8475a3b0fe61a5300eee46d961376035fe83549ada2b8620fcd7c496ce5b33f0cb9dddc2b6460143b03dabac9fb28 3 | md_gost12_512(M3)= 8e945da209aa869f0455928529bcae4679e9873ab707b55315f56ceb98bef0a7362f715528356ee83cda5f2aac4c6ad2ba3a715c1bcd81cb8e9f90bf4c1c1a8a 4 | md_gost12_512(M4)= b0fd29ac1b0df441769ff3fdb8dc564df67721d6ac06fb28ceffb7bbaa7948c6c014ac999235b58cb26fb60fb112a145d7b4ade9ae566bf2611402c552d20db7 5 | md_gost12_512(M5)= 363b449ec81ae40b3a407b125c3b1c2b768b50496bcb5f690b89e9007b06e4084182ed45d4072a67fec9d3421dab013da2aabc1d6528e8e775aec7b3457ac675 6 | md_gost12_512(M6)= 8781dfc81d2db6a41d1857f3230b3ffe2bda574273ea1947189aaa5468470df1c4b374b1a2b56e59d11d213fea57e3514543b0ced9b20e553ae66425ec909cfd 7 | md_gost12_512(M7)= 03e12ae816c7f794929b7550781d22efc7bc724fd70e295f3123d157c4d577fdc325943ef2b999cc43205dc323fa930bddc60d44663d76844b779fd36aa89de3 8 | md_gost12_512(carry)= 8b06f41e59907d9636e892caf5942fcdfb71fa31169a5e70f0edb873664df41c2cce6e06dc6755d15a61cdeb92bd607cc4aaca6732bf3568a23a210dd520fd41 9 | md_gost12_256(M1)= 9d151eefd8590b89daa6ba6cb74af9275dd051026bb149a452fd84e5e57b5500 10 | md_gost12_256(M2)= 9dd2fe4e90409e5da87f53976d7405b0c0cac628fc669a741d50063c557e8f50 11 | md_gost12_256(M3)= 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb 12 | md_gost12_256(M4)= df1fda9ce83191390537358031db2ecaa6aa54cd0eda241dc107105e13636b95 13 | md_gost12_256(M5)= f0a557f6a04a90ab1811c1b6e9b078e4163b74037c6cf59f52444a37f48e11d8 14 | md_gost12_256(M6)= 2f4f651fe88fea46ec6f2223728d8dff3968893558ef00a310c23e7d1923ba0c 15 | md_gost12_256(M7)= 633b567983d60243837715e56cc52443ffff9824170ad60b613b2dd6fabf2f40 16 | md_gost12_256(carry)= 81bb632fa31fcc38b4c379a662dbc58b9bed83f50d3a1b2ce7271ab02d25babb 17 | -------------------------------------------------------------------------------- /etalon/gh.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/etalon/gh.dat -------------------------------------------------------------------------------- /etalon/mac.txt: -------------------------------------------------------------------------------- 1 | openssl dgst -mac magma-mac -macopt hexkey:ffeeddccbbaa99887766554433221100f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff magma.dat 2 | 154e7210 3 | 4 | openssl dgst -mac grasshopper-mac -macopt hexkey:8899aabbccddeeff0011223344556677fedcba98765432100123456789abcdef gh.dat 5 | 336f4d296059fbe3 6 | -------------------------------------------------------------------------------- /etalon/magma.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/etalon/magma.dat -------------------------------------------------------------------------------- /etalon/make4Gb: -------------------------------------------------------------------------------- 1 | cat M5 M6 > tmp1 2 | cat tmp1 tmp1 tmp1 tmp1 > tmp2 3 | cat tmp2 tmp2 tmp2 tmp2 > tmp1 4 | cat tmp1 tmp1 tmp1 tmp1 > tmp2 5 | cat tmp2 tmp2 tmp2 tmp2 > tmp1 6 | cat tmp1 tmp1 tmp1 tmp1 > tmp2 7 | cat tmp2 tmp2 tmp2 tmp2 > tmp1 8 | cat tmp1 tmp1 tmp1 tmp1 > tmp2 9 | cat tmp2 tmp2 tmp2 tmp2 > tmp1 10 | cat tmp1 tmp1 tmp1 tmp1 > tmp2 11 | cat tmp2 tmp2 tmp2 tmp2 > tmp1 12 | cat tmp1 tmp1 tmp1 tmp1 > tmp2 13 | cat tmp2 tmp2 tmp2 tmp2 > tmp1 14 | cat M2 tmp1 > M7 15 | rm -f tmp1 tmp2 16 | -------------------------------------------------------------------------------- /example.conf: -------------------------------------------------------------------------------- 1 | openssl_conf = openssl_def 2 | [openssl_def] 3 | engines = engine_section 4 | 5 | [engine_section] 6 | gost = gost_section 7 | 8 | [gost_section] 9 | engine_id = gost 10 | dynamic_path = ./bin/gost.so 11 | default_algorithms = ALL 12 | 13 | -------------------------------------------------------------------------------- /gost-engine.h: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * gost-engine.h * 3 | * GOST engine in library form * 4 | * * 5 | * Copyright (c) 2021 Richard Levitte * 6 | * This file is distributed under the same license as OpenSSL * 7 | * * 8 | **********************************************************************/ 9 | #ifndef GOST_ENGINE_H 10 | # define GOST_ENGINE_H 11 | 12 | void ENGINE_load_gost(void); 13 | 14 | #endif 15 | -------------------------------------------------------------------------------- /gost.ec: -------------------------------------------------------------------------------- 1 | L GOST e_gost_err.h e_gost_err.c 2 | -------------------------------------------------------------------------------- /gost12sum.1: -------------------------------------------------------------------------------- 1 | .\" Hey, Emacs! This is an -*- nroff -*- source file. 2 | .TH GOST12SUM 1 "02 Aug 2016" "Openssl" "Debian GNU/Linux" 3 | .SH NAME 4 | gost12sum \- generates or checks GOST R34.11-2012 message digests 5 | 6 | .SH SYNOPSIS 7 | .B gost12sum 8 | [\-bvl] [\-c [file]] | [file...] 9 | 10 | .SH DESCRIPTION 11 | .B gost12sum 12 | generates or checks GOST hash sums. The algorithm to generate the 13 | is reasonably fast and strong enough for most cases. Exact 14 | specification of the algorithm is in 15 | .I GOST R34.11-2012. 16 | 17 | Normally 18 | .B gost12sum 19 | generates checksums of all files given to it as a parameter and prints 20 | the checksums followed by the filenames. If, however, 21 | .B \-c 22 | is specified, only one filename parameter is allowed. This file should 23 | contain checksums and filenames to which these checksums refer to, and 24 | the files listed in that file are checked against the checksums listed 25 | there. See option 26 | .B \-c 27 | for more information. 28 | 29 | .SS OPTIONS 30 | .TP 31 | .B \-b 32 | Use binary mode. In unix environment, only difference between this and 33 | the normal mode is an asterisk preceding the filename in the output. 34 | .TP 35 | .B \-c 36 | Check gost hashes of all files listed in 37 | .I file 38 | against the checksum listed in the same file. The actual format of that 39 | file is the same as output of 40 | .B md5sum. 41 | That is, each line in the file describes a file. A line looks like: 42 | 43 | .B 44 | 45 | So, for example, if a file was created and its message digest calculated 46 | like so: 47 | 48 | .B echo foo > hash\-test\-file; gost12sum hash\-test\-file 49 | 50 | .B gost12sum 51 | would report: 52 | 53 | 3d4a51ee7713e6467442facefe06f153a303e7bdefbe7f9bdf2edb4ae9c866ff hash\-test\-file 54 | 55 | When invoked with \-c option 56 | .B gost12sum 57 | normally works silently unless error found. Use \-v if you want to see 58 | list of successfully checked files 59 | 60 | .TP 61 | .B \-v 62 | Be more verbose. Print filenames when checking (with \-c). 63 | 64 | .TP 65 | .B -l 66 | Use long (512-bit) hash instead of short (256-bit). 67 | 68 | .SH BUGS 69 | 70 | This manpage is not quite accurate and has formatting inconsistent 71 | with other manpages. 72 | 73 | .B gost12sum 74 | does not accept standard options like 75 | .BR \-\-help . 76 | 77 | .SH AUTHOR 78 | 79 | .B gost12sum 80 | utility written by Cryptocom LTD 81 | 82 | This manual page is written by Victor Wagner for 83 | Debian GNU/Linux 84 | 85 | -------------------------------------------------------------------------------- /gost89.h: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * gost89.h * 3 | * Copyright (c) 2005-2006 Cryptocom LTD * 4 | * This file is distributed under the same license as OpenSSL * 5 | * * 6 | * Declarations for GOST 28147-89 encryption algorithm * 7 | * No OpenSSL libraries required to compile and use * 8 | * this code * 9 | **********************************************************************/ 10 | #ifndef GOST89_H 11 | # define GOST89_H 12 | 13 | /* Typedef for unsigned 32-bit integer */ 14 | # if __LONG_MAX__ > 2147483647L 15 | typedef unsigned int u4; 16 | # else 17 | typedef unsigned long u4; 18 | # endif 19 | /* Typedef for unsigned 8-bit integer */ 20 | typedef unsigned char byte; 21 | 22 | /* Internal representation of GOST substitution blocks */ 23 | typedef struct { 24 | byte k8[16]; 25 | byte k7[16]; 26 | byte k6[16]; 27 | byte k5[16]; 28 | byte k4[16]; 29 | byte k3[16]; 30 | byte k2[16]; 31 | byte k1[16]; 32 | } gost_subst_block; 33 | 34 | /* Cipher context includes key and preprocessed substitution block */ 35 | typedef struct { 36 | u4 master_key[8]; 37 | u4 key[8]; 38 | u4 mask[8]; 39 | /* Constant s-boxes -- set up in gost_init(). */ 40 | u4 k87[256], k65[256], k43[256], k21[256]; 41 | } gost_ctx; 42 | /* 43 | * Note: encrypt and decrypt expect full blocks--padding blocks is caller's 44 | * responsibility. All bulk encryption is done in ECB mode by these calls. 45 | * Other modes may be added easily enough. 46 | */ 47 | /* Encrypt several full blocks in ECB mode */ 48 | void gost_enc(gost_ctx * c, const byte * clear, byte * cipher, int blocks); 49 | /* Decrypt several full blocks in ECB mode */ 50 | void gost_dec(gost_ctx * c, const byte * cipher, byte * clear, int blocks); 51 | /* Encrypts several full blocks in CFB mode using 8byte IV */ 52 | void gost_enc_cfb(gost_ctx * ctx, const byte * iv, const byte * clear, 53 | byte * cipher, int blocks); 54 | /* Decrypts several full blocks in CFB mode using 8byte IV */ 55 | void gost_dec_cfb(gost_ctx * ctx, const byte * iv, const byte * cipher, 56 | byte * clear, int blocks); 57 | 58 | /* Encrypt one block */ 59 | void gostcrypt(gost_ctx * c, const byte * in, byte * out); 60 | /* Decrypt one block */ 61 | void gostdecrypt(gost_ctx * c, const byte * in, byte * out); 62 | /* Encrypt one block */ 63 | void magmacrypt(gost_ctx * c, const byte * in, byte * out); 64 | /* Decrypt one block */ 65 | void magmadecrypt(gost_ctx * c, const byte * in, byte * out); 66 | /* Set key into context */ 67 | void gost_key(gost_ctx * c, const byte * k); 68 | /* Set key into context without key mask */ 69 | void gost_key_nomask(gost_ctx * c, const byte * k); 70 | /* Set key into context */ 71 | void magma_key(gost_ctx * c, const byte * k); 72 | /* Set master 256-bit key to be used in TLSTREE calculation into context */ 73 | void magma_master_key(gost_ctx *c, const byte *k); 74 | /* Get key from context */ 75 | void gost_get_key(gost_ctx * c, byte * k); 76 | /* Set S-blocks into context */ 77 | void gost_init(gost_ctx * c, const gost_subst_block * b); 78 | /* Clean up context */ 79 | void gost_destroy(gost_ctx * c); 80 | /* Intermediate function used for calculate hash */ 81 | void gost_enc_with_key(gost_ctx *, byte * key, byte * inblock, 82 | byte * outblock); 83 | /* Compute MAC of given length in bits from data */ 84 | int gost_mac(gost_ctx * ctx, int mac_len, const unsigned char *data, 85 | unsigned int data_len, unsigned char *mac); 86 | /* 87 | * Compute MAC of given length in bits from data, using non-zero 8-byte IV 88 | * (non-standard, for use in CryptoPro key transport only 89 | */ 90 | int gost_mac_iv(gost_ctx * ctx, int mac_len, const unsigned char *iv, 91 | const unsigned char *data, unsigned int data_len, 92 | unsigned char *mac); 93 | /* Perform one step of MAC calculation like gostcrypt */ 94 | void mac_block(gost_ctx * c, byte * buffer, const byte * block); 95 | /* Extracts MAC value from mac state buffer */ 96 | void get_mac(byte * buffer, int nbits, byte * out); 97 | /* Implements cryptopro key meshing algorithm. Expect IV to be 8-byte size*/ 98 | void cryptopro_key_meshing(gost_ctx * ctx, unsigned char *iv); 99 | /* Parameter sets specified in RFC 4357 */ 100 | extern gost_subst_block GostR3411_94_TestParamSet; 101 | extern gost_subst_block GostR3411_94_CryptoProParamSet; 102 | extern gost_subst_block Gost28147_TestParamSet; 103 | extern gost_subst_block Gost28147_CryptoProParamSetA; 104 | extern gost_subst_block Gost28147_CryptoProParamSetB; 105 | extern gost_subst_block Gost28147_CryptoProParamSetC; 106 | extern gost_subst_block Gost28147_CryptoProParamSetD; 107 | extern gost_subst_block Gost28147_TC26ParamSetZ; 108 | extern const byte CryptoProKeyMeshingKey[]; 109 | typedef unsigned int word32; 110 | /* For tests. */ 111 | void kboxinit(gost_ctx * c, const gost_subst_block * b); 112 | void magma_get_key(gost_ctx * c, byte * k); 113 | void acpkm_magma_key_meshing(gost_ctx * ctx); 114 | #endif 115 | -------------------------------------------------------------------------------- /gost_asn1.c: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * gost_keytrans.c * 3 | * Copyright (c) 2005-2006 Cryptocom LTD * 4 | * This file is distributed under the same license as OpenSSL * 5 | * * 6 | * ASN1 structure definition for GOST key transport * 7 | * Requires OpenSSL 0.9.9 for compilation * 8 | **********************************************************************/ 9 | #include 10 | #include 11 | #include 12 | #include "gost_lcl.h" 13 | 14 | ASN1_NDEF_SEQUENCE(GOST_KEY_TRANSPORT) = { 15 | ASN1_SIMPLE(GOST_KEY_TRANSPORT, key_info, GOST_KEY_INFO), 16 | ASN1_IMP(GOST_KEY_TRANSPORT, key_agreement_info, 17 | GOST_KEY_AGREEMENT_INFO, 0) 18 | } ASN1_NDEF_SEQUENCE_END(GOST_KEY_TRANSPORT) 19 | IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_TRANSPORT) 20 | 21 | ASN1_NDEF_SEQUENCE(GOST_KEY_INFO) = 22 | { 23 | ASN1_SIMPLE(GOST_KEY_INFO, encrypted_key, ASN1_OCTET_STRING), 24 | ASN1_SIMPLE(GOST_KEY_INFO, imit, ASN1_OCTET_STRING) 25 | } ASN1_NDEF_SEQUENCE_END(GOST_KEY_INFO) 26 | IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_INFO) 27 | 28 | ASN1_NDEF_SEQUENCE(GOST_KEY_AGREEMENT_INFO) = 29 | { 30 | ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, cipher, ASN1_OBJECT), 31 | ASN1_IMP_OPT(GOST_KEY_AGREEMENT_INFO, ephem_key, X509_PUBKEY, 0), 32 | ASN1_SIMPLE(GOST_KEY_AGREEMENT_INFO, eph_iv, ASN1_OCTET_STRING) 33 | } ASN1_NDEF_SEQUENCE_END(GOST_KEY_AGREEMENT_INFO) 34 | IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_AGREEMENT_INFO) 35 | 36 | ASN1_NDEF_SEQUENCE(GOST_KEY_PARAMS) = 37 | { 38 | ASN1_SIMPLE(GOST_KEY_PARAMS, key_params, ASN1_OBJECT), 39 | ASN1_OPT(GOST_KEY_PARAMS, hash_params, ASN1_OBJECT), 40 | ASN1_OPT(GOST_KEY_PARAMS, cipher_params, ASN1_OBJECT), 41 | } ASN1_NDEF_SEQUENCE_END(GOST_KEY_PARAMS) 42 | IMPLEMENT_ASN1_FUNCTIONS(GOST_KEY_PARAMS) 43 | 44 | ASN1_NDEF_SEQUENCE(GOST_CIPHER_PARAMS) = 45 | { 46 | ASN1_SIMPLE(GOST_CIPHER_PARAMS, iv, ASN1_OCTET_STRING), 47 | ASN1_SIMPLE(GOST_CIPHER_PARAMS, enc_param_set, ASN1_OBJECT), 48 | } ASN1_NDEF_SEQUENCE_END(GOST_CIPHER_PARAMS) 49 | IMPLEMENT_ASN1_FUNCTIONS(GOST_CIPHER_PARAMS) 50 | 51 | ASN1_NDEF_SEQUENCE(GOST2015_CIPHER_PARAMS) = { 52 | ASN1_SIMPLE(GOST2015_CIPHER_PARAMS, ukm, ASN1_OCTET_STRING), 53 | } ASN1_NDEF_SEQUENCE_END(GOST2015_CIPHER_PARAMS) 54 | IMPLEMENT_ASN1_FUNCTIONS(GOST2015_CIPHER_PARAMS) 55 | 56 | ASN1_NDEF_SEQUENCE(GOST_CLIENT_KEY_EXCHANGE_PARAMS) = 57 | { /* FIXME incomplete */ 58 | ASN1_SIMPLE(GOST_CLIENT_KEY_EXCHANGE_PARAMS, gkt, GOST_KEY_TRANSPORT) 59 | } ASN1_NDEF_SEQUENCE_END(GOST_CLIENT_KEY_EXCHANGE_PARAMS) 60 | IMPLEMENT_ASN1_FUNCTIONS(GOST_CLIENT_KEY_EXCHANGE_PARAMS) 61 | 62 | ASN1_NDEF_SEQUENCE(MASKED_GOST_KEY) = 63 | { 64 | ASN1_SIMPLE(MASKED_GOST_KEY, masked_priv_key, ASN1_OCTET_STRING), 65 | ASN1_SIMPLE(MASKED_GOST_KEY, public_key, ASN1_OCTET_STRING) 66 | } ASN1_NDEF_SEQUENCE_END(MASKED_GOST_KEY) 67 | IMPLEMENT_ASN1_FUNCTIONS(MASKED_GOST_KEY) 68 | 69 | /* draft-smyshlyaev-tls12-gost-suites */ 70 | ASN1_NDEF_SEQUENCE(PSKeyTransport_gost) = 71 | { 72 | ASN1_SIMPLE(PSKeyTransport_gost, psexp, ASN1_OCTET_STRING), 73 | ASN1_SIMPLE(PSKeyTransport_gost, ephem_key, X509_PUBKEY), 74 | ASN1_OPT(PSKeyTransport_gost, ukm, ASN1_OCTET_STRING) 75 | } ASN1_NDEF_SEQUENCE_END(PSKeyTransport_gost) 76 | IMPLEMENT_ASN1_FUNCTIONS(PSKeyTransport_gost) 77 | -------------------------------------------------------------------------------- /gost_ctl.c: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * gost_ctl.c * 3 | * Copyright (c) 2005-2006 Cryptocom LTD * 4 | * This file is distributed under the same license as OpenSSL * 5 | * * 6 | * Implementation of control commands for GOST engine * 7 | * OpenSSL 0.9.9 libraries required * 8 | **********************************************************************/ 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include "gost_lcl.h" 16 | 17 | static char *gost_params[GOST_PARAM_MAX + 1] = { NULL }; 18 | static const char *gost_envnames[] = 19 | { "CRYPT_PARAMS", "GOST_PBE_HMAC", "GOST_PK_FORMAT" }; 20 | 21 | void gost_param_free() 22 | { 23 | int i; 24 | 25 | for (i = 0; i <= GOST_PARAM_MAX; i++) { 26 | OPENSSL_free(gost_params[i]); 27 | gost_params[i] = NULL; 28 | } 29 | 30 | } 31 | 32 | int gost_control_func(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) 33 | { 34 | int param = cmd - ENGINE_CMD_BASE; 35 | int ret = 0; 36 | if (param < 0 || param > GOST_PARAM_MAX) { 37 | return -1; 38 | } 39 | ret = gost_set_default_param(param, p); 40 | return ret; 41 | } 42 | 43 | const char *get_gost_engine_param(int param) 44 | { 45 | char *tmp; 46 | if (param < 0 || param >= GOST_PARAM_MAX) 47 | return NULL; 48 | if (gost_params[param] != NULL) { 49 | return gost_params[param]; 50 | } 51 | tmp = getenv(gost_envnames[param]); 52 | if (tmp) { 53 | OPENSSL_free(gost_params[param]); 54 | gost_params[param] = BUF_strdup(tmp); 55 | return gost_params[param]; 56 | } 57 | return NULL; 58 | } 59 | 60 | int gost_set_default_param(int param, const char *value) 61 | { 62 | const char *tmp; 63 | if (param < 0 || param >= GOST_PARAM_MAX) 64 | return 0; 65 | tmp = getenv(gost_envnames[param]); 66 | 67 | /* 68 | * if there is value in the environment, use it, else -passed string * 69 | */ 70 | if (!tmp) { 71 | tmp = value; 72 | } 73 | OPENSSL_free(gost_params[param]); 74 | gost_params[param] = BUF_strdup(tmp); 75 | 76 | return 1; 77 | } 78 | -------------------------------------------------------------------------------- /gost_gost2015.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020 Dmitry Belyavskiy 3 | * 4 | * Contents licensed under the terms of the OpenSSL license 5 | * See https://www.openssl.org/source/license.html for details 6 | */ 7 | #ifndef GOST_GOST2015_H 8 | #define GOST_GOST2015_H 9 | 10 | #include "gost_grasshopper_cipher.h" 11 | 12 | #include 13 | #include 14 | #include 15 | 16 | #define MAGMA_MAC_MAX_SIZE 8 17 | #define KUZNYECHIK_MAC_MAX_SIZE 16 18 | #define OID_GOST_CMS_MAC "1.2.643.7.1.0.6.1.1" 19 | 20 | #define SN_magma_mgm "magma-mgm" 21 | 22 | #define BSWAP64(x) \ 23 | (((x & 0xFF00000000000000ULL) >> 56) | \ 24 | ((x & 0x00FF000000000000ULL) >> 40) | \ 25 | ((x & 0x0000FF0000000000ULL) >> 24) | \ 26 | ((x & 0x000000FF00000000ULL) >> 8) | \ 27 | ((x & 0x00000000FF000000ULL) << 8) | \ 28 | ((x & 0x0000000000FF0000ULL) << 24) | \ 29 | ((x & 0x000000000000FF00ULL) << 40) | \ 30 | ((x & 0x00000000000000FFULL) << 56)) 31 | 32 | typedef void (*mul128_f) (uint64_t *result, uint64_t *arg1, uint64_t *arg2); 33 | 34 | typedef struct { 35 | union { 36 | uint64_t u[2]; 37 | uint32_t d[4]; 38 | uint8_t c[16]; 39 | } nonce, Yi, Zi, EKi, Hi, len, ACi, mul, sum, tag; 40 | 41 | unsigned int mres, ares; 42 | block128_f block; 43 | mul128_f mul_gf; 44 | int blocklen; 45 | void *key; 46 | } mgm128_context; 47 | 48 | typedef struct { 49 | union { 50 | struct ossl_gost_cipher_ctx g_ks; 51 | gost_grasshopper_cipher_ctx gh_ks; 52 | } ks; 53 | int key_set; 54 | int iv_set; 55 | mgm128_context mgm; 56 | unsigned char *iv; 57 | int ivlen; 58 | int taglen; 59 | int tlstree_mode; 60 | } gost_mgm_ctx; 61 | 62 | int gost2015_final_call(EVP_CIPHER_CTX *ctx, EVP_MD_CTX *omac_ctx, size_t mac_size, 63 | unsigned char *encrypted_mac, 64 | int (*do_cipher) (EVP_CIPHER_CTX *ctx, 65 | unsigned char *out, 66 | const unsigned char *in, 67 | size_t inl)); 68 | 69 | /* IV is expected to be 16 bytes*/ 70 | int gost2015_get_asn1_params(const ASN1_TYPE *params, size_t ukm_size, 71 | unsigned char *iv, size_t ukm_offset, unsigned char *kdf_seed); 72 | 73 | int gost2015_set_asn1_params(ASN1_TYPE *params, 74 | const unsigned char *iv, size_t iv_size, const unsigned char *kdf_seed); 75 | 76 | int gost2015_process_unprotected_attributes(STACK_OF(X509_ATTRIBUTE) *attrs, 77 | int encryption, size_t mac_len, unsigned char *final_tag); 78 | 79 | int gost2015_acpkm_omac_init(int nid, int enc, const unsigned char *inkey, 80 | EVP_MD_CTX *omac_ctx, 81 | unsigned char *outkey, unsigned char *kdf_seed); 82 | int init_zero_kdf_seed(unsigned char *kdf_seed); 83 | 84 | 85 | /* enc/dec mgm mode */ 86 | 87 | void gost_mgm128_init(mgm128_context *ctx, void *key, block128_f block, 88 | mul128_f mul_gf, int blen); 89 | 90 | int gost_mgm128_setiv(mgm128_context *ctx, const unsigned char *iv, size_t len); 91 | 92 | int gost_mgm128_aad(mgm128_context *ctx, const unsigned char *aad, size_t len); 93 | 94 | int gost_mgm128_encrypt(mgm128_context *ctx, const unsigned char *in, 95 | unsigned char *out, size_t len); 96 | 97 | int gost_mgm128_decrypt(mgm128_context *ctx, const unsigned char *in, 98 | unsigned char *out, size_t len); 99 | 100 | int gost_mgm128_finish(mgm128_context *ctx, const unsigned char *tag, size_t len); 101 | 102 | void gost_mgm128_tag(mgm128_context *ctx, unsigned char *tag, size_t len); 103 | 104 | #endif 105 | -------------------------------------------------------------------------------- /gost_grasshopper.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Maxim Tishkov 2016 3 | * This file is distributed under the same license as OpenSSL 4 | */ 5 | 6 | #ifndef GOST_GRASSHOPPER_H 7 | #define GOST_GRASSHOPPER_H 8 | 9 | #if defined(__cplusplus) 10 | extern "C" { 11 | #endif 12 | 13 | #include "gost_grasshopper_defines.h" 14 | #include "gost_grasshopper_math.h" 15 | #include "gost_grasshopper_cipher.h" 16 | #include "gost_grasshopper_precompiled.h" 17 | #include "gost_grasshopper_core.h" 18 | 19 | #if defined(__cplusplus) 20 | } 21 | #endif 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /gost_grasshopper_cipher.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Maxim Tishkov 2016 3 | * This file is distributed under the same license as OpenSSL 4 | */ 5 | 6 | #ifndef GOST_GRASSHOPPER_CIPHER_H 7 | #define GOST_GRASSHOPPER_CIPHER_H 8 | 9 | #define SN_kuznyechik_mgm "kuznyechik-mgm" 10 | 11 | #if defined(__cplusplus) 12 | extern "C" { 13 | #endif 14 | 15 | #include "gost_grasshopper_defines.h" 16 | 17 | #include "gost_lcl.h" 18 | #include 19 | 20 | // not thread safe 21 | // because of buffers 22 | typedef struct { 23 | uint8_t type; 24 | grasshopper_key_t master_key; 25 | grasshopper_key_t key; 26 | grasshopper_round_keys_t encrypt_round_keys; 27 | grasshopper_round_keys_t decrypt_round_keys; 28 | grasshopper_w128_t buffer; 29 | } gost_grasshopper_cipher_ctx; 30 | 31 | typedef struct { 32 | gost_grasshopper_cipher_ctx c; 33 | grasshopper_w128_t partial_buffer; 34 | unsigned int section_size; /* After how much bytes mesh the key, 35 | if 0 never mesh and work like plain ctr. */ 36 | unsigned char kdf_seed[8]; 37 | unsigned char tag[16]; 38 | EVP_MD_CTX *omac_ctx; 39 | } gost_grasshopper_cipher_ctx_ctr; 40 | 41 | static void gost_grasshopper_cipher_key(gost_grasshopper_cipher_ctx* c, const uint8_t* k); 42 | 43 | static void gost_grasshopper_cipher_destroy(gost_grasshopper_cipher_ctx* c); 44 | 45 | static int gost_grasshopper_cipher_init_ecb(EVP_CIPHER_CTX* ctx, 46 | const unsigned char* key, const unsigned char* iv, int enc); 47 | 48 | static int gost_grasshopper_cipher_init_cbc(EVP_CIPHER_CTX* ctx, 49 | const unsigned char* key, const unsigned char* iv, int enc); 50 | 51 | static int gost_grasshopper_cipher_init_ofb(EVP_CIPHER_CTX* ctx, 52 | const unsigned char* key, const unsigned char* iv, int enc); 53 | 54 | static int gost_grasshopper_cipher_init_cfb(EVP_CIPHER_CTX* ctx, 55 | const unsigned char* key, const unsigned char* iv, int enc); 56 | 57 | static int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX* ctx, 58 | const unsigned char* key, const unsigned char* iv, int enc); 59 | 60 | static int gost_grasshopper_cipher_init_ctracpkm(EVP_CIPHER_CTX* ctx, 61 | const unsigned char* key, const unsigned char* iv, int enc); 62 | 63 | static int gost_grasshopper_cipher_init_ctracpkm_omac(EVP_CIPHER_CTX* ctx, 64 | const unsigned char* key, const unsigned char* iv, int enc); 65 | 66 | static int gost_grasshopper_cipher_init_mgm(EVP_CIPHER_CTX* ctx, 67 | const unsigned char* key, const unsigned char* iv, int enc); 68 | 69 | static int gost_grasshopper_cipher_init(EVP_CIPHER_CTX* ctx, const unsigned char* key, 70 | const unsigned char* iv, int enc); 71 | 72 | static int gost_grasshopper_cipher_do(EVP_CIPHER_CTX* ctx, unsigned char* out, 73 | const unsigned char* in, size_t inl); 74 | 75 | static int gost_grasshopper_cipher_do_ecb(EVP_CIPHER_CTX* ctx, unsigned char* out, 76 | const unsigned char* in, size_t inl); 77 | 78 | static int gost_grasshopper_cipher_do_cbc(EVP_CIPHER_CTX* ctx, unsigned char* out, 79 | const unsigned char* in, size_t inl); 80 | 81 | static int gost_grasshopper_cipher_do_ofb(EVP_CIPHER_CTX* ctx, unsigned char* out, 82 | const unsigned char* in, size_t inl); 83 | 84 | static int gost_grasshopper_cipher_do_cfb(EVP_CIPHER_CTX* ctx, unsigned char* out, 85 | const unsigned char* in, size_t inl); 86 | 87 | static int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, 88 | const unsigned char* in, size_t inl); 89 | 90 | static int gost_grasshopper_cipher_do_ctracpkm(EVP_CIPHER_CTX* ctx, unsigned char* out, 91 | const unsigned char* in, size_t inl); 92 | 93 | static int gost_grasshopper_cipher_do_ctracpkm_omac(EVP_CIPHER_CTX* ctx, unsigned char* out, 94 | const unsigned char* in, size_t inl); 95 | 96 | static int gost_grasshopper_cipher_do_mgm(EVP_CIPHER_CTX* ctx, unsigned char* out, 97 | const unsigned char* in, size_t inl); 98 | 99 | static int gost_grasshopper_cipher_cleanup(EVP_CIPHER_CTX* ctx); 100 | 101 | static int gost_grasshopper_mgm_cleanup(EVP_CIPHER_CTX *c); 102 | 103 | static int gost_grasshopper_set_asn1_parameters(EVP_CIPHER_CTX* ctx, ASN1_TYPE* params); 104 | 105 | static int gost_grasshopper_get_asn1_parameters(EVP_CIPHER_CTX* ctx, ASN1_TYPE* params); 106 | 107 | static int gost_grasshopper_cipher_ctl(EVP_CIPHER_CTX* ctx, int type, int arg, void* ptr); 108 | 109 | static int gost_grasshopper_mgm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); 110 | 111 | const EVP_CIPHER* cipher_gost_grasshopper_ctracpkm(); 112 | 113 | #if defined(__cplusplus) 114 | } 115 | #endif 116 | 117 | #endif 118 | -------------------------------------------------------------------------------- /gost_grasshopper_core.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Maxim Tishkov 2016 3 | * This file is distributed under the same license as OpenSSL 4 | */ 5 | 6 | #if defined(__cplusplus) 7 | extern "C" { 8 | #endif 9 | 10 | #include "gost_grasshopper_core.h" 11 | #include "gost_grasshopper_math.h" 12 | #include "gost_grasshopper_precompiled.h" 13 | #include "gost_grasshopper_defines.h" 14 | 15 | static GRASSHOPPER_INLINE void grasshopper_l(grasshopper_w128_t* w) { 16 | unsigned int j; 17 | int i; 18 | 19 | // 16 rounds 20 | for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); j++) { 21 | uint8_t x; 22 | 23 | // An LFSR with 16 elements from GF(2^8) 24 | x = w->b[15]; // since lvec[15] = 1 25 | 26 | for (i = 14; i >= 0; i--) { 27 | w->b[i + 1] = w->b[i]; 28 | x ^= grasshopper_galois_mul(w->b[i], grasshopper_lvec[i]); 29 | } 30 | w->b[0] = x; 31 | } 32 | } 33 | 34 | static GRASSHOPPER_INLINE void grasshopper_l_inv(grasshopper_w128_t* w) { 35 | unsigned int j; 36 | int i; 37 | 38 | // 16 rounds 39 | for (j = 0; j < sizeof(grasshopper_lvec) / sizeof(grasshopper_lvec[0]); j++) { 40 | uint8_t x = w->b[0]; 41 | for (i = 0; i < 15; i++) { 42 | w->b[i] = w->b[i + 1]; 43 | x ^= grasshopper_galois_mul(w->b[i], grasshopper_lvec[i]); 44 | } 45 | w->b[15] = x; 46 | } 47 | } 48 | 49 | // key setup 50 | 51 | void grasshopper_set_encrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key) { 52 | grasshopper_w128_t c, x, y, z; 53 | int i; 54 | 55 | for (i = 0; i < 16; i++) { 56 | // this will be have to changed for little-endian systems 57 | x.b[i] = key->k.b[i]; 58 | y.b[i] = key->k.b[i + 16]; 59 | } 60 | 61 | grasshopper_copy128(&subkeys->k[0], &x); 62 | grasshopper_copy128(&subkeys->k[1], &y); 63 | 64 | for (i = 1; i <= 32; i++) { 65 | 66 | // C Value 67 | grasshopper_zero128(&c); 68 | c.b[15] = (uint8_t) i; // load round in lsb 69 | grasshopper_l(&c); 70 | 71 | grasshopper_plus128(&z, &x, &c); 72 | grasshopper_convert128(&z, grasshopper_pi); 73 | grasshopper_l(&z); 74 | grasshopper_append128(&z, &y); 75 | 76 | grasshopper_copy128(&y, &x); 77 | grasshopper_copy128(&x, &z); 78 | 79 | if ((i & 7) == 0) { 80 | int k = i >> 2; 81 | grasshopper_copy128(&subkeys->k[k], &x); 82 | grasshopper_copy128(&subkeys->k[k + 1], &y); 83 | } 84 | } 85 | 86 | // security++ 87 | grasshopper_zero128(&c); 88 | grasshopper_zero128(&x); 89 | grasshopper_zero128(&y); 90 | grasshopper_zero128(&z); 91 | } 92 | 93 | void grasshopper_set_decrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key) { 94 | int i; 95 | grasshopper_set_encrypt_key(subkeys, key); 96 | 97 | for (i = 1; i < 10; i++) { 98 | grasshopper_l_inv(&subkeys->k[i]); 99 | } 100 | } 101 | 102 | void grasshopper_encrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source, 103 | grasshopper_w128_t* target, grasshopper_w128_t* buffer) { 104 | int i; 105 | grasshopper_copy128(target, source); 106 | 107 | for (i = 0; i < 9; i++) { 108 | grasshopper_append128(target, &subkeys->k[i]); 109 | grasshopper_append128multi(buffer, target, grasshopper_pil_enc128); 110 | } 111 | 112 | grasshopper_append128(target, &subkeys->k[9]); 113 | } 114 | 115 | void grasshopper_decrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source, 116 | grasshopper_w128_t* target, grasshopper_w128_t* buffer) { 117 | int i; 118 | grasshopper_copy128(target, source); 119 | 120 | grasshopper_append128multi(buffer, target, grasshopper_l_dec128); 121 | 122 | for (i = 9; i > 1; i--) { 123 | grasshopper_append128(target, &subkeys->k[i]); 124 | grasshopper_append128multi(buffer, target, grasshopper_pil_dec128); 125 | } 126 | 127 | grasshopper_append128(target, &subkeys->k[1]); 128 | grasshopper_convert128(target, grasshopper_pi_inv); 129 | grasshopper_append128(target, &subkeys->k[0]); 130 | } 131 | 132 | #if defined(__cplusplus) 133 | } 134 | #endif 135 | -------------------------------------------------------------------------------- /gost_grasshopper_core.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Maxim Tishkov 2016 3 | * This file is distributed under the same license as OpenSSL 4 | */ 5 | 6 | #ifndef GOST_GRASSHOPPER_CORE_H 7 | #define GOST_GRASSHOPPER_CORE_H 8 | 9 | #if defined(__cplusplus) 10 | extern "C" { 11 | #endif 12 | 13 | #include "gost_grasshopper_defines.h" 14 | 15 | static void grasshopper_l(grasshopper_w128_t* w); 16 | static void grasshopper_l_inv(grasshopper_w128_t* w); 17 | 18 | // key setup 19 | extern void grasshopper_set_encrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key); 20 | extern void grasshopper_set_decrypt_key(grasshopper_round_keys_t* subkeys, const grasshopper_key_t* key); 21 | 22 | // single-block ecp ops 23 | extern void grasshopper_encrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source, grasshopper_w128_t* target, grasshopper_w128_t* buffer); 24 | extern void grasshopper_decrypt_block(grasshopper_round_keys_t* subkeys, grasshopper_w128_t* source, grasshopper_w128_t* target, grasshopper_w128_t* buffer); 25 | 26 | #if defined(__cplusplus) 27 | } 28 | #endif 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /gost_grasshopper_defines.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Maxim Tishkov 2016 3 | * This file is distributed under the same license as OpenSSL 4 | */ 5 | 6 | #if defined(__cplusplus) 7 | extern "C" { 8 | #endif 9 | 10 | #include "gost_grasshopper_defines.h" 11 | 12 | // The S-Box from section 5.1.1 13 | 14 | const uint8_t grasshopper_pi[0x100] = { 15 | 0xFC, 0xEE, 0xDD, 0x11, 0xCF, 0x6E, 0x31, 0x16, // 00..07 16 | 0xFB, 0xC4, 0xFA, 0xDA, 0x23, 0xC5, 0x04, 0x4D, // 08..0F 17 | 0xE9, 0x77, 0xF0, 0xDB, 0x93, 0x2E, 0x99, 0xBA, // 10..17 18 | 0x17, 0x36, 0xF1, 0xBB, 0x14, 0xCD, 0x5F, 0xC1, // 18..1F 19 | 0xF9, 0x18, 0x65, 0x5A, 0xE2, 0x5C, 0xEF, 0x21, // 20..27 20 | 0x81, 0x1C, 0x3C, 0x42, 0x8B, 0x01, 0x8E, 0x4F, // 28..2F 21 | 0x05, 0x84, 0x02, 0xAE, 0xE3, 0x6A, 0x8F, 0xA0, // 30..37 22 | 0x06, 0x0B, 0xED, 0x98, 0x7F, 0xD4, 0xD3, 0x1F, // 38..3F 23 | 0xEB, 0x34, 0x2C, 0x51, 0xEA, 0xC8, 0x48, 0xAB, // 40..47 24 | 0xF2, 0x2A, 0x68, 0xA2, 0xFD, 0x3A, 0xCE, 0xCC, // 48..4F 25 | 0xB5, 0x70, 0x0E, 0x56, 0x08, 0x0C, 0x76, 0x12, // 50..57 26 | 0xBF, 0x72, 0x13, 0x47, 0x9C, 0xB7, 0x5D, 0x87, // 58..5F 27 | 0x15, 0xA1, 0x96, 0x29, 0x10, 0x7B, 0x9A, 0xC7, // 60..67 28 | 0xF3, 0x91, 0x78, 0x6F, 0x9D, 0x9E, 0xB2, 0xB1, // 68..6F 29 | 0x32, 0x75, 0x19, 0x3D, 0xFF, 0x35, 0x8A, 0x7E, // 70..77 30 | 0x6D, 0x54, 0xC6, 0x80, 0xC3, 0xBD, 0x0D, 0x57, // 78..7F 31 | 0xDF, 0xF5, 0x24, 0xA9, 0x3E, 0xA8, 0x43, 0xC9, // 80..87 32 | 0xD7, 0x79, 0xD6, 0xF6, 0x7C, 0x22, 0xB9, 0x03, // 88..8F 33 | 0xE0, 0x0F, 0xEC, 0xDE, 0x7A, 0x94, 0xB0, 0xBC, // 90..97 34 | 0xDC, 0xE8, 0x28, 0x50, 0x4E, 0x33, 0x0A, 0x4A, // 98..9F 35 | 0xA7, 0x97, 0x60, 0x73, 0x1E, 0x00, 0x62, 0x44, // A0..A7 36 | 0x1A, 0xB8, 0x38, 0x82, 0x64, 0x9F, 0x26, 0x41, // A8..AF 37 | 0xAD, 0x45, 0x46, 0x92, 0x27, 0x5E, 0x55, 0x2F, // B0..B7 38 | 0x8C, 0xA3, 0xA5, 0x7D, 0x69, 0xD5, 0x95, 0x3B, // B8..BF 39 | 0x07, 0x58, 0xB3, 0x40, 0x86, 0xAC, 0x1D, 0xF7, // C0..C7 40 | 0x30, 0x37, 0x6B, 0xE4, 0x88, 0xD9, 0xE7, 0x89, // C8..CF 41 | 0xE1, 0x1B, 0x83, 0x49, 0x4C, 0x3F, 0xF8, 0xFE, // D0..D7 42 | 0x8D, 0x53, 0xAA, 0x90, 0xCA, 0xD8, 0x85, 0x61, // D8..DF 43 | 0x20, 0x71, 0x67, 0xA4, 0x2D, 0x2B, 0x09, 0x5B, // E0..E7 44 | 0xCB, 0x9B, 0x25, 0xD0, 0xBE, 0xE5, 0x6C, 0x52, // E8..EF 45 | 0x59, 0xA6, 0x74, 0xD2, 0xE6, 0xF4, 0xB4, 0xC0, // F0..F7 46 | 0xD1, 0x66, 0xAF, 0xC2, 0x39, 0x4B, 0x63, 0xB6, // F8..FF 47 | }; 48 | 49 | // Inverse S-Box 50 | 51 | const uint8_t grasshopper_pi_inv[0x100] = { 52 | 0xA5, 0x2D, 0x32, 0x8F, 0x0E, 0x30, 0x38, 0xC0, // 00..07 53 | 0x54, 0xE6, 0x9E, 0x39, 0x55, 0x7E, 0x52, 0x91, // 08..0F 54 | 0x64, 0x03, 0x57, 0x5A, 0x1C, 0x60, 0x07, 0x18, // 10..17 55 | 0x21, 0x72, 0xA8, 0xD1, 0x29, 0xC6, 0xA4, 0x3F, // 18..1F 56 | 0xE0, 0x27, 0x8D, 0x0C, 0x82, 0xEA, 0xAE, 0xB4, // 20..27 57 | 0x9A, 0x63, 0x49, 0xE5, 0x42, 0xE4, 0x15, 0xB7, // 28..2F 58 | 0xC8, 0x06, 0x70, 0x9D, 0x41, 0x75, 0x19, 0xC9, // 30..37 59 | 0xAA, 0xFC, 0x4D, 0xBF, 0x2A, 0x73, 0x84, 0xD5, // 38..3F 60 | 0xC3, 0xAF, 0x2B, 0x86, 0xA7, 0xB1, 0xB2, 0x5B, // 40..47 61 | 0x46, 0xD3, 0x9F, 0xFD, 0xD4, 0x0F, 0x9C, 0x2F, // 48..4F 62 | 0x9B, 0x43, 0xEF, 0xD9, 0x79, 0xB6, 0x53, 0x7F, // 50..57 63 | 0xC1, 0xF0, 0x23, 0xE7, 0x25, 0x5E, 0xB5, 0x1E, // 58..5F 64 | 0xA2, 0xDF, 0xA6, 0xFE, 0xAC, 0x22, 0xF9, 0xE2, // 60..67 65 | 0x4A, 0xBC, 0x35, 0xCA, 0xEE, 0x78, 0x05, 0x6B, // 68..6F 66 | 0x51, 0xE1, 0x59, 0xA3, 0xF2, 0x71, 0x56, 0x11, // 70..77 67 | 0x6A, 0x89, 0x94, 0x65, 0x8C, 0xBB, 0x77, 0x3C, // 78..7F 68 | 0x7B, 0x28, 0xAB, 0xD2, 0x31, 0xDE, 0xC4, 0x5F, // 80..87 69 | 0xCC, 0xCF, 0x76, 0x2C, 0xB8, 0xD8, 0x2E, 0x36, // 88..8F 70 | 0xDB, 0x69, 0xB3, 0x14, 0x95, 0xBE, 0x62, 0xA1, // 90..97 71 | 0x3B, 0x16, 0x66, 0xE9, 0x5C, 0x6C, 0x6D, 0xAD, // 98..9F 72 | 0x37, 0x61, 0x4B, 0xB9, 0xE3, 0xBA, 0xF1, 0xA0, // A0..A7 73 | 0x85, 0x83, 0xDA, 0x47, 0xC5, 0xB0, 0x33, 0xFA, // A8..AF 74 | 0x96, 0x6F, 0x6E, 0xC2, 0xF6, 0x50, 0xFF, 0x5D, // B0..B7 75 | 0xA9, 0x8E, 0x17, 0x1B, 0x97, 0x7D, 0xEC, 0x58, // B8..BF 76 | 0xF7, 0x1F, 0xFB, 0x7C, 0x09, 0x0D, 0x7A, 0x67, // C0..C7 77 | 0x45, 0x87, 0xDC, 0xE8, 0x4F, 0x1D, 0x4E, 0x04, // C8..CF 78 | 0xEB, 0xF8, 0xF3, 0x3E, 0x3D, 0xBD, 0x8A, 0x88, // D0..D7 79 | 0xDD, 0xCD, 0x0B, 0x13, 0x98, 0x02, 0x93, 0x80, // D8..DF 80 | 0x90, 0xD0, 0x24, 0x34, 0xCB, 0xED, 0xF4, 0xCE, // E0..E7 81 | 0x99, 0x10, 0x44, 0x40, 0x92, 0x3A, 0x01, 0x26, // E8..EF 82 | 0x12, 0x1A, 0x48, 0x68, 0xF5, 0x81, 0x8B, 0xC7, // F0..F7 83 | 0xD6, 0x20, 0x0A, 0x08, 0x00, 0x4C, 0xD7, 0x74 // F8..FF 84 | }; 85 | 86 | // Linear vector from sect 5.1.2 87 | 88 | const uint8_t grasshopper_lvec[16] = { 89 | 0x94, 0x20, 0x85, 0x10, 0xC2, 0xC0, 0x01, 0xFB, 90 | 0x01, 0xC0, 0xC2, 0x10, 0x85, 0x20, 0x94, 0x01 91 | }; 92 | 93 | #if defined(__cplusplus) 94 | } 95 | #endif 96 | -------------------------------------------------------------------------------- /gost_grasshopper_defines.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Maxim Tishkov 2016 3 | * This file is distributed under the same license as OpenSSL 4 | */ 5 | 6 | #ifndef GOST_GRASSHOPPER_DEFINES_H 7 | #define GOST_GRASSHOPPER_DEFINES_H 8 | 9 | #if defined(__cplusplus) 10 | extern "C" { 11 | #endif 12 | 13 | #include 14 | #include 15 | 16 | # if !defined(inline) && !defined(__cplusplus) 17 | # if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L 18 | # define GRASSHOPPER_INLINE inline 19 | # elif defined(__GNUC__) && __GNUC__ >= 2 20 | # define GRASSHOPPER_INLINE __inline__ 21 | # define likely(x) __builtin_expect(!!(x), 1) 22 | # elif defined(_MSC_VER) 23 | # define GRASSHOPPER_INLINE __inline 24 | # else 25 | # define GRASSHOPPER_INLINE 26 | # endif 27 | # else 28 | # define GRASSHOPPER_INLINE inline 29 | # endif 30 | 31 | # if !defined(likely) 32 | # define likely(x) x 33 | # endif 34 | 35 | typedef union { 36 | uint8_t b[16]; 37 | uint64_t q[2]; 38 | uint32_t d[4]; 39 | uint16_t w[8]; 40 | } grasshopper_w128_t; 41 | 42 | typedef union { 43 | uint8_t b[32]; 44 | uint64_t q[4]; 45 | uint32_t d[8]; 46 | uint16_t w[16]; 47 | grasshopper_w128_t k[2]; 48 | } grasshopper_w256_t; 49 | 50 | typedef struct { 51 | grasshopper_w256_t k; 52 | } grasshopper_key_t; 53 | 54 | #define GRASSHOPPER_ROUND_KEYS_COUNT 10 55 | 56 | typedef struct { 57 | grasshopper_w128_t k[GRASSHOPPER_ROUND_KEYS_COUNT]; 58 | } grasshopper_round_keys_t; 59 | 60 | extern const uint8_t grasshopper_pi[0x100]; 61 | 62 | extern const uint8_t grasshopper_pi_inv[0x100]; 63 | 64 | extern const uint8_t grasshopper_lvec[16]; 65 | 66 | #define GRASSHOPPER_BLOCK_SIZE (128/8) 67 | #define GRASSHOPPER_KEY_SIZE (256/8) 68 | 69 | #if defined(__cplusplus) 70 | } 71 | #endif 72 | 73 | #endif 74 | -------------------------------------------------------------------------------- /gost_grasshopper_galois_precompiled.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Maxim Tishkov 2016 3 | * This file is distributed under the same license as OpenSSL 4 | */ 5 | 6 | #include "gost_grasshopper_precompiled.h" 7 | #include "gost_grasshopper_defines.h" 8 | 9 | uint8_t grasshopper_galois_alpha_to[256] = { 10 | 1, 2, 4, 8, 16, 32, 64, 128, 195, 69, 138, 215, 109, 218, 119, 238, 31, 62, 124, 248, 51, 102, 204, 91, 182, 175, 157, 249, 49, 98, 196, 75, 150, 239, 29, 58, 116, 232, 19, 38, 76, 152, 243, 37, 74, 148, 235, 21, 42, 84, 168, 147, 229, 9, 18, 36, 72, 144, 227, 5, 10, 20, 40, 80, 160, 131, 197, 73, 146, 231, 13, 26, 52, 104, 208, 99, 198, 79, 158, 255, 61, 122, 244, 43, 86, 172, 155, 245, 41, 82, 164, 139, 213, 105, 210, 103, 206, 95, 190, 191, 189, 185, 177, 161, 129, 193, 65, 130, 199, 77, 154, 247, 45, 90, 180, 171, 149, 233, 17, 34, 68, 136, 211, 101, 202, 87, 174, 159, 253, 57, 114, 228, 11, 22, 44, 88, 176, 163, 133, 201, 81, 162, 135, 205, 89, 178, 167, 141, 217, 113, 226, 7, 14, 28, 56, 112, 224, 3, 6, 12, 24, 48, 96, 192, 67, 134, 207, 93, 186, 183, 173, 153, 241, 33, 66, 132, 203, 85, 170, 151, 237, 25, 50, 100, 200, 83, 166, 143, 221, 121, 242, 39, 78, 156, 251, 53, 106, 212, 107, 214, 111, 222, 127, 254, 63, 126, 252, 59, 118, 236, 27, 54, 108, 216, 115, 230, 15, 30, 60, 120, 240, 35, 70, 140, 219, 117, 234, 23, 46, 92, 184, 179, 165, 137, 209, 97, 194, 71, 142, 223, 125, 250, 55, 110, 220, 123, 246, 47, 94, 188, 187, 181, 169, 145, 225, 1, 11 | }; 12 | uint8_t grasshopper_galois_index_of[256] = { 13 | 255, 0, 1, 157, 2, 59, 158, 151, 3, 53, 60, 132, 159, 70, 152, 216, 4, 118, 54, 38, 61, 47, 133, 227, 160, 181, 71, 210, 153, 34, 217, 16, 5, 173, 119, 221, 55, 43, 39, 191, 62, 88, 48, 83, 134, 112, 228, 247, 161, 28, 182, 20, 72, 195, 211, 242, 154, 129, 35, 207, 218, 80, 17, 204, 6, 106, 174, 164, 120, 9, 222, 237, 56, 67, 44, 31, 40, 109, 192, 77, 63, 140, 89, 185, 49, 177, 84, 125, 135, 144, 113, 23, 229, 167, 248, 97, 162, 235, 29, 75, 183, 123, 21, 95, 73, 93, 196, 198, 212, 12, 243, 200, 155, 149, 130, 214, 36, 225, 208, 14, 219, 189, 81, 245, 18, 240, 205, 202, 7, 104, 107, 65, 175, 138, 165, 142, 121, 233, 10, 91, 223, 147, 238, 187, 57, 253, 68, 51, 45, 116, 32, 179, 41, 171, 110, 86, 193, 26, 78, 127, 64, 103, 141, 137, 90, 232, 186, 146, 50, 252, 178, 115, 85, 170, 126, 25, 136, 102, 145, 231, 114, 251, 24, 169, 230, 101, 168, 250, 249, 100, 98, 99, 163, 105, 236, 8, 30, 66, 76, 108, 184, 139, 124, 176, 22, 143, 96, 166, 74, 234, 94, 122, 197, 92, 199, 11, 213, 148, 13, 224, 244, 188, 201, 239, 156, 254, 150, 58, 131, 52, 215, 69, 37, 117, 226, 46, 209, 180, 15, 33, 220, 172, 190, 42, 82, 87, 246, 111, 19, 27, 241, 194, 206, 128, 203, 79, 14 | }; 15 | -------------------------------------------------------------------------------- /gost_grasshopper_math.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Maxim Tishkov 2016 3 | * This file is distributed under the same license as OpenSSL 4 | */ 5 | 6 | #ifndef GOST_GRASSHOPPER_MATH_H 7 | #define GOST_GRASSHOPPER_MATH_H 8 | 9 | #if defined(__cplusplus) 10 | extern "C" { 11 | #endif 12 | 13 | #include "gost_grasshopper_defines.h" 14 | 15 | #if defined(__SSE__) || defined(__SSE2__) || defined(__SSE2_MATH__) || defined(__SSE3__) || defined(__SSE_MATH__) \ 16 | || defined(__SSE4_1__)|| defined(__SSE4_2__)|| defined(__SSSE3__) 17 | #define GRASSHOPPER_SSE_SUPPORTED 18 | #endif 19 | 20 | #define GRASSHOPPER_MIN_BITS 8 21 | #define GRASSHOPPER_MAX_BITS 128 22 | 23 | #if UINTPTR_MAX == 0xff 24 | #define GRASSHOPPER_BITS 8 25 | #elif UINTPTR_MAX == 0xffff 26 | #define GRASSHOPPER_BITS 16 27 | #elif UINTPTR_MAX == 0xffffffff 28 | #define GRASSHOPPER_BITS 32 29 | #elif UINTPTR_MAX == 0xffffffffffffffff 30 | #define GRASSHOPPER_BITS 64 31 | #endif 32 | 33 | #define GRASSHOPPER_BIT_PARTS_8 (GRASSHOPPER_MAX_BITS / 8) 34 | #define GRASSHOPPER_BIT_PARTS_16 (GRASSHOPPER_MAX_BITS / 16) 35 | #define GRASSHOPPER_BIT_PARTS_32 (GRASSHOPPER_MAX_BITS / 32) 36 | #define GRASSHOPPER_BIT_PARTS_64 (GRASSHOPPER_MAX_BITS / 64) 37 | 38 | #define GRASSHOPPER_BIT_PARTS (GRASSHOPPER_MAX_BITS / GRASSHOPPER_BITS) 39 | #define GRASSHOPPER_MAX_BIT_PARTS (GRASSHOPPER_MAX_BITS / GRASSHOPPER_MIN_BITS) 40 | 41 | #define GRASSHOPPER_ACCESS_128_VALUE_8(key, part) ((key).b[(part)]) 42 | #define GRASSHOPPER_ACCESS_128_VALUE_16(key, part) ((key).w[(part)]) 43 | #define GRASSHOPPER_ACCESS_128_VALUE_32(key, part) ((key).d[(part)]) 44 | #define GRASSHOPPER_ACCESS_128_VALUE_64(key, part) ((key).q[(part)]) 45 | 46 | #if(GRASSHOPPER_BITS == 8) 47 | #define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_8 48 | #elif(GRASSHOPPER_BITS == 16) 49 | #define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_16 50 | #elif(GRASSHOPPER_BITS == 32) 51 | #define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_32 52 | #elif(GRASSHOPPER_BITS == 64) 53 | #define GRASSHOPPER_ACCESS_128_VALUE GRASSHOPPER_ACCESS_128_VALUE_64 54 | #endif 55 | 56 | static GRASSHOPPER_INLINE void grasshopper_zero128(grasshopper_w128_t* x) { 57 | #if(GRASSHOPPER_BITS == 8 || GRASSHOPPER_BITS == 16) 58 | memset(&x, 0, sizeof(x)); 59 | #else 60 | int i; 61 | for (i = 0; i < GRASSHOPPER_BIT_PARTS; i++) { 62 | GRASSHOPPER_ACCESS_128_VALUE(*x, i) = 0; 63 | } 64 | #endif 65 | } 66 | 67 | static GRASSHOPPER_INLINE void grasshopper_copy128(grasshopper_w128_t* to, const grasshopper_w128_t* from) { 68 | #if(GRASSHOPPER_BITS == 8 || GRASSHOPPER_BITS == 16) 69 | __builtin_memcpy(&to, &from, sizeof(grasshopper_w128_t)); 70 | #else 71 | int i; 72 | for (i = 0; i < GRASSHOPPER_BIT_PARTS; i++) { 73 | GRASSHOPPER_ACCESS_128_VALUE(*to, i) = GRASSHOPPER_ACCESS_128_VALUE(*from, i); 74 | } 75 | #endif 76 | } 77 | 78 | static GRASSHOPPER_INLINE void grasshopper_append128(grasshopper_w128_t* x, const grasshopper_w128_t* y) { 79 | int i; 80 | #ifdef STRICT_ALIGNMENT 81 | for (i = 0; i < 16; i++) { 82 | GRASSHOPPER_ACCESS_128_VALUE_8(*x, i) ^= GRASSHOPPER_ACCESS_128_VALUE_8(*y, i); 83 | } 84 | #else 85 | for (i = 0; i < GRASSHOPPER_BIT_PARTS; i++) { 86 | GRASSHOPPER_ACCESS_128_VALUE(*x, i) ^= GRASSHOPPER_ACCESS_128_VALUE(*y, i); 87 | } 88 | #endif 89 | } 90 | 91 | static GRASSHOPPER_INLINE void grasshopper_plus128(grasshopper_w128_t* result, const grasshopper_w128_t* x, 92 | const grasshopper_w128_t* y) { 93 | grasshopper_copy128(result, x); 94 | grasshopper_append128(result, y); 95 | } 96 | 97 | // result & x must be different 98 | static GRASSHOPPER_INLINE void grasshopper_plus128multi(grasshopper_w128_t* result, const grasshopper_w128_t* x, 99 | const grasshopper_w128_t array[][256]) { 100 | int i; 101 | grasshopper_zero128(result); 102 | for (i = 0; i < GRASSHOPPER_MAX_BIT_PARTS; i++) { 103 | grasshopper_append128(result, &array[i][GRASSHOPPER_ACCESS_128_VALUE_8(*x, i)]); 104 | } 105 | } 106 | 107 | static GRASSHOPPER_INLINE void grasshopper_append128multi(grasshopper_w128_t* result, grasshopper_w128_t* x, 108 | const grasshopper_w128_t array[][256]) { 109 | grasshopper_plus128multi(result, x, array); 110 | grasshopper_copy128(x, result); 111 | } 112 | 113 | static GRASSHOPPER_INLINE void grasshopper_convert128(grasshopper_w128_t* x, const uint8_t* array) { 114 | int i; 115 | for (i = 0; i < GRASSHOPPER_MAX_BIT_PARTS; i++) { 116 | GRASSHOPPER_ACCESS_128_VALUE_8(*x, i) = array[GRASSHOPPER_ACCESS_128_VALUE_8(*x, i)]; 117 | } 118 | } 119 | 120 | #define GRASSHOPPER_GALOIS_POWER 8 121 | 122 | #define GRASSHOPPER_GALOIS_FIELD_SIZE ((1 << GRASSHOPPER_GALOIS_POWER) - 1) 123 | 124 | extern uint8_t grasshopper_galois_alpha_to[256]; 125 | extern uint8_t grasshopper_galois_index_of[256]; 126 | 127 | static GRASSHOPPER_INLINE uint8_t grasshopper_galois_mul(uint8_t x, uint8_t y) { 128 | if (likely(x != 0 && y != 0)) { 129 | return grasshopper_galois_alpha_to[(grasshopper_galois_index_of[x] + grasshopper_galois_index_of[y]) % 130 | GRASSHOPPER_GALOIS_FIELD_SIZE]; 131 | } else { 132 | return 0; 133 | } 134 | } 135 | 136 | #if defined(__cplusplus) 137 | } 138 | #endif 139 | 140 | #endif 141 | -------------------------------------------------------------------------------- /gost_grasshopper_precompiled.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Maxim Tishkov 2016 3 | * This file is distributed under the same license as OpenSSL 4 | */ 5 | 6 | #ifndef GOST_GRASSHOPPER_PRECOMPILED_H 7 | #define GOST_GRASSHOPPER_PRECOMPILED_H 8 | 9 | #include "gost_grasshopper_defines.h" 10 | #include "gost_grasshopper_math.h" 11 | 12 | extern const grasshopper_w128_t grasshopper_pil_enc128[GRASSHOPPER_MAX_BIT_PARTS][256]; 13 | 14 | extern const grasshopper_w128_t grasshopper_l_dec128[GRASSHOPPER_MAX_BIT_PARTS][256]; 15 | 16 | extern const grasshopper_w128_t grasshopper_pil_dec128[GRASSHOPPER_MAX_BIT_PARTS][256]; 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /gost_keywrap.c: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * keywrap.c * 3 | * Copyright (c) 2005-2006 Cryptocom LTD * 4 | * This file is distributed under the same license as OpenSSL * 5 | * * 6 | * Implementation of CryptoPro key wrap algorithm, as defined in * 7 | * RFC 4357 p 6.3 and 6.4 * 8 | * Doesn't need OpenSSL * 9 | **********************************************************************/ 10 | #include 11 | #include "gost89.h" 12 | #include "gost_keywrap.h" 13 | 14 | /*- 15 | * Diversifies key using random UserKey Material 16 | * Implements RFC 4357 p 6.5 key diversification algorithm 17 | * 18 | * inputKey - 32byte key to be diversified 19 | * ukm - 8byte user key material 20 | * outputKey - 32byte buffer to store diversified key 21 | * 22 | */ 23 | void keyDiversifyCryptoPro(gost_ctx * ctx, const unsigned char *inputKey, 24 | const unsigned char *ukm, unsigned char *outputKey) 25 | { 26 | int i; 27 | memcpy(outputKey, inputKey, 32); 28 | for (i = 0; i < 8; i++) { 29 | u4 s1 = 0; 30 | u4 s2 = 0; 31 | int j, mask; 32 | unsigned char S[8]; 33 | /* Make array of integers from key */ 34 | /* Compute IV S */ 35 | for (j = 0, mask = 1; j < 8; j++, mask <<= 1) { 36 | u4 k; 37 | k = ((u4) outputKey[4 * j]) | (outputKey[4 * j + 1] << 8) | 38 | (outputKey[4 * j + 2] << 16) | (outputKey[4 * j + 3] << 24); 39 | if (mask & ukm[i]) { 40 | s1 += k; 41 | } else { 42 | s2 += k; 43 | } 44 | } 45 | S[0] = (unsigned char)(s1 & 0xff); 46 | S[1] = (unsigned char)((s1 >> 8) & 0xff); 47 | S[2] = (unsigned char)((s1 >> 16) & 0xff); 48 | S[3] = (unsigned char)((s1 >> 24) & 0xff); 49 | S[4] = (unsigned char)(s2 & 0xff); 50 | S[5] = (unsigned char)((s2 >> 8) & 0xff); 51 | S[6] = (unsigned char)((s2 >> 16) & 0xff); 52 | S[7] = (unsigned char)((s2 >> 24) & 0xff); 53 | gost_key(ctx, outputKey); 54 | gost_enc_cfb(ctx, S, outputKey, outputKey, 4); 55 | } 56 | } 57 | 58 | /*- 59 | * Wraps key using RFC 4357 6.3 60 | * ctx - gost encryption context, initialized with some S-boxes 61 | * keyExchangeKey (KEK) 32-byte (256-bit) shared key 62 | * ukm - 8 byte (64 bit) user key material, 63 | * sessionKey - 32-byte (256-bit) key to be wrapped 64 | * wrappedKey - 44-byte buffer to store wrapped key 65 | */ 66 | 67 | int keyWrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey, 68 | const unsigned char *ukm, 69 | const unsigned char *sessionKey, 70 | unsigned char *wrappedKey) 71 | { 72 | unsigned char kek_ukm[32]; 73 | keyDiversifyCryptoPro(ctx, keyExchangeKey, ukm, kek_ukm); 74 | gost_key(ctx, kek_ukm); 75 | memcpy(wrappedKey, ukm, 8); 76 | gost_enc(ctx, sessionKey, wrappedKey + 8, 4); 77 | gost_mac_iv(ctx, 32, ukm, sessionKey, 32, wrappedKey + 40); 78 | return 1; 79 | } 80 | 81 | /*- 82 | * Unwraps key using RFC 4357 6.4 83 | * ctx - gost encryption context, initialized with some S-boxes 84 | * keyExchangeKey 32-byte shared key 85 | * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM, 86 | * 32 byte encrypted key and 4 byte MAC 87 | * 88 | * sessionKEy - 32byte buffer to store sessionKey in 89 | * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match 90 | */ 91 | 92 | int keyUnwrapCryptoPro(gost_ctx * ctx, const unsigned char *keyExchangeKey, 93 | const unsigned char *wrappedKey, 94 | unsigned char *sessionKey) 95 | { 96 | unsigned char kek_ukm[32], cek_mac[4]; 97 | keyDiversifyCryptoPro(ctx, keyExchangeKey, wrappedKey 98 | /* First 8 bytes of wrapped Key is ukm */ 99 | , kek_ukm); 100 | gost_key(ctx, kek_ukm); 101 | gost_dec(ctx, wrappedKey + 8, sessionKey, 4); 102 | gost_mac_iv(ctx, 32, wrappedKey, sessionKey, 32, cek_mac); 103 | if (memcmp(cek_mac, wrappedKey + 40, 4)) { 104 | return 0; 105 | } 106 | return 1; 107 | } 108 | -------------------------------------------------------------------------------- /gost_keywrap.h: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * gost_keywrap.h * 3 | * Copyright (c) 2005-2006 Cryptocom LTD * 4 | * This file is distributed under the same license as OpenSSL * 5 | * * 6 | * Implementation of CryptoPro key wrap algorithm, as defined in * 7 | * RFC 4357 p 6.3 and 6.4 * 8 | * Doesn't need OpenSSL * 9 | **********************************************************************/ 10 | #ifndef GOST_KEYWRAP_H 11 | # define GOST_KEYWRAP_H 12 | # include 13 | # include "gost89.h" 14 | /*- 15 | * Diversifies key using random UserKey Material 16 | * Implements RFC 4357 p 6.5 key diversification algorithm 17 | * 18 | * inputKey - 32byte key to be diversified 19 | * ukm - 8byte user key material 20 | * outputKey - 32byte buffer to store diversified key 21 | * 22 | */ 23 | void keyDiversifyCryptoPro(gost_ctx * ctx, 24 | const unsigned char *inputKey, 25 | const unsigned char *ukm, 26 | unsigned char *outputKey); 27 | /*- 28 | * Wraps key using RFC 4357 6.3 29 | * ctx - gost encryption context, initialized with some S-boxes 30 | * keyExchangeKey (KEK) 32-byte (256-bit) shared key 31 | * ukm - 8 byte (64 bit) user key material, 32 | * sessionKey - 32-byte (256-bit) key to be wrapped 33 | * wrappedKey - 44-byte buffer to store wrapped key 34 | */ 35 | 36 | int keyWrapCryptoPro(gost_ctx * ctx, 37 | const unsigned char *keyExchangeKey, 38 | const unsigned char *ukm, 39 | const unsigned char *sessionKey, 40 | unsigned char *wrappedKey); 41 | /*- 42 | * Unwraps key using RFC 4357 6.4 43 | * ctx - gost encryption context, initialized with some S-boxes 44 | * keyExchangeKey 32-byte shared key 45 | * wrappedKey 44 byte key to be unwrapped (concatenation of 8-byte UKM, 46 | * 32 byte encrypted key and 4 byte MAC 47 | * 48 | * sessionKEy - 32byte buffer to store sessionKey in 49 | * Returns 1 if key is decrypted successfully, and 0 if MAC doesn't match 50 | */ 51 | 52 | int keyUnwrapCryptoPro(gost_ctx * ctx, 53 | const unsigned char *keyExchangeKey, 54 | const unsigned char *wrappedKey, 55 | unsigned char *sessionKey); 56 | #endif 57 | -------------------------------------------------------------------------------- /gost_md.c: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * md_gost.c * 3 | * Copyright (c) 2005-2006 Cryptocom LTD * 4 | * Copyright (c) 2020 Vitaly Chikunov * 5 | * This file is distributed under the same license as OpenSSL * 6 | * * 7 | * OpenSSL interface to GOST R 34.11-94 hash functions * 8 | * Requires OpenSSL 0.9.9 for compilation * 9 | **********************************************************************/ 10 | #include 11 | #include "gost_lcl.h" 12 | #include "gosthash.h" 13 | #include "e_gost_err.h" 14 | 15 | /* implementation of GOST 34.11 hash function See gost_md.c*/ 16 | static int gost_digest_init(EVP_MD_CTX *ctx); 17 | static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, 18 | size_t count); 19 | static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md); 20 | static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from); 21 | static int gost_digest_cleanup(EVP_MD_CTX *ctx); 22 | 23 | GOST_digest GostR3411_94_digest = { 24 | .nid = NID_id_GostR3411_94, 25 | .result_size = 32, 26 | .input_blocksize = 32, 27 | .app_datasize = sizeof(struct ossl_gost_digest_ctx), 28 | .init = gost_digest_init, 29 | .update = gost_digest_update, 30 | .final = gost_digest_final, 31 | .copy = gost_digest_copy, 32 | .cleanup = gost_digest_cleanup, 33 | }; 34 | 35 | /* 36 | * Single level template accessor. 37 | * Note: that you cannot template 0 value. 38 | */ 39 | #define TPL(st,field) ( \ 40 | ((st)->field) ? ((st)->field) : TPL_VAL(st,field) \ 41 | ) 42 | 43 | #define TPL_VAL(st,field) ( \ 44 | ((st)->template ? (st)->template->field : 0) \ 45 | ) 46 | 47 | EVP_MD *GOST_init_digest(GOST_digest *d) 48 | { 49 | if (d->digest) 50 | return d->digest; 51 | 52 | EVP_MD *md; 53 | if (!(md = EVP_MD_meth_new(d->nid, NID_undef)) 54 | || !EVP_MD_meth_set_result_size(md, TPL(d, result_size)) 55 | || !EVP_MD_meth_set_input_blocksize(md, TPL(d, input_blocksize)) 56 | || !EVP_MD_meth_set_app_datasize(md, TPL(d, app_datasize)) 57 | || !EVP_MD_meth_set_flags(md, d->flags | TPL_VAL(d, flags)) 58 | || !EVP_MD_meth_set_init(md, TPL(d, init)) 59 | || !EVP_MD_meth_set_update(md, TPL(d, update)) 60 | || !EVP_MD_meth_set_final(md, TPL(d, final)) 61 | || !EVP_MD_meth_set_copy(md, TPL(d, copy)) 62 | || !EVP_MD_meth_set_cleanup(md, TPL(d, cleanup)) 63 | || !EVP_MD_meth_set_ctrl(md, TPL(d, ctrl))) { 64 | EVP_MD_meth_free(md); 65 | md = NULL; 66 | } 67 | if (md && d->alias) 68 | EVP_add_digest_alias(EVP_MD_name(md), d->alias); 69 | d->digest = md; 70 | return md; 71 | } 72 | 73 | void GOST_deinit_digest(GOST_digest *d) 74 | { 75 | if (d->alias) 76 | EVP_delete_digest_alias(d->alias); 77 | EVP_MD_meth_free(d->digest); 78 | d->digest = NULL; 79 | } 80 | 81 | static int gost_digest_init(EVP_MD_CTX *ctx) 82 | { 83 | struct ossl_gost_digest_ctx *c = EVP_MD_CTX_md_data(ctx); 84 | memset(&(c->dctx), 0, sizeof(gost_hash_ctx)); 85 | gost_init(&(c->cctx), &GostR3411_94_CryptoProParamSet); 86 | c->dctx.cipher_ctx = &(c->cctx); 87 | return 1; 88 | } 89 | 90 | static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) 91 | { 92 | return hash_block((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), data, count); 93 | } 94 | 95 | static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md) 96 | { 97 | return finish_hash((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), md); 98 | 99 | } 100 | 101 | static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) 102 | { 103 | struct ossl_gost_digest_ctx *md_ctx = EVP_MD_CTX_md_data(to); 104 | if (EVP_MD_CTX_md_data(to) && EVP_MD_CTX_md_data(from)) { 105 | memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from), 106 | sizeof(struct ossl_gost_digest_ctx)); 107 | md_ctx->dctx.cipher_ctx = &(md_ctx->cctx); 108 | } 109 | return 1; 110 | } 111 | 112 | static int gost_digest_cleanup(EVP_MD_CTX *ctx) 113 | { 114 | if (EVP_MD_CTX_md_data(ctx)) 115 | memset(EVP_MD_CTX_md_data(ctx), 0, 116 | sizeof(struct ossl_gost_digest_ctx)); 117 | return 1; 118 | } 119 | /* vim: set expandtab cinoptions=\:0,l1,t0,g0,(0 sw=4 : */ 120 | -------------------------------------------------------------------------------- /gost_md2012.c: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * gost_md2012.c * 3 | * Copyright (c) 2013 Cryptocom LTD. * 4 | * Copyright (c) 2020 Vitaly Chikunov * 5 | * This file is distributed under the same license as OpenSSL * 6 | * * 7 | * GOST R 34.11-2012 interface to OpenSSL engine. * 8 | * * 9 | * Author: Alexey Degtyarev * 10 | * * 11 | **********************************************************************/ 12 | 13 | #include 14 | #include "gosthash2012.h" 15 | #include "gost_lcl.h" 16 | 17 | static int gost_digest_init512(EVP_MD_CTX *ctx); 18 | static int gost_digest_init256(EVP_MD_CTX *ctx); 19 | static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, 20 | size_t count); 21 | static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md); 22 | static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from); 23 | static int gost_digest_cleanup(EVP_MD_CTX *ctx); 24 | static int gost_digest_ctrl_256(EVP_MD_CTX *ctx, int type, int arg, 25 | void *ptr); 26 | static int gost_digest_ctrl_512(EVP_MD_CTX *ctx, int type, int arg, 27 | void *ptr); 28 | 29 | const char micalg_256[] = "gostr3411-2012-256"; 30 | const char micalg_512[] = "gostr3411-2012-512"; 31 | 32 | GOST_digest GostR3411_2012_template_digest = { 33 | .input_blocksize = 64, 34 | .app_datasize = sizeof(gost2012_hash_ctx), 35 | .update = gost_digest_update, 36 | .final = gost_digest_final, 37 | .copy = gost_digest_copy, 38 | .cleanup = gost_digest_cleanup, 39 | }; 40 | 41 | GOST_digest GostR3411_2012_256_digest = { 42 | .nid = NID_id_GostR3411_2012_256, 43 | .alias = "streebog256", 44 | .template = &GostR3411_2012_template_digest, 45 | .result_size = 32, 46 | .init = gost_digest_init256, 47 | .ctrl = gost_digest_ctrl_256, 48 | }; 49 | 50 | GOST_digest GostR3411_2012_512_digest = { 51 | .nid = NID_id_GostR3411_2012_512, 52 | .alias = "streebog512", 53 | .template = &GostR3411_2012_template_digest, 54 | .result_size = 64, 55 | .init = gost_digest_init512, 56 | .ctrl = gost_digest_ctrl_512, 57 | }; 58 | 59 | static int gost_digest_init512(EVP_MD_CTX *ctx) 60 | { 61 | init_gost2012_hash_ctx((gost2012_hash_ctx *) EVP_MD_CTX_md_data(ctx), 62 | 512); 63 | return 1; 64 | } 65 | 66 | static int gost_digest_init256(EVP_MD_CTX *ctx) 67 | { 68 | init_gost2012_hash_ctx((gost2012_hash_ctx *) EVP_MD_CTX_md_data(ctx), 69 | 256); 70 | return 1; 71 | } 72 | 73 | static int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) 74 | { 75 | gost2012_hash_block((gost2012_hash_ctx *) EVP_MD_CTX_md_data(ctx), data, 76 | count); 77 | return 1; 78 | } 79 | 80 | static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md) 81 | { 82 | gost2012_finish_hash((gost2012_hash_ctx *) EVP_MD_CTX_md_data(ctx), md); 83 | return 1; 84 | } 85 | 86 | static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) 87 | { 88 | if (EVP_MD_CTX_md_data(to) && EVP_MD_CTX_md_data(from)) 89 | memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from), 90 | sizeof(gost2012_hash_ctx)); 91 | 92 | return 1; 93 | } 94 | 95 | static int gost_digest_cleanup(EVP_MD_CTX *ctx) 96 | { 97 | if (EVP_MD_CTX_md_data(ctx)) 98 | memset(EVP_MD_CTX_md_data(ctx), 0x00, sizeof(gost2012_hash_ctx)); 99 | 100 | return 1; 101 | } 102 | 103 | static int gost_digest_ctrl_256(EVP_MD_CTX *ctx, int type, int arg, void *ptr) 104 | { 105 | switch (type) { 106 | case EVP_MD_CTRL_MICALG: 107 | { 108 | *((char **)ptr) = OPENSSL_malloc(strlen(micalg_256) + 1); 109 | if (*((char **)ptr) != NULL) { 110 | strcpy(*((char **)ptr), micalg_256); 111 | return 1; 112 | } 113 | return 0; 114 | } 115 | default: 116 | return 0; 117 | } 118 | } 119 | 120 | static int gost_digest_ctrl_512(EVP_MD_CTX *ctx, int type, int arg, void *ptr) 121 | { 122 | switch (type) { 123 | case EVP_MD_CTRL_MICALG: 124 | { 125 | *((char **)ptr) = OPENSSL_malloc(strlen(micalg_512) + 1); 126 | if (*((char **)ptr) != NULL) { 127 | strcpy(*((char **)ptr), micalg_512); 128 | return 1; 129 | } 130 | } 131 | default: 132 | return 0; 133 | } 134 | } 135 | -------------------------------------------------------------------------------- /gost_prov.h: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * gost_prov.h - The provider itself * 3 | * * 4 | * Copyright (c) 2021 Richard Levitte * 5 | * This file is distributed under the same license as OpenSSL * 6 | * * 7 | * Requires OpenSSL 3.0 for compilation * 8 | **********************************************************************/ 9 | 10 | #include 11 | #include 12 | 13 | struct provider_ctx_st { 14 | OSSL_LIB_CTX *libctx; 15 | const OSSL_CORE_HANDLE *core_handle; 16 | struct proverr_functions_st *proverr_handle; 17 | 18 | /* 19 | * "internal" GOST engine, which is the implementation that all the 20 | * provider functions will use to access the crypto functionality. 21 | * This is pure hackery, but allows us to quickly wrap all the ENGINE 22 | * function with provider wrappers. There is no other supported way 23 | * to do this. 24 | */ 25 | ENGINE *e; 26 | }; 27 | typedef struct provider_ctx_st PROV_CTX; 28 | -------------------------------------------------------------------------------- /gosthash.h: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * gosthash.h * 3 | * Copyright (c) 2005-2006 Cryptocom LTD * 4 | * This file is distributed under the same license as OpenSSL * 5 | * * 6 | * Declaration of GOST R 34.11-94 hash functions * 7 | * uses and gost89.h Doesn't need OpenSSL * 8 | **********************************************************************/ 9 | #ifndef GOSTHASH_H 10 | # define GOSTHASH_H 11 | # include "gost89.h" 12 | # include 13 | 14 | # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) 15 | typedef __int64 ghosthash_len; 16 | # elif defined(__arch64__) 17 | typedef long ghosthash_len; 18 | # else 19 | typedef long long ghosthash_len; 20 | # endif 21 | 22 | typedef struct gost_hash_ctx { 23 | ghosthash_len len; 24 | gost_ctx *cipher_ctx; 25 | int left; 26 | byte H[32]; 27 | byte S[32]; 28 | byte remainder[32]; 29 | } gost_hash_ctx; 30 | 31 | /* Initalizes gost hash ctx, including creation of gost cipher ctx */ 32 | 33 | int init_gost_hash_ctx(gost_hash_ctx * ctx, 34 | const gost_subst_block * subst_block); 35 | void done_gost_hash_ctx(gost_hash_ctx * ctx); 36 | 37 | /* 38 | * Cleans up all fields, except cipher ctx preparing ctx for computing of new 39 | * hash value 40 | */ 41 | int start_hash(gost_hash_ctx * ctx); 42 | 43 | /* Hashes block of data */ 44 | int hash_block(gost_hash_ctx * ctx, const byte * block, size_t length); 45 | 46 | /* 47 | * Finalizes computation of hash and fills buffer (which should be at least 48 | * 32 bytes long) with value of computed hash. 49 | */ 50 | int finish_hash(gost_hash_ctx * ctx, byte * hashval); 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /gosthash2012.h: -------------------------------------------------------------------------------- 1 | /* 2 | * GOST R 34.11-2012 core functions definitions. 3 | * 4 | * Copyright (c) 2013 Cryptocom LTD. 5 | * This file is distributed under the same license as OpenSSL. 6 | * 7 | * Author: Alexey Degtyarev 8 | * 9 | */ 10 | 11 | #include 12 | 13 | #ifdef __SSE2__ 14 | # define __GOST3411_HAS_SSE2__ 15 | # if !defined(__x86_64__) && !defined(__e2k__) 16 | /* 17 | * x86-64 bit Linux and Windows ABIs provide malloc function that returns 18 | * 16-byte alignment memory buffers required by SSE load/store instructions. 19 | * Other platforms require special trick for proper gost2012_hash_ctx structure 20 | * allocation. It will be easier to switch to unaligned loadu/storeu memory 21 | * access instructions in this case. 22 | */ 23 | # define UNALIGNED_SIMD_ACCESS 24 | # pragma message "Use unaligned SIMD memory access" 25 | # endif 26 | #endif 27 | 28 | #ifdef __GOST3411_HAS_SSE2__ 29 | # if (__GNUC__ < 4) || (__GNUC__ == 4 && __GNUC_MINOR__ < 2) 30 | # undef __GOST3411_HAS_SSE2__ 31 | # endif 32 | #endif 33 | 34 | #ifndef L_ENDIAN 35 | # define __GOST3411_BIG_ENDIAN__ 36 | #endif 37 | 38 | #if defined __GOST3411_HAS_SSE2__ 39 | # include "gosthash2012_sse2.h" 40 | #else 41 | # include "gosthash2012_ref.h" 42 | #endif 43 | 44 | # if defined(__GNUC__) || defined(__clang__) 45 | # define RESTRICT __restrict__ 46 | # else 47 | # define RESTRICT 48 | # endif 49 | 50 | #ifdef _MSC_VER 51 | # define ALIGN(x) __declspec(align(x)) 52 | #else 53 | # define ALIGN(x) __attribute__ ((__aligned__(x))) 54 | #endif 55 | 56 | ALIGN(16) 57 | typedef union uint512_u { 58 | unsigned long long QWORD[8]; 59 | unsigned char B[64]; 60 | } uint512_u; 61 | 62 | #include "gosthash2012_const.h" 63 | #include "gosthash2012_precalc.h" 64 | 65 | /* GOST R 34.11-2012 hash context */ 66 | typedef struct gost2012_hash_ctx { 67 | union uint512_u buffer; 68 | union uint512_u h; 69 | union uint512_u N; 70 | union uint512_u Sigma; 71 | size_t bufsize; 72 | unsigned int digest_size; 73 | } gost2012_hash_ctx; 74 | 75 | void init_gost2012_hash_ctx(gost2012_hash_ctx * CTX, 76 | const unsigned int digest_size); 77 | void gost2012_hash_block(gost2012_hash_ctx * CTX, 78 | const unsigned char *data, size_t len); 79 | void gost2012_finish_hash(gost2012_hash_ctx * CTX, unsigned char *digest); 80 | -------------------------------------------------------------------------------- /gosthash2012_ref.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Portable implementation of core functions for GOST R 34.11-2012. 3 | * 4 | * Copyright (c) 2013 Cryptocom LTD. 5 | * This file is distributed under the same license as OpenSSL. 6 | * 7 | * Author: Alexey Degtyarev 8 | * 9 | */ 10 | 11 | #ifdef __GOST3411_HAS_SSE2__ 12 | # error "GOST R 34.11-2012: portable implementation disabled in config.h" 13 | #endif 14 | 15 | #define X(x, y, z) { \ 16 | z->QWORD[0] = x->QWORD[0] ^ y->QWORD[0]; \ 17 | z->QWORD[1] = x->QWORD[1] ^ y->QWORD[1]; \ 18 | z->QWORD[2] = x->QWORD[2] ^ y->QWORD[2]; \ 19 | z->QWORD[3] = x->QWORD[3] ^ y->QWORD[3]; \ 20 | z->QWORD[4] = x->QWORD[4] ^ y->QWORD[4]; \ 21 | z->QWORD[5] = x->QWORD[5] ^ y->QWORD[5]; \ 22 | z->QWORD[6] = x->QWORD[6] ^ y->QWORD[6]; \ 23 | z->QWORD[7] = x->QWORD[7] ^ y->QWORD[7]; \ 24 | } 25 | 26 | # define __XLPS_FOR for (_i = 0; _i <= 7; _i++) 27 | #ifndef __GOST3411_BIG_ENDIAN__ 28 | # define _datai _i 29 | #else 30 | # define _datai 7 - _i 31 | #endif 32 | 33 | #define XLPS(x, y, data) { \ 34 | register unsigned long long r0, r1, r2, r3, r4, r5, r6, r7; \ 35 | int _i; \ 36 | \ 37 | r0 = x->QWORD[0] ^ y->QWORD[0]; \ 38 | r1 = x->QWORD[1] ^ y->QWORD[1]; \ 39 | r2 = x->QWORD[2] ^ y->QWORD[2]; \ 40 | r3 = x->QWORD[3] ^ y->QWORD[3]; \ 41 | r4 = x->QWORD[4] ^ y->QWORD[4]; \ 42 | r5 = x->QWORD[5] ^ y->QWORD[5]; \ 43 | r6 = x->QWORD[6] ^ y->QWORD[6]; \ 44 | r7 = x->QWORD[7] ^ y->QWORD[7]; \ 45 | \ 46 | \ 47 | __XLPS_FOR {\ 48 | data->QWORD[_datai] = Ax[0][r0 & 0xFF]; \ 49 | data->QWORD[_datai] ^= Ax[1][r1 & 0xFF]; \ 50 | data->QWORD[_datai] ^= Ax[2][r2 & 0xFF]; \ 51 | data->QWORD[_datai] ^= Ax[3][r3 & 0xFF]; \ 52 | data->QWORD[_datai] ^= Ax[4][r4 & 0xFF]; \ 53 | data->QWORD[_datai] ^= Ax[5][r5 & 0xFF]; \ 54 | data->QWORD[_datai] ^= Ax[6][r6 & 0xFF]; \ 55 | data->QWORD[_datai] ^= Ax[7][r7 & 0xFF]; \ 56 | r0 >>= 8; \ 57 | r1 >>= 8; \ 58 | r2 >>= 8; \ 59 | r3 >>= 8; \ 60 | r4 >>= 8; \ 61 | r5 >>= 8; \ 62 | r6 >>= 8; \ 63 | r7 >>= 8; \ 64 | }\ 65 | } 66 | 67 | #define ROUND(i, Ki, data) { \ 68 | XLPS(Ki, (&C[i]), Ki); \ 69 | XLPS(Ki, data, data); \ 70 | } 71 | -------------------------------------------------------------------------------- /gostsum.1: -------------------------------------------------------------------------------- 1 | .\" Hey, Emacs! This is an -*- nroff -*- source file. 2 | .TH GOSTSUM 1 "02 Aug 2017" "Openssl" "Debian GNU/Linux" 3 | .SH NAME 4 | gostsum \- generates or checks GOST R34.11-94 message digests 5 | 6 | .SH SYNOPSIS 7 | .B gostsum 8 | [\-bvt] [\-c [file]] | [file...] 9 | 10 | .SH DESCRIPTION 11 | .B gostsum 12 | generates or checks GOST hash sums. The algorithm to generate the 13 | is reasonably fast and strong enough for most cases. Exact 14 | specification of the algorithm is in 15 | .I GOST R34.11-94. 16 | 17 | Normally 18 | .B gostsum 19 | generates checksums of all files given to it as a parameter and prints 20 | the checksums followed by the filenames. If, however, 21 | .B \-c 22 | is specified, only one filename parameter is allowed. This file should 23 | contain checksums and filenames to which these checksums refer to, and 24 | the files listed in that file are checked against the checksums listed 25 | there. See option 26 | .B \-c 27 | for more information. 28 | 29 | .SS OPTIONS 30 | .TP 31 | .B \-b 32 | Use binary mode. In unix environment, only difference between this and 33 | the normal mode is an asterisk preceding the filename in the output. 34 | .TP 35 | .B \-c 36 | Check gost hashes of all files listed in 37 | .I file 38 | against the checksum listed in the same file. The actual format of that 39 | file is the same as output of 40 | .B md5sum. 41 | That is, each line in the file describes a file. A line looks like: 42 | 43 | .B 44 | 45 | So, for example, if a file was created and its message digest calculated 46 | like so: 47 | 48 | .B echo foo > hash\-test\-file; gostsum hash\-test\-file 49 | 50 | .B gostsum 51 | would report: 52 | 53 | 1541e09d0aa5971f732991ae1bdfb63f2609edd7536b40f8c2ae7c1e2f99e072 hash-test-file 54 | 55 | .TP 56 | .B \-v 57 | Be more verbose. Print filenames when checking (with \-c). 58 | 59 | .TP 60 | .B -t 61 | Use test parameter set. 62 | .B gostsum supports two sets of parameters (which are really parameters 63 | of GOST 28147-89 block cipher) specified in the IETF draft 64 | .B draft-popov-cryptopro-cpalgs-02.txt 65 | By default, cryptopro paramset is used. This option enables use of test 66 | paramset as specified in appendices to the GOST. 67 | 68 | .SH CAVEATS 69 | 70 | The output of gost12sum has a reversed byte order compared to output of 71 | .B openssl dgst 72 | command because of the Russian GOST requrements. 73 | 74 | .SH BUGS 75 | 76 | This manpage is not quite accurate and has formatting inconsistent 77 | with other manpages. 78 | 79 | .B gostsum 80 | does not accept standard options like 81 | .BR \-\-help . 82 | 83 | .SH AUTHOR 84 | Victor Wagner 85 | 86 | -------------------------------------------------------------------------------- /openssl_wrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | OPENSSLDIR=`pwd`/../openssl 4 | export LD_LIBRARY_PATH=$OPENSSLDIR 5 | OPENSSL_CONF=`pwd`/engine.conf $GDB $OPENSSLDIR/apps/openssl $@ 6 | -------------------------------------------------------------------------------- /tcl_tests/097.ciphers: -------------------------------------------------------------------------------- 1 | rsa:1024 { 2 | DHE-RSA-AES256-SHA tls-ref-097.lan.cryptocom.ru:443 3 | SSLv2:DES-CBC3-MD5 tls-ref-097.lan.cryptocom.ru:4402 4 | SSLv3:DES-CBC-SHA tls-ref-097.lan.cryptocom.ru:4403 5 | RC4-SHA tls-ref-097.lan.cryptocom.ru:4404 6 | } 7 | 8 | dsa:dsaparams.pem { 9 | DHE-DSS-AES256-SHA tls-ref-097.lan.cryptocom.ru:444 10 | SSLv3:EDH-DSS-DES-CBC3-SHA tls-ref-097.lan.cryptocom.ru:4401 11 | } 12 | -------------------------------------------------------------------------------- /tcl_tests/098.ciphers: -------------------------------------------------------------------------------- 1 | rsa:1024 { 2 | DHE-RSA-AES256-SHA tls-ref-098.lan.cryptocom.ru:443 3 | SSLv2:DES-CBC3-MD5 tls-ref-098.lan.cryptocom.ru:4402 4 | SSLv3:DES-CBC-SHA tls-ref-098.lan.cryptocom.ru:4403 5 | RC4-SHA tls-ref-098.lan.cryptocom.ru:4404 6 | } 7 | 8 | dsa:dsaparams.pem { 9 | DHE-DSS-AES256-SHA tls-ref-098.lan.cryptocom.ru:444 10 | SSLv3:EDH-DSS-DES-CBC3-SHA tls-ref-098.lan.cryptocom.ru:4401 11 | } 12 | -------------------------------------------------------------------------------- /tcl_tests/_exists: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/_exists -------------------------------------------------------------------------------- /tcl_tests/aes0.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/aes0.enc -------------------------------------------------------------------------------- /tcl_tests/aes1.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/aes1.enc -------------------------------------------------------------------------------- /tcl_tests/apache.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | 5 | set test_dir [file normalize [file dirname [info script]]] 6 | 7 | cd $::test::dir 8 | start_tests "Тесты на API, используемый только в Apache" 9 | 10 | 11 | 12 | makeCA 13 | 14 | if {$tcl_platform(platform) eq "windows"} { 15 | # Add openssl dir to PATH 16 | set dlldir [file nativename [file normalize $test_dir/../../openssl]] 17 | set env(PATH) "$dlldir;$env(PATH)" 18 | } 19 | test "EVP_PKEY_copy_parameters gost94" { 20 | makeRegisteredUser "U_apache_94" gost94:A 21 | exec $test_dir/copy_param U_apache_94/seckey.pem U_apache_94/cert.pem 22 | } 0 "EVP_PKEY_missing_parameters before copy: 1 23 | EVP_PKEY_missing_parameters after copy: 0 24 | Check private key:Ok" 25 | 26 | test "EVP_PKEY_copy_parameters gost2001" { 27 | makeRegisteredUser "U_apache_94" gost2001:A 28 | exec $test_dir/copy_param U_apache_94/seckey.pem U_apache_94/cert.pem 29 | } 0 "EVP_PKEY_missing_parameters before copy: 1 30 | EVP_PKEY_missing_parameters after copy: 0 31 | Check private key:Ok" 32 | 33 | end_tests 34 | -------------------------------------------------------------------------------- /tcl_tests/calchash.tcl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require test 4 | 5 | if {$::tcl_platform(platform) eq "windows"} { 6 | set prefix {//laputa/dist/magpro/FSB_CryptoPack_21.1/binaries} 7 | } else { 8 | set prefix {/net/laputa/pub/magpro/FSB_CryptoPack_21.1/binaries} 9 | } 10 | set PREFIX_ENV_NAME CALCHASH_PREFIX 11 | if {$argc != 1} { 12 | puts stderr "Usage $argv0 path" 13 | puts stderr "This script tests programms prefix/path/calchach and prefix/path/gostsum." 14 | puts stderr "Defauld prefix is $prefix" 15 | puts stderr "Prefix can be changes by envirament veriable $PREFIX_ENV_NAME" 16 | exit 1 17 | } 18 | 19 | if {[info exist env($PREFIX_ENV_NAME)]} { 20 | set prefix $env($PREFIX_ENV_NAME) 21 | } 22 | set path [lindex $argv 0] 23 | 24 | set testdir [exec hostname]-hashes 25 | puts $testdir 26 | catch {file delete -force $testdir} 27 | file mkdir $testdir 28 | cd $testdir 29 | 30 | start_tests "Тесты для программ calchash и gostsum" 31 | 32 | test -createsfiles dgst.dat "calchash" { 33 | makeFile dgst.dat [string repeat "Test data to digest.\n" 100] binary 34 | string match *DB9232D96CAE7AABA817350EF6CF4C25604D8FD36965F78CEB3CE59FD31CCB2A [exec $prefix/$path/calchash dgst.dat] 35 | } 0 1 36 | 37 | test -platform unix "gostsum (paramset cryptopro-A)" { 38 | exec $prefix/$path/gostsum dgst.dat 39 | } 0 "5c8621c036f8636fa3ea711a78e5051f607c87b4b715482af74b2b1cce62e442 dgst.dat" 40 | 41 | 42 | test -platform unix "gostsum -t (paramset test)" { 43 | exec $prefix/$path/gostsum -t dgst.dat 44 | } 0 "db9232d96cae7aaba817350ef6cf4c25604d8fd36965f78ceb3ce59fd31ccb2a dgst.dat" 45 | 46 | 47 | end_tests 48 | -------------------------------------------------------------------------------- /tcl_tests/calcstat: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | if {$tcl_platform(platform) == "unix"} { 3 | fconfigure stdout -translation lf 4 | } 5 | lappend auto_path [file dirname [info script]] 6 | proc rus {string} { 7 | return $string 8 | } 9 | proc compare_order {el1 el2} { 10 | global order 11 | return [expr {$order($el1)-$order($el2)}] 12 | } 13 | set statsfile stats 14 | if {$argc} {set statsfile [lindex $argv 0]} 15 | set f [open $statsfile] 16 | fconfigure $f -encoding utf-8 17 | set ordno 0 18 | while {[gets $f line] >=0} { 19 | set script [lindex $line 0] 20 | set a($script) [lrange $line 1 end] 21 | if {![info exists order($script)]} { 22 | set order($script) [incr ordno] 23 | } 24 | } 25 | close $f 26 | 27 | proc output {line} { 28 | global out 29 | puts $line 30 | if {[info exists out]} { 31 | puts $out $line 32 | } 33 | } 34 | 35 | if {$argc > 1} { 36 | set out [open [lindex $argv 1] w] 37 | fconfigure $out -encoding utf-8 38 | } 39 | 40 | output [format "%-12s %-41s%5s %4s %4s %4s %4s" File "Test name" Total ok fail skip ign] 41 | output [string repeat "-" 79] 42 | array set gross {total 0 ok 0 fail 0 p_skip 0 c_skip 0} 43 | 44 | 45 | foreach script [lsort -command compare_order [array names a] ] { 46 | foreach {name total ok fail p_skip c_skip} $a($script) break 47 | output [format "%-12s %-41s%5d %4d %4d %4d %4d" [string range [file tail [file rootname $script]] 0 11] [string range $name 0 40] $total $ok $fail $p_skip $c_skip] 48 | incr gross(total) $total 49 | incr gross(ok) $ok 50 | incr gross(fail) $fail 51 | incr gross(p_skip) $p_skip 52 | incr gross(c_skip) $c_skip 53 | } 54 | 55 | output [string repeat "-" 79] 56 | output [format "%-54s%5d %4d %4d %4d %4d" Total $gross(total) $gross(ok) $gross(fail) $gross(p_skip) $gross(c_skip)] 57 | 58 | if {$gross(fail)} { 59 | exit 1 60 | } 61 | -------------------------------------------------------------------------------- /tcl_tests/cbc0.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/cbc0.enc -------------------------------------------------------------------------------- /tcl_tests/cbc1.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/cbc1.enc -------------------------------------------------------------------------------- /tcl_tests/cfb0.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/cfb0.enc -------------------------------------------------------------------------------- /tcl_tests/cfb1.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/cfb1.enc -------------------------------------------------------------------------------- /tcl_tests/ciphers.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | start_tests "Тесты на команду ciphers" 6 | 7 | proc find_ciphers {openssl_args globpattern} { 8 | set found [lsort [lsearch -all -inline [split [string trim [grep $globpattern [openssl $openssl_args] ] "\n" ] : ] "$globpattern*"] ] 9 | return $found 10 | } 11 | 12 | test "Проверяем поддержку российских алгоритмов в tls" { 13 | find_ciphers "ciphers" "GOST" 14 | } 0 {GOST2001-GOST89-GOST89 GOST2012-GOST8912-GOST8912} 15 | 16 | test "Проверяем поддержку российских алгоритмов без шифрования в tls" { 17 | find_ciphers "ciphers NULL" "GOST" 18 | } 0 {GOST2001-NULL-GOST94 GOST2012-NULL-GOST12} 19 | 20 | #test "Проверяем отсутствие российских алгоритмов в ssl2" { 21 | # find_ciphers "ciphers -ssl2" "GOST" 22 | #} 0 "" 23 | 24 | #test "Проверяем работоспособность команды ciphers" { 25 | # find_ciphers "ciphers AES" "AES" 26 | #} 0 {"ADH-AES256-SHA" 27 | #"DHE-RSA-AES256-SHA" 28 | #"DHE-DSS-AES256-SHA" 29 | #"AES256-SHA" 30 | #"ADH-AES128-SHA" 31 | #"DHE-RSA-AES128-SHA" 32 | #"DHE-DSS-AES128-SHA" 33 | #"AES128-SHA" 34 | #} 35 | 36 | 37 | end_tests 38 | 39 | -------------------------------------------------------------------------------- /tcl_tests/client.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | 4 | package require ossltest 5 | 6 | if {$argc != 1} { 7 | puts stderr "Usage $argv0 cipher-list-file" 8 | exit 1 9 | } 10 | 11 | array set protos { 12 | SSLv2 -ssl2 13 | SSLv3 -ssl3 14 | TLSv1 -tls1 15 | TLSv1.1 -tls1_1 16 | TLSv1.2 -tls1_2 17 | "default" {} 18 | } 19 | get_hosts [lindex $argv 0] 20 | cd $::test::dir 21 | start_tests "TLS-соединение от клиента [lindex $argv 0]" 22 | 23 | set CAhost lynx.lan.cryptocom.ru 24 | set CAprefix /cgi-bin/autoca 25 | 26 | 27 | foreach alg [array names hosts] { 28 | set alg2 [regsub {(gost\d+)cp} $alg {\1}] 29 | set alg_fn [string map {":" "_"} $alg2] 30 | set alg_ca [regexp -inline {^[^:]+} $alg] 31 | log "alg_fn=$alg_fn" 32 | if {[string match gost2001* $alg]} { 33 | set alg_cli_list "gost2001_A gost2001_XA" 34 | } elseif {[string match gost2012* $alg]} { 35 | set alg_cli_list "gost2001_A gost2012_256_A gost2012_256_XA gost2012_512_A gost2012_512_B" 36 | } else { 37 | set alg_cli_list $alg_ca 38 | } 39 | 40 | 41 | test -skip {[file exist ca_$alg_ca.pem]} "Получить сертификат $alg_ca CA" { 42 | getCAcert $CAhost $CAprefix $alg_ca 43 | } 0 "ca_$alg_ca.pem" 44 | 45 | test -skip {[file exist srv_$alg_fn/cert.pem]} "Получить сертификат $alg для сервера" { 46 | getCAAlgParams $CAhost $CAprefix $alg_ca 47 | if {![makeUser srv_$alg_fn $alg2 CN [info hostname]]} { 48 | error "Request generation failed" 49 | } 50 | registerUserAtCA srv_$alg_fn $CAhost $CAprefix $alg_ca 51 | file exists srv_$alg_fn/cert.pem 52 | } 0 1 53 | 54 | if {[array exists suites]} {array unset suites} 55 | array set suites $hosts($alg) 56 | foreach suite [array names suites] { 57 | if {![regexp {(.+):(.+)} $suite => proto cs]} { 58 | set cs $suite 59 | set proto "default" 60 | } 61 | if {[info exists suite_map($cs)]} { 62 | set mycs $suite_map($cs) 63 | } else { 64 | set mycs $cs 65 | } 66 | set host [lindex [split $suites($suite) :] 0] 67 | set host_short [lindex [split $host .] 0] 68 | # We assume that CA certificates are already copied into Apache 69 | # cert dir 70 | set ca_file "/etc/apache/ssl.crt/${alg_ca}-root.crt" 71 | 72 | test "Корректный хэндшейк $suite" { 73 | remote_client $host 74 | set list [client_server [list -connect [info hostname]:4433 \ 75 | -CAfile $ca_file -state -cipher $cs] \ 76 | [concat [list -www -cert srv_$alg_fn/cert.pem \ 77 | -key srv_$alg_fn/seckey.pem -cipher $mycs] $protos($proto)] {}] 78 | set cln_exit_code [lindex $list 2] 79 | set srv_error [string match "*error*" [lindex $list 4]] 80 | if {[regexp -lineanchor \ 81 | {^\s*Protocol\s*:\s*(\S*)\s*$.*^\s*Cipher\s*:\s*(\S*)\s*$} \ 82 | [lindex $list 0] -> result_proto result_cipher]} { 83 | if {$proto == "default"} {set result_proto "default"} 84 | list $cln_exit_code $srv_error $result_proto $result_cipher 85 | } else { 86 | lindex $list 1 87 | } 88 | } 0 [list 0 0 $proto $cs] 89 | 90 | 91 | test "Сервер требует сертификат, сертификата нет $suite" { 92 | remote_client $host 93 | set list [client_server [list -connect [info hostname]:4433 \ 94 | -CAfile $ca_file -state -cipher $cs] \ 95 | [concat [list -www -cert srv_$alg_fn/cert.pem \ 96 | -key srv_$alg_fn/seckey.pem -cipher $mycs -Verify 3 \ 97 | -verify_return_error] $protos($proto)] {}] 98 | string match "*error*" [lindex $list 4] 99 | } 0 1 100 | 101 | 102 | test "Некорректный клиентский сертфиикат $suite" { 103 | remote_client $host 104 | set list [client_server [list -connect [info hostname]:4433 \ 105 | -cert /home/build/client-$alg_ca/cert.pem \ 106 | -key /home/build/client-$alg_ca/seckey.pem \ 107 | -CAfile $ca_file -state -cipher $cs] \ 108 | [concat [list -www -cert srv_$alg_fn/cert.pem \ 109 | -key srv_$alg_fn/seckey.pem -cipher $mycs -Verify 3 \ 110 | -verify_return_error] $protos($proto)] {}] 111 | string match "*error*" [lindex $list 4] 112 | } 0 1 113 | 114 | 115 | 116 | foreach alg_cli $alg_cli_list { 117 | 118 | test "Клиентский сертификат $alg_cli $suite" { 119 | remote_client $host 120 | set list [client_server [list -connect [info hostname]:4433 \ 121 | -cert /home/build/client-$alg_cli/cert.pem \ 122 | -key /home/build/client-$alg_cli/seckey.pem \ 123 | -CAfile $ca_file -state -cipher $cs] \ 124 | [concat [list -www -cert srv_$alg_fn/cert.pem \ 125 | -key srv_$alg_fn/seckey.pem -CAfile ca_$alg_ca.pem \ 126 | -cipher $mycs -Verify 3 -verify_return_error] \ 127 | $protos($proto)] {}] 128 | set cln_exit_code [lindex $list 2] 129 | set srv_error [string match "*error*" [lindex $list 4]] 130 | if {[regexp -lineanchor \ 131 | {^\s*Protocol\s*:\s*(\S*)\s*$.*^\s*Cipher\s*:\s*(\S*)\s*$} \ 132 | [lindex $list 0] -> result_proto result_cipher]} { 133 | if {$proto == "default"} {set result_proto "default"} 134 | list $cln_exit_code $srv_error $result_proto $result_cipher 135 | } else { 136 | lindex $list 1 137 | } 138 | } 0 [list 0 0 $proto $cs] 139 | } 140 | } 141 | } 142 | end_tests 143 | -------------------------------------------------------------------------------- /tcl_tests/cms_io.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | set testname [file rootname [file tail $::argv0]] 6 | 7 | start_tests "Тесты на совместтимость cms и smime -sign" 8 | 9 | if {[info exists env(ALG_LIST)]} { 10 | set alg_list $env(ALG_LIST) 11 | } else { 12 | switch -exact [engine_name] { 13 | "ccore" {set alg_list {gost2001:A gost2001:B gost2001:C gost2012_256:A gost2012_256:B gost2012_256:C gost2012_512:A gost2012_512:B}} 14 | "open" {set alg_list {gost2001:A gost2001:B gost2001:C gost2012_256:A gost2012_256:B gost2012_256:C gost2012_512:A gost2012_512:B}} 15 | } 16 | } 17 | 18 | foreach alg $alg_list { 19 | set alg_fn [string map {":" "_"} $alg] 20 | set username U_cms_$alg_fn 21 | switch -glob $alg { 22 | gost2012* {set ::test::ca cmsCA-2012 23 | set ca_sign_alg hash_with_sign12_512 24 | } 25 | * {set ::test::ca cmsCA 26 | set ca_sign_alg hash_with_sign01_cp 27 | } 28 | } 29 | 30 | test -skip {![file exists cms_sign_$alg_fn.msg]} "Verifying a message signed with $alg without ca " { 31 | grep Veri [openssl "smime -verify -text -in cms_sign_$alg_fn.msg -out cms_verified.txt -noverify -certfile $username/cert.pem"] 32 | } 0 "Verification successful 33 | " 34 | 35 | test -skip {![file exists cms_sign_$alg_fn.msg]} "Verifying a message signed with $alg with ca" { 36 | grep Veri [openssl "smime -verify -text -in cms_sign_$alg_fn.msg -out cms_verified.txt -certfile $username/cert.pem -CAfile $::test::ca/cacert.pem"] 37 | } 0 "Verification successful 38 | " 39 | 40 | test -skip {![file exists cms_bad_$alg_fn.msg]} -createsfiles cms_verified.txt "Verifying corrupted messages signed with $alg" { 41 | grep Verification [openssl "smime -verify -text -in cms_bad_$alg_fn.msg -out cms_verified.txt -noverify -certfile $username/cert.pem"] 42 | } 1 "Verification failure" 43 | 44 | test -skip {![file exists cms_sign_c_$alg_fn.msg]} "Verifying a message signed with $alg having cert inside without ca" { 45 | grep Veri [openssl "smime -verify -text -in cms_sign_c_$alg_fn.msg -out cms_verified.txt -noverify"] 46 | } 0 "Verification successful 47 | " 48 | 49 | test -skip {![file exists cms_sign_c_$alg_fn.msg]} "Verifying a message signed with $alg having cert with ca" { 50 | grep Veri [openssl "smime -verify -text -in cms_sign_c_$alg_fn.msg -out cms_verified.txt -CAfile $::test::ca/cacert.pem"] 51 | } 0 "Verification successful 52 | " 53 | 54 | test -createsfiles cms_verified.txt -skip {![file exists cms_sign_op_$alg_fn.msg]} "Verifying a message signed by $alg having cert inside without ca" { 55 | grep Veri [openssl "smime -verify -text -in cms_sign_op_$alg_fn.msg -out cms_verified.txt -noverify"] 56 | } 0 "Verification successful 57 | " 58 | 59 | test -createsfiles cms_verified.txt -skip {![file exists cms_sign_op_$alg_fn.msg]} "Verifying a $alg opaque message with ca" { 60 | grep Veri [openssl "smime -verify -text -in cms_sign_op_$alg_fn.msg -out cms_verified.txt -CAfile $::test::ca/cacert.pem"] 61 | } 0 "Verification successful 62 | " 63 | 64 | test -skip {![file exists cms_broken_op_$alg_fn.msg]} "Verifying broken $alg opaque message" { 65 | grep Verification [openssl "smime -verify -text -in cms_broken_op_$alg_fn.msg -out cms_verified.txt -CAfile $::test::ca/cacert.pem"] 66 | } 1 "Verification failure" 67 | 68 | test -skip {![file exists cms_sign_det_$alg_fn.msg]} "Verifying detached $alg signature" { 69 | grep Veri [openssl "smime -verify -content cms_sign.dat -in cms_sign_det_$alg_fn.msg -out cms_verified.txt -noverify"] 70 | } 0 "Verification successful 71 | " 72 | 73 | test -skip {![file exists cms_sign_det_$alg_fn.msg]} -createsfiles {bad.dat} "Verifying corrupted $alg detached signature" { 74 | makeFile bad.dat [regsub Test [getFile cms_sign.dat] Best] 75 | grep Verification [openssl "smime -verify -content bad.dat -in cms_sign_det_$alg_fn.msg -out cms_verified.txt -CAfile $::test::ca/cacert.pem"] 76 | } 1 "Verification failure" 77 | 78 | 79 | } 80 | end_tests 81 | -------------------------------------------------------------------------------- /tcl_tests/cmsenc_io.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | set testname [file rootname [file tail $::argv0]] 6 | 7 | start_tests "Тесты на совместимость cms и smime -encrypt" 8 | proc make_fn {alg} { 9 | return [string map {":" "_"} $alg] 10 | } 11 | 12 | proc map {str list} { 13 | set result {} 14 | foreach a $list { 15 | lappend result [subst $str] 16 | } 17 | return $result 18 | } 19 | 20 | if {![info exist env(NO_RSA)]} { 21 | 22 | test -createsfiles io_cms_decrypt.rsa "RSA User 2 (with cert) can decrypt message for RSA user 2" { 23 | set expected [getFile encrypt.dat] 24 | openssl "smime -decrypt -in cms_enc_rsa.msg -recip U_cms_enc_rsa_2/cert.pem -inkey U_cms_enc_rsa_2/seckey.pem -out io_cms_decrypt.rsa" 25 | set result [getFile io_cms_decrypt.rsa] 26 | string eq $expected $result 27 | } 0 1 28 | 29 | test -createsfiles io_cms_decrypt_nocert.rsa "RSA User 2 (without cert) can decrypt message for RSA user 2" { 30 | set expected [getFile encrypt.dat] 31 | openssl "smime -decrypt -in cms_enc_rsa.msg -inkey U_cms_enc_rsa_2/seckey.pem -out io_cms_decrypt_nocert.rsa" 32 | set result [getFile io_cms_decrypt_nocert.rsa] 33 | string eq $expected $result 34 | } 0 1 35 | } 36 | 37 | 38 | if {[info exist env(ENC_LIST)]} { 39 | set enc_list $env(ENC_LIST) 40 | } else { 41 | switch -exact [engine_name] { 42 | "ccore" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2001:XA: gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_256:XA: gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1 gost2012_512:A:}} 43 | "open" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2001:XA: gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_256:XA: gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1 gost2012_512:A:}} 44 | } 45 | } 46 | 47 | foreach enc_tuple $enc_list { 48 | if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} { 49 | set alg $enc_tuple 50 | set crypt_param {} 51 | } 52 | set alg_fn [make_fn $enc_tuple] 53 | set username U_cms_enc_$alg_fn 54 | switch -glob $alg { 55 | gost2012* {set ::test::ca ${testname}CA-2012} 56 | * {set ::test::ca ${testname}CA} 57 | } 58 | 59 | test -createsfiles io_cms_decrypt.$alg_fn "Decrypting file encrypted for $username" { 60 | set expected [getFile encrypt.dat] 61 | openssl "smime -decrypt -in cms_enc_$alg_fn.msg -recip U_cms_enc_$alg_fn/cert.pem -inkey U_cms_enc_$alg_fn/seckey.pem -out io_cms_decrypt.$alg_fn" 62 | set result [getFile io_cms_decrypt.$alg_fn] 63 | string eq $expected $result 64 | } 0 1 65 | 66 | test -createsfiles io_cms_decrypt_t.$alg_fn "Decrypting file text-encrypted for $username" { 67 | set expected [getFile encrypt.dat] 68 | openssl "smime -decrypt -text -in cms_enc_t_$alg_fn.msg -recip U_cms_enc_$alg_fn/cert.pem -inkey U_cms_enc_$alg_fn/seckey.pem -out io_cms_decrypt_t.$alg_fn" 69 | set result [getFile io_cms_decrypt_t.$alg_fn] 70 | string eq $expected $result 71 | } 0 1 72 | 73 | test -createsfiles io_cms_decrypt_t_nocert.$alg_fn "Decrypting file text-encrypted for $username without cert" { 74 | set expected [getFile encrypt.dat] 75 | openssl "smime -decrypt -text -in cms_enc_t_$alg_fn.msg -inkey U_cms_enc_$alg_fn/seckey.pem -out io_cms_decrypt_t_nocert.$alg_fn" 76 | set result [getFile io_cms_decrypt_t_nocert.$alg_fn] 77 | string eq $expected $result 78 | } 0 1 79 | 80 | } 81 | 82 | 83 | foreach enc_tuple $enc_list { 84 | if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} { 85 | set alg $enc_tuple 86 | set crypt_param {} 87 | } 88 | set alg_fn [make_fn $enc_tuple] 89 | set username U_cms_enc_$alg_fn 90 | 91 | test -skip {![file exists cms_enc_4all.msg]} -createsfiles io_cms_decrypt_4all.$alg_fn "Decrypting gost-encrypted file, recipient $alg_fn" { 92 | set expected [getFile encrypt.dat] 93 | openssl "smime -decrypt -in cms_enc_4all.msg -recip $username/cert.pem -inkey $username/seckey.pem -out io_cms_decrypt_4all.$alg_fn" 94 | set result [getFile io_cms_decrypt_4all.$alg_fn] 95 | string eq $expected $result 96 | } 0 1 97 | 98 | test -skip {![file exists cms_enc_4all.msg]} -createsfiles io_cms_decrypt_4all_nocert.$alg_fn "Decrypting gost-encrypted file without cert, recipient $alg_fn" { 99 | set expected [getFile encrypt.dat] 100 | openssl "smime -decrypt -in cms_enc_4all.msg -inkey $username/seckey.pem -out io_cms_decrypt_4all_nocert.$alg_fn" 101 | set result [getFile io_cms_decrypt_4all_nocert.$alg_fn] 102 | string eq $expected $result 103 | } 0 1 104 | 105 | } 106 | 107 | end_tests 108 | -------------------------------------------------------------------------------- /tcl_tests/cmstc262019.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | 3 | lappend auto_path [file dirname [info script]] 4 | package require ossltest 5 | file delete -force $::test::dir/tc26_cms 6 | file copy -force tc26_cms $::test::dir 7 | cd $::test::dir 8 | set plain_str [getFile ./tc26_cms/plain/text_decrypted.plain] 9 | 10 | start_tests "CMS tests, TC26 examples" 11 | 12 | #BUILD_AT=obj_mid.l64/ ./openssl_wrap.sh cms -verify -in ../standalone-test/tc26_cms/signed_a111.pem -inform PEM -noverify 13 | #BUILD_AT=obj_mid.l64/ ./openssl_wrap.sh cms -verify -in ../standalone-test/tc26_cms/signed_a121.pem -inform PEM -noverify 14 | 15 | test "Signed data, 512 bits, signed attributes" { 16 | grep "Verification successful" [openssl "cms -verify -in tc26_cms/signed_a111.pem -inform PEM -noverify"] 17 | } 0 "CMS Verification successful 18 | " 19 | 20 | test "Signed data, 256 bits, no signed attributes" { 21 | grep "Verification successful" [openssl "cms -verify -in tc26_cms/signed_a121.pem -inform PEM -noverify"] 22 | } 0 "CMS Verification successful 23 | " 24 | 25 | test "Digested data, 256 bits" { 26 | grep "Verification successful" [openssl "cms -digest_verify -in tc26_cms/hashed_a311.pem -inform PEM -out hashed_a311.out"] 27 | } 0 "Verification successful 28 | " 29 | 30 | test "Digested data, 512 bits" { 31 | grep "Verification successful" [openssl "cms -digest_verify -in tc26_cms/hashed_a321.pem -inform PEM -out hashed_a321.out"] 32 | } 0 "Verification successful 33 | " 34 | 35 | test "CMS decrypt, Kuznyechik ACPKM+OMAC, KeyAgreement" { 36 | grep "Enveloped" [openssl "cms -decrypt -debug_decrypt -in ./tc26_cms/encrypted_keyagree_a211.pem -inform PEM -inkey ./tc26_cms/recipient512_key.pem -recip ./tc26_cms/recipient512_cert.pem -originator ./tc26_cms/sender512_cert.pem"] 37 | } 0 $plain_str 38 | 39 | test "CMS decrypt, Magma ACPKM, KeyAgreement" { 40 | grep "Enveloped" [openssl "cms -decrypt -debug_decrypt -in ./tc26_cms/encrypted_keyagree_a221.pem -inform PEM -inkey ./tc26_cms/recipient256_key.pem -recip ./tc26_cms/recipient256_cert.pem -originator ./tc26_cms/sender256_cert.pem"] 41 | } 0 $plain_str 42 | 43 | test "CMS decrypt, Kuznyechik ACPKM, KeyTrans" { 44 | grep "Enveloped" [openssl "cms -decrypt -in ./tc26_cms/encrypted_keytrans_a231.pem -inform PEM -inkey ./tc26_cms/recipient256_key.pem"] 45 | } 0 $plain_str 46 | 47 | test "CMS decrypt, Magma ACPKM+OMAC, KeyTrans" { 48 | grep "Enveloped" [openssl "cms -decrypt -debug_decrypt -in ./tc26_cms/encrypted_keytrans_a241.pem -inform PEM -inkey ./tc26_cms/recipient512_key.pem "] 49 | } 0 $plain_str 50 | 51 | end_tests 52 | -------------------------------------------------------------------------------- /tcl_tests/cnt0.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/cnt0.enc -------------------------------------------------------------------------------- /tcl_tests/cnt1.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/cnt1.enc -------------------------------------------------------------------------------- /tcl_tests/cp10.ciphers: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/cp10.ciphers -------------------------------------------------------------------------------- /tcl_tests/cp20.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 tls-ref-cp20.lan.cryptocom.ru:443 3 | GOST2001-NULL-GOST94 tls-ref-cp20.lan.cryptocom.ru:4401 4 | } 5 | rsa:1024 { 6 | DHE-RSA-AES256-SHA tls-ref-cp20.lan.cryptocom.ru:4407 7 | RC4-SHA tls-ref-cp20.lan.cryptocom.ru:4408 8 | } 9 | -------------------------------------------------------------------------------- /tcl_tests/cp21.ciphers: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/cp21.ciphers -------------------------------------------------------------------------------- /tcl_tests/csp3.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp3-srv.vm.cryptocom.ru:443:iis 3 | } 4 | 5 | -------------------------------------------------------------------------------- /tcl_tests/csp36.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp36-srv.vm.cryptocom.ru:443:iis 3 | } 4 | 5 | -------------------------------------------------------------------------------- /tcl_tests/csp36r2.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp36r2-srv.vm.cryptocom.ru:443:iis 3 | } 4 | 5 | -------------------------------------------------------------------------------- /tcl_tests/csp36r3.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp36r3-srv.vm.cryptocom.ru:443:iis 3 | } 4 | 5 | -------------------------------------------------------------------------------- /tcl_tests/csp36r4.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp36r4-srv.vm.cryptocom.ru:443:iis 3 | } 4 | 5 | -------------------------------------------------------------------------------- /tcl_tests/csp39.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp39-srv.vm.cryptocom.ru:443:iis 3 | } 4 | 5 | -------------------------------------------------------------------------------- /tcl_tests/csp4.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp4-01.vm.cryptocom.ru:443:iis 3 | GOST2012-GOST8912-GOST8912 v-cp4-01.vm.cryptocom.ru:443:iis 4 | } 5 | gost2012_256:XA { 6 | GOST2012-GOST8912-GOST8912 v-cp4-12S.vm.cryptocom.ru:443:iis 7 | } 8 | gost2012_512:A { 9 | GOST2012-GOST8912-GOST8912 v-cp4-12L.vm.cryptocom.ru:443:iis 10 | } 11 | -------------------------------------------------------------------------------- /tcl_tests/csp4r2.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp4r2-01.vm.cryptocom.ru:443:iis 3 | GOST2012-GOST8912-GOST8912 v-cp4r2-01.vm.cryptocom.ru:443:iis 4 | } 5 | gost2012_256:XA { 6 | GOST2012-GOST8912-GOST8912 v-cp4r2-12S.vm.cryptocom.ru:443:iis 7 | } 8 | gost2012_512:A { 9 | GOST2012-GOST8912-GOST8912 v-cp4r2-12L.vm.cryptocom.ru:443:iis 10 | } 11 | -------------------------------------------------------------------------------- /tcl_tests/csp4r3.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp4r3-01.vm.cryptocom.ru:443:iis 3 | GOST2012-GOST8912-GOST8912 v-cp4r3-01.vm.cryptocom.ru:443:iis 4 | } 5 | gost2012_256:XA { 6 | TLSv1:GOST2012-GOST8912-GOST8912 v-cp4r3-12S.vm.cryptocom.ru:443:iis 7 | TLSv1.1:GOST2012-GOST8912-GOST8912 v-cp4r3-12S.vm.cryptocom.ru:443:iis 8 | TLSv1.2:GOST2012-GOST8912-GOST8912 v-cp4r3-12S.vm.cryptocom.ru:443:iis 9 | } 10 | gost2012_512:A { 11 | TLSv1:GOST2012-GOST8912-GOST8912 v-cp4r3-12L.vm.cryptocom.ru:443:iis 12 | TLSv1.1:GOST2012-GOST8912-GOST8912 v-cp4r3-12L.vm.cryptocom.ru:443:iis 13 | TLSv1.2:GOST2012-GOST8912-GOST8912 v-cp4r3-12L.vm.cryptocom.ru:443:iis 14 | } 15 | -------------------------------------------------------------------------------- /tcl_tests/csp5.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-cp5-01.vm.cryptocom.ru:443:iis 3 | GOST2012-GOST8912-GOST8912 v-cp5-01.vm.cryptocom.ru:443:iis 4 | } 5 | gost2012_256:XA { 6 | TLSv1:GOST2012-GOST8912-GOST8912 v-cp5-12S.vm.cryptocom.ru:443:iis 7 | TLSv1.1:GOST2012-GOST8912-GOST8912 v-cp5-12S.vm.cryptocom.ru:443:iis 8 | TLSv1.2:GOST2012-GOST8912-GOST8912 v-cp5-12S.vm.cryptocom.ru:443:iis 9 | TLSv1.2:GOST2012-KUZNYECHIK-KUZNYECHIKOMAC v-cp5-12S.vm.cryptocom.ru:443:iis 10 | TLSv1.2:GOST2012-MAGMA-MAGMAOMAC v-cp5-12S.vm.cryptocom.ru:443:iis 11 | } 12 | gost2012_512:A { 13 | TLSv1:GOST2012-GOST8912-GOST8912 v-cp5-12L.vm.cryptocom.ru:443:iis 14 | TLSv1.1:GOST2012-GOST8912-GOST8912 v-cp5-12L.vm.cryptocom.ru:443:iis 15 | TLSv1.2:GOST2012-GOST8912-GOST8912 v-cp5-12L.vm.cryptocom.ru:443:iis 16 | TLSv1.2:GOST2012-KUZNYECHIK-KUZNYECHIKOMAC v-cp5-12L.vm.cryptocom.ru:443:iis 17 | TLSv1.2:GOST2012-MAGMA-MAGMAOMAC v-cp5-12L.vm.cryptocom.ru:443:iis 18 | } 19 | -------------------------------------------------------------------------------- /tcl_tests/dgst_CF.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/dgst_CF.dat -------------------------------------------------------------------------------- /tcl_tests/dgst_ex1.dat: -------------------------------------------------------------------------------- 1 | 012345678901234567890123456789012345678901234567890123456789012 -------------------------------------------------------------------------------- /tcl_tests/dgst_ex2.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/dgst_ex2.dat -------------------------------------------------------------------------------- /tcl_tests/engine.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | start_tests "Тесты на команду engine" 6 | 7 | switch -exact [engine_name] { 8 | "ccore" {set list " \[RAND, gost89, gost89-cnt, gost89-cnt-12, gost89-cbc, id-tc26-cipher-gostr3412-2015-magma-ctracpkm, magma-ctr, magma-ofb, magma-ecb, magma-cbc, magma-cfb, grasshopper-ecb, grasshopper-cbc, grasshopper-ofb, grasshopper-cfb, grasshopper-ctr, id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm, md_gost94, gost-mac, md_gost12_256, md_gost12_512, gost-mac-12, gost2001, id-GostR3410-2001DH, gost-mac, gost2012_256, gost2012_512, gost-mac-12\]\n"} 9 | "open" {set list "(gost) Reference implementation of GOST engine\n \[gost89, gost89-cnt, gost89-cnt-12, gost89-cbc, kuznyechik-ecb, kuznyechik-cbc, kuznyechik-cfb, kuznyechik-ofb, kuznyechik-ctr, magma-ecb, kuznyechik-mgm, magma-cbc, magma-ctr, magma-ctr-acpkm, magma-ctr-acpkm-omac, magma-mgm, kuznyechik-ctr-acpkm, kuznyechik-ctr-acpkm-omac, magma-kexp15, kuznyechik-kexp15, md_gost94, gost-mac, md_gost12_256, md_gost12_512, gost-mac-12, magma-mac, kuznyechik-mac, kuznyechik-ctr-acpkm-omac, magma-ctr-acpkm-omac, gost2001, id-GostR3410-2001DH, gost-mac, gost2012_256, gost2012_512, gost-mac-12, magma-mac, kuznyechik-mac, magma-ctr-acpkm-omac, kuznyechik-ctr-acpkm-omac]\n"} 10 | } 11 | 12 | 13 | makeFile no_engine.cnf [regsub -all "\n\\s*engines\\s*=\\s*engines_section\[\^\n]*" [getConfig] ""] 14 | 15 | save_env2 {OPENSSL_CONF} 16 | set env(OPENSSL_CONF) [file join [pwd] no_engine.cnf] 17 | 18 | test "Проверяем поддержку российских алгоритмов" { 19 | grep "gost" [openssl "engine -c $env(ENGINE_NAME)"] 20 | } 0 $list 21 | 22 | if {[engine_name] == "ccore"} { 23 | test "Получение списка конфигурационных параметров" { 24 | openssl "engine -v cryptocom" 25 | } 0 "(cryptocom) Cryptocom GOST engine 26 | RNG, RNG_PARAMS, CRYPT_PARAMS, CCENGINE_LICENSE, GOST_PBE_HMAC 27 | " 28 | } 29 | 30 | restore_env2 {OPENSSL_CONF} 31 | 32 | end_tests 33 | -------------------------------------------------------------------------------- /tcl_tests/enums.tcl: -------------------------------------------------------------------------------- 1 | set f [open enums2tcl.c w] 2 | puts $f "#include \"../ccore/ccapi.h\"" 3 | puts $f "#include \"../ccore/ccrdscb.h\"" 4 | puts $f "#include " 5 | puts $f "int main (void) {" 6 | set inc [open ../ccore/ccapi.h r] 7 | while {[gets $inc line] >= 0} { 8 | if [regexp {\bcc_rc_\w+} $line code] { 9 | puts $f "printf(\"set $code %d\\n\", $code);" 10 | } 11 | } 12 | close $inc 13 | set inc [open ../ccore/ccrdscb.h r] 14 | while {[gets $inc line] >= 0} { 15 | if [regexp {\bcc_rds_cb_(rc|op|stage)_\w+} $line code] { 16 | puts $f "printf(\"set $code %d\\n\", $code);" 17 | } 18 | } 19 | close $inc 20 | puts $f "return 0;" 21 | puts $f "}" 22 | close $f 23 | 24 | -------------------------------------------------------------------------------- /tcl_tests/getengine.tcl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path . 3 | package require ossltest 4 | 5 | proc getConfigLine {var {section ""}} { 6 | global config 7 | if {[string length $section]} { 8 | if {[regexp -indices "\n\\s*\\\[\\s*$section\\s*\\\]\\s*\n" $config start]} { 9 | set start [lindex $start 1] 10 | } else { 11 | return -code error "Section $section is not found" 12 | } 13 | } else { 14 | set start 0 15 | } 16 | if {[regexp -indices "\n\\s*\\\[\[^\n\]+\\\]\\s*\n" [string range $config $start end] end]} { 17 | set end [expr $start+[lindex $end 0]] 18 | } else { 19 | set end end 20 | } 21 | if {![regexp "\n\\s*$var\\s*=\\s*(\\S\[^\n\]+?)\\s*\n" "\n[string range $config $start $end]" => value]} { 22 | return -code error "No variable $var in section $section" 23 | } 24 | return $value 25 | } 26 | 27 | set config [getConfig] 28 | 29 | set openssl_def [getConfigLine openssl_conf] 30 | 31 | set engine_section [getConfigLine {[^#]+} [getConfigLine engines $openssl_def ]] 32 | 33 | puts [getConfigLine engine_id $engine_section] 34 | 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /tcl_tests/http.tcl: -------------------------------------------------------------------------------- 1 | # 2 | # Получает в командной строке URL и (опционально) строку для поиска 3 | # сертификата. Выполняет HTTP-запрос и возрвщает результат 4 | # В строке для поиска сертификата можно использовать прямые слэши вместо 5 | # обратных. 6 | 7 | if {!$argc || $argc>2} { 8 | puts stderr "Usage $argv0 url \[cert-spec\]" 9 | } 10 | 11 | set url [lindex $argv 0] 12 | if {$argc==2} { 13 | set certspec [string map {/ \\} [lindex $argv 1]] 14 | } 15 | 16 | 17 | puts Started 18 | 19 | package require tcom 20 | set hh [::tcom::ref createobject WinHttp.WinHttpRequest.5.1] 21 | $hh Open GET $url 0 22 | if {[info exists certspec]} { 23 | puts "Setting Client Certificate $certspec" 24 | $hh SetClientCertificate $certspec 25 | } 26 | $hh Send 27 | puts [$hh ResponseText] 28 | -------------------------------------------------------------------------------- /tcl_tests/kbstrike.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/kbstrike.exe -------------------------------------------------------------------------------- /tcl_tests/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN ENCRYPTED PRIVATE KEY----- 2 | MIGMMEAGCSqGSIb3DQEFDTAzMBsGCSqGSIb3DQEFDDAOBAi26UdKOFk+lgICCAAw 3 | FAYIKoZIhvcNAwcECGp4Z7XaD/vABEgfBlfcpKTWrDqMjzd2qra/uR5u+ogSKp3b 4 | CBLudt8opsMfrCrIUJk6NpTP1BVPa4nYqqKePWIY7p6S3pSxQWBkhsWmM7G3K/w= 5 | -----END ENCRYPTED PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/mac-grasshopper.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/mac-grasshopper.dat -------------------------------------------------------------------------------- /tcl_tests/mac-magma.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/mac-magma.dat -------------------------------------------------------------------------------- /tcl_tests/macpkm1.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/macpkm1.enc -------------------------------------------------------------------------------- /tcl_tests/magma1.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/magma1.enc -------------------------------------------------------------------------------- /tcl_tests/magma_acpkm_plain.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/magma_acpkm_plain.enc -------------------------------------------------------------------------------- /tcl_tests/magma_enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/magma_enc -------------------------------------------------------------------------------- /tcl_tests/magma_plain: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/magma_plain -------------------------------------------------------------------------------- /tcl_tests/magma_plain.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/magma_plain.enc -------------------------------------------------------------------------------- /tcl_tests/make_other.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Создает подкаталог OtherVersion, копирует в него данные для тестирования 4 | # совместимости с другими версиями. 5 | # Данные берутся из результатов прогона тестов для открытого энжина 6 | # (поскольку именно он гарантированно умеет все нужные алгоритмы, 7 | # включая устаревшие). 8 | 9 | TESTDIR=`hostname`-gost 10 | SAVEDIR=OtherVersion 11 | if ! [ -d ${TESTDIR} ]; then 12 | echo $TESTDIR does not exist. 13 | exit 1 14 | fi 15 | [ -d ${SAVEDIR} ] && rm -fr ${SAVEDIR} 16 | mkdir ${SAVEDIR} 17 | cd ${TESTDIR} 18 | cp -rp enc.enc enc.dat ../$SAVEDIR 19 | cp -rp smimeCA test.crl test_crl_cacert.pem ../$SAVEDIR 20 | cp -rp U_smime_* sign_*.msg ../$SAVEDIR 21 | cp -rp cmsCA U_cms_* cms_sign_*.msg ../$SAVEDIR 22 | cp -rp U_pkcs12_* ../$SAVEDIR 23 | cp -rp encrypt.dat U_enc_* enc_*.msg ../$SAVEDIR 24 | cp -rp U_cms_enc_* cms_enc_*.msg ../$SAVEDIR 25 | -------------------------------------------------------------------------------- /tcl_tests/mkn2o.tcl: -------------------------------------------------------------------------------- 1 | proc oid {oid name types} { 2 | global new_name2oid 3 | set new_name2oid($name) $oid 4 | } 5 | 6 | source [lindex $argv 0] 7 | source name2oid.tcl 8 | 9 | set differ 0 10 | foreach name [array names name2oid] { 11 | if {![info exists new_name2oid($name)] || $new_name2oid($name) != $name2oid($name)} {set differ 1} 12 | } 13 | if {!$differ} { 14 | foreach name [array names new_name2oid] { 15 | if {![info exists name2oid($name)]} {set differ 1} 16 | } 17 | } 18 | 19 | if {$differ} { 20 | set n2of [open name2oid.tcl w] 21 | puts $n2of "array set name2oid {" 22 | foreach name [lsort [array names new_name2oid]] { 23 | puts $n2of "$name $new_name2oid($name)" 24 | } 25 | puts $n2of "}" 26 | close $n2of 27 | } 28 | 29 | -------------------------------------------------------------------------------- /tcl_tests/mkoidf.tcl: -------------------------------------------------------------------------------- 1 | proc oid {oid name types} { 2 | puts "$oid $name GOST $name $oid" 3 | } 4 | 5 | source [lindex $argv 0] 6 | -------------------------------------------------------------------------------- /tcl_tests/name2oid.tcl: -------------------------------------------------------------------------------- 1 | array set name2oid { 2 | crypt89_cc 1.2.643.2.2.21 3 | mac89 1.2.643.2.2.22 4 | pk_sign94_cc 1.2.643.2.9.1.5.3 5 | pk_sign94_cp 1.2.643.2.2.20 6 | pk_sign01_cc 1.2.643.2.9.1.5.4 7 | pk_sign01_cp 1.2.643.2.2.19 8 | pk_sign12_256 1.2.643.7.1.1.1.1 9 | pk_sign12_512 1.2.643.7.1.1.1.2 10 | hash_94 1.2.643.2.2.9 11 | hash_12_256 1.2.643.7.1.1.2.2 12 | hash_12_512 1.2.643.7.1.1.2.3 13 | hash_with_sign94_cc 1.2.643.2.9.1.3.3 14 | hash_with_sign94_cp 1.2.643.2.2.4 15 | hash_with_sign01_cc 1.2.643.2.9.1.3.4 16 | hash_with_sign01_cp 1.2.643.2.2.3 17 | hash_with_sign12_256 1.2.643.7.1.1.3.2 18 | hash_with_sign12_512 1.2.643.7.1.1.3.3 19 | param_encr_cc 1.2.643.2.9.1.6.1 20 | param_encr_cpa 1.2.643.2.2.31.1 21 | param_encr_cpb 1.2.643.2.2.31.2 22 | param_encr_cpc 1.2.643.2.2.31.3 23 | param_encr_cpd 1.2.643.2.2.31.4 24 | param_encr_cptest 1.2.643.2.2.31.0 25 | param_encr_tc 1.2.643.7.1.2.5.1.1 26 | param_hash_94 1.2.643.2.2.30.1 27 | param_pubkey94_cpa 1.2.643.2.2.32.2 28 | param_pubkey94_cpb 1.2.643.2.2.32.3 29 | param_pubkey94_cpc 1.2.643.2.2.32.4 30 | param_pubkey94_cpd 1.2.643.2.2.32.5 31 | param_pubkey94_cpxcha 1.2.643.2.2.33.1 32 | param_pubkey94_cpxchb 1.2.643.2.2.33.2 33 | param_pubkey94_cpxchc 1.2.643.2.2.33.3 34 | param_pubkey01_cc 1.2.643.2.9.1.8.1 35 | param_pubkey01_cpa 1.2.643.2.2.35.1 36 | param_pubkey01_cpb 1.2.643.2.2.35.2 37 | param_pubkey01_cpc 1.2.643.2.2.35.3 38 | param_pubkey01_cptest 1.2.643.2.2.35.0 39 | param_pubkey01_cpxcha 1.2.643.2.2.36.0 40 | param_pubkey01_cpxchb 1.2.643.2.2.36.1 41 | param_pubkey12_512_0 1.2.643.7.1.2.1.2.0 42 | param_pubkey12_512_A 1.2.643.7.1.2.1.2.1 43 | param_pubkey12_512_B 1.2.643.7.1.2.1.2.2 44 | } 45 | -------------------------------------------------------------------------------- /tcl_tests/name2oid.tst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/name2oid.tst -------------------------------------------------------------------------------- /tcl_tests/nopath.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | start_tests "Подгрузка engine без явно указанного dynamic_path" 6 | 7 | set config [getConfig] 8 | regexp {\ndynamic_path\s*=\s*(\S[^\n]+)} $config => path 9 | if [file exist [file join [file dirname $::OPENSSL_CONF] cryptocom.lic]] { 10 | file copy -force [file join [file dirname $::OPENSSL_CONF] cryptocom.lic] cryptocom.lic 11 | } 12 | if {[info exists path]} { 13 | set env(OPENSSL_ENGINES) [subst -nocommands -nobackslashes [regsub {\$ENV::(\w+)} [file dirname $path] {$env(\1)}]] 14 | puts $env(OPENSSL_ENGINES) 15 | makeFile nodp.conf [regsub {\ndynamic_path\s*=\s*([^\n]+)} $config {}] 16 | set env(OPENSSL_CONF) "[pwd]/nodp.conf" 17 | } 18 | test -platformex {[info exists path]} -createsfiles dgst.dat "Вычисление дайджеста md_gost94" { 19 | makeFile dgst.dat [string repeat "Test data to digest.\n" 100] binary 20 | grep "md_gost94\\(" [openssl "dgst -md_gost94 dgst.dat"] 21 | } 0 "md_gost94\(dgst.dat)= 42e462ce1c2b4bf72a4815b7b4877c601f05e5781a71eaa36f63f836c021865c\n" 22 | 23 | set plain "Test data to encrypt" 24 | test -platformex {[info exists path]} -createsfiles {enc.enc enc.dat} "Encrypting file in CFB mode" { 25 | makeFile enc.dat $plain binary 26 | openssl "enc -gost89 -out enc.enc -in enc.dat -k 1234567890 -p" 27 | file isfile enc.enc 28 | } 0 1 29 | 30 | test -platformex {[info exists path]} -createsfiles {cnt.enc} "Encrypting file in CNT mode" { 31 | makeFile enc.dat $plain binary 32 | openssl "enc -gost89-cnt -out cnt.enc -in enc.dat -k 1234567890 -p" 33 | file isfile cnt.enc 34 | } 0 1 35 | 36 | test -platformex {[info exists path]} -skip {![file exists enc.enc]} "Ciphered text in CFB mode differs from clear text" { 37 | set ciphered [getFile enc.enc binary] 38 | string first $ciphered $plain 39 | } 0 -1 40 | 41 | test -platformex {[info exists path]} -skip {![file exists cnt.enc]} "Ciphered text in CNT mode differs from clear text" { 42 | set ciphered [getFile cnt.enc binary] 43 | string first $ciphered $plain 44 | } 0 -1 45 | 46 | test -platformex {[info exists path]} -skip {![file exists enc.enc]} -createsfiles enc.dec "Decrypting file, encrypted in CFB mode" { 47 | openssl "enc -gost89 -d -in enc.enc -out enc.dec -k 1234567890 -p" 48 | getFile enc.dec 49 | } 0 $plain 50 | 51 | test -platformex {[info exists path]} -skip {![file exists cnt.enc]} -createsfiles cnt.dec "Decrypting file, encrypted in CNT mode" { 52 | openssl "enc -gost89-cnt -d -in cnt.enc -out cnt.dec -k 1234567890 -p" 53 | getFile cnt.dec 54 | } 0 $plain 55 | 56 | test -platformex {[info exists path]} "Вычисление MAC gost89" { 57 | grep gost-mac [openssl "dgst -mac gost-mac -macopt key:12345678901234567890123456789012 dgst.dat"] 58 | } 0 "GOST-MAC-gost-mac(dgst.dat)= 37f646d2\n" 59 | 60 | test -platformex {[info exists path]} -createsfiles nodp2001.key "Создание секретного ключа gost2001" { 61 | makeSecretKey nodp2001 gost2001:A 62 | file exists nodp2001/seckey.pem 63 | } 0 1 64 | 65 | 66 | file delete cryptocom.lic 67 | end_tests 68 | -------------------------------------------------------------------------------- /tcl_tests/oidfile: -------------------------------------------------------------------------------- 1 | 1.2.643.2.2.9 hash_94 GOST hash_94 1.2.643.2.2.9 2 | 1.2.643.7.1.1.2.2 hash_12_256 GOST hash_12_256 1.2.643.7.1.1.2.2 3 | 1.2.643.7.1.1.2.3 hash_12_512 GOST hash_12_512 1.2.643.7.1.1.2.3 4 | 1.2.643.2.2.30.1 param_hash_94 GOST param_hash_94 1.2.643.2.2.30.1 5 | 1.2.643.2.2.21 crypt89_cc GOST crypt89_cc 1.2.643.2.2.21 6 | 1.2.643.2.2.22 mac89 GOST mac89 1.2.643.2.2.22 7 | 1.2.643.2.9.1.6.1 param_encr_cc GOST param_encr_cc 1.2.643.2.9.1.6.1 8 | 1.2.643.2.2.31.0 param_encr_cptest GOST param_encr_cptest 1.2.643.2.2.31.0 9 | 1.2.643.2.2.31.1 param_encr_cpa GOST param_encr_cpa 1.2.643.2.2.31.1 10 | 1.2.643.2.2.31.2 param_encr_cpb GOST param_encr_cpb 1.2.643.2.2.31.2 11 | 1.2.643.2.2.31.3 param_encr_cpc GOST param_encr_cpc 1.2.643.2.2.31.3 12 | 1.2.643.2.2.31.4 param_encr_cpd GOST param_encr_cpd 1.2.643.2.2.31.4 13 | 1.2.643.7.1.2.5.1.1 param_encr_tc GOST param_encr_tc 1.2.643.7.1.2.5.1.1 14 | 1.2.643.2.2.4 hash_with_sign94_cp GOST hash_with_sign94_cp 1.2.643.2.2.4 15 | 1.2.643.2.9.1.3.3 hash_with_sign94_cc GOST hash_with_sign94_cc 1.2.643.2.9.1.3.3 16 | 1.2.643.2.2.3 hash_with_sign01_cp GOST hash_with_sign01_cp 1.2.643.2.2.3 17 | 1.2.643.2.9.1.3.4 hash_with_sign01_cc GOST hash_with_sign01_cc 1.2.643.2.9.1.3.4 18 | 1.2.643.7.1.1.3.2 hash_with_sign12_256 GOST hash_with_sign12_256 1.2.643.7.1.1.3.2 19 | 1.2.643.7.1.1.3.3 hash_with_sign12_512 GOST hash_with_sign12_512 1.2.643.7.1.1.3.3 20 | 1.2.643.2.2.20 pk_sign94_cp GOST pk_sign94_cp 1.2.643.2.2.20 21 | 1.2.643.2.9.1.5.3 pk_sign94_cc GOST pk_sign94_cc 1.2.643.2.9.1.5.3 22 | 1.2.643.2.2.19 pk_sign01_cp GOST pk_sign01_cp 1.2.643.2.2.19 23 | 1.2.643.2.9.1.5.4 pk_sign01_cc GOST pk_sign01_cc 1.2.643.2.9.1.5.4 24 | 1.2.643.7.1.1.1.1 pk_sign12_256 GOST pk_sign12_256 1.2.643.7.1.1.1.1 25 | 1.2.643.7.1.1.1.2 pk_sign12_512 GOST pk_sign12_512 1.2.643.7.1.1.1.2 26 | 1.2.643.2.2.32.2 param_pubkey94_cpa GOST param_pubkey94_cpa 1.2.643.2.2.32.2 27 | 1.2.643.2.2.32.3 param_pubkey94_cpb GOST param_pubkey94_cpb 1.2.643.2.2.32.3 28 | 1.2.643.2.2.32.4 param_pubkey94_cpc GOST param_pubkey94_cpc 1.2.643.2.2.32.4 29 | 1.2.643.2.2.32.5 param_pubkey94_cpd GOST param_pubkey94_cpd 1.2.643.2.2.32.5 30 | 1.2.643.2.2.33.1 param_pubkey94_cpxcha GOST param_pubkey94_cpxcha 1.2.643.2.2.33.1 31 | 1.2.643.2.2.33.2 param_pubkey94_cpxchb GOST param_pubkey94_cpxchb 1.2.643.2.2.33.2 32 | 1.2.643.2.2.33.3 param_pubkey94_cpxchc GOST param_pubkey94_cpxchc 1.2.643.2.2.33.3 33 | 1.2.643.2.2.35.0 param_pubkey01_cptest GOST param_pubkey01_cptest 1.2.643.2.2.35.0 34 | 1.2.643.2.2.35.1 param_pubkey01_cpa GOST param_pubkey01_cpa 1.2.643.2.2.35.1 35 | 1.2.643.2.2.35.2 param_pubkey01_cpb GOST param_pubkey01_cpb 1.2.643.2.2.35.2 36 | 1.2.643.2.2.35.3 param_pubkey01_cpc GOST param_pubkey01_cpc 1.2.643.2.2.35.3 37 | 1.2.643.2.2.36.0 param_pubkey01_cpxcha GOST param_pubkey01_cpxcha 1.2.643.2.2.36.0 38 | 1.2.643.2.2.36.1 param_pubkey01_cpxchb GOST param_pubkey01_cpxchb 1.2.643.2.2.36.1 39 | 1.2.643.2.9.1.8.1 param_pubkey01_cc GOST param_pubkey01_cc 1.2.643.2.9.1.8.1 40 | 1.2.643.7.1.2.1.2.0 param_pubkey12_512_0 GOST param_pubkey12_512_0 1.2.643.7.1.2.1.2.0 41 | 1.2.643.7.1.2.1.2.1 param_pubkey12_512_A GOST param_pubkey12_512_A 1.2.643.7.1.2.1.2.1 42 | 1.2.643.7.1.2.1.2.2 param_pubkey12_512_B GOST param_pubkey12_512_B 1.2.643.7.1.2.1.2.2 43 | 44 | -------------------------------------------------------------------------------- /tcl_tests/openssl-gost.cnf: -------------------------------------------------------------------------------- 1 | openssl_conf = openssl_def 2 | 3 | [openssl_def] 4 | engines = engine_section 5 | 6 | [engine_section] 7 | gost = gost_section 8 | 9 | [gost_section] 10 | engine_id = gost 11 | default_algorithms = ALL 12 | -------------------------------------------------------------------------------- /tcl_tests/opnssl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export HSTNME=`hostname` 4 | 5 | if test $HSTNME = tls-ref-cp10; then ossl=/usr/bin/openssl; fi 6 | if test $HSTNME = tls-ref-cp20; then ossl=/opt/cryptopack2/bin/openssl; fi 7 | if test $HSTNME = tls-ref-cp21; then ossl=/opt/cryptopack2/bin/openssl; fi 8 | 9 | $ossl $* 10 | 11 | exit $? 12 | -------------------------------------------------------------------------------- /tcl_tests/pkcs12.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | 6 | start_tests "Тесты на команду pkcs12" 7 | 8 | if {[info exists env(ALG_LIST)]} { 9 | set alg_list $env(ALG_LIST) 10 | } else { 11 | switch -exact [engine_name] { 12 | "ccore" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}} 13 | "open" { 14 | set alg_list { 15 | gost2001:A gost2001:B gost2001:C 16 | gost2001:XA gost2001:XB 17 | gost2012_256:A gost2012_256:B gost2012_256:C 18 | gost2012_256:XA gost2012_256:XB 19 | gost2012_256:TCA gost2012_256:TCB gost2012_256:TCC gost2012_256:TCD 20 | gost2012_512:A gost2012_512:B gost2012_512:C 21 | } 22 | } 23 | } 24 | } 25 | 26 | foreach alg $alg_list { 27 | set alg_fn [string map {":" "_"} $alg] 28 | set username U_pkcs12_$alg_fn 29 | switch -glob $alg { 30 | gost2012_512:* {set hash_alg md_gost12_512} 31 | gost2012_256:* {set hash_alg md_gost12_256} 32 | default {set hash_alg md_gost94} 33 | } 34 | 35 | test -createsfiles [list $username/sscert.pem $username/sskey.pem]\ 36 | "Генерируем сертификат и секретный ключ $alg" { 37 | makeSecretKey $username $alg 38 | makeFile $username/req.conf [makeConf] 39 | openssl "req -new -x509 -config $username/req.conf -key $username/seckey.pem -out $username/cert.pem" 40 | expr {[file size $username/cert.pem] > 0} 41 | } 0 1 42 | 43 | test -createsfiles {$username/pkcs12.p12} "Собираем pkcs12 с алгоритмом $alg" { 44 | openssl "pkcs12 -export -inkey $username/seckey.pem -in $username/cert.pem -out $username/pkcs12.p12 -password pass:12345 -keypbe gost89 -certpbe gost89 -macalg $hash_alg" 45 | file exists $username/pkcs12.p12 46 | } 0 1 47 | 48 | test -skip {![file exists $username/pkcs12.p12]} -createsfiles [list $username/extracted_cert.pem $username/extracted_key.pem] "Разбираем pkcs12 c алгоритмом $alg" { 49 | openssl "pkcs12 -in $username/pkcs12.p12 -nodes -out $username/dump.pem -password pass:12345" 50 | set dump [getFile $username/dump.pem] 51 | set lextr [regexp -all -inline "\n-----BEGIN .*?\n-----END \[^\n\]+-----\n" $dump] 52 | 53 | list [llength $lextr] [expr {[lindex $lextr 0] eq "\n[getFile $username/cert.pem]"}] [expr {[lindex $lextr 1] eq "\n[openssl "pkcs8 -nocrypt -topk8 -in $username/seckey.pem"]"}] 54 | 55 | } 0 {2 1 1} 56 | 57 | 58 | #./load_engine pkcs12 -export -in t/z/U_enc_gost94_/cert.pem -inkey t/z/U_enc_gost94_/seckey.pem -certfile t/z/testCA/cacert.pem -name "CERTIFICATE" -out mycert.p12 -password pass:12345 59 | #./load_engine pkcs12 -in mycert.p12 -out mycert.pem 60 | 61 | } 62 | 63 | end_tests 64 | -------------------------------------------------------------------------------- /tcl_tests/pkgIndex.tcl: -------------------------------------------------------------------------------- 1 | package ifneeded test 0.2 [list source -encoding utf-8 [file join $dir test.tcl]] 2 | package ifneeded testlib 0.1 [list source -encoding utf-8 [file join $dir testlib.tcl]] 3 | package ifneeded fgetopt 0.1 [list source -encoding utf-8 [file join $dir fgetopt.tcl]] 4 | package ifneeded asn 0.7.1 [list source -encoding utf-8 [file join $dir asn.tcl]] 5 | package ifneeded base64 2.3.2 [list source -encoding utf-8 [file join $dir base64.tcl]] 6 | package ifneeded ossltest 0.7 [list source -encoding utf-8 [file join $dir ossltest.tcl]] 7 | -------------------------------------------------------------------------------- /tcl_tests/plain.enc: -------------------------------------------------------------------------------- 1 | Test data to encrypt -------------------------------------------------------------------------------- /tcl_tests/private/gost2001_A.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MH8CAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgNsz+6JQm0UYw 3 | I90/psShKQrktCj3ehyKe3G7dVuo+ySgODA2BggqhQMCCQMIATEqBChCIIzvjjnM 4 | EjW957oYXmI1tlNIIEMFy50EOPk4d/akd8k9UEUfJQ31 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2001_B.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MH8CAQAwHAYGKoUDAgITMBIGByqFAwICIwIGByqFAwICHgEEIgQgvVb0e4AmOEIH 3 | jKiZj+29OgbFVwy+XHI48yKm8FJyjQygODA2BggqhQMCCQMIATEqBCh3mHOU3GbN 4 | IZuseCRP836vV2rBLOuQrVznWHPOb9VC0lB6eNOhY1GH 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2001_C.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MH8CAQAwHAYGKoUDAgITMBIGByqFAwICIwMGByqFAwICHgEEIgQgbIM6LxPe0Ave 3 | N+yRZBsb7jmIyZET+YiWpiN3T4sKGiOgODA2BggqhQMCCQMIATEqBCgftKdkhEXD 4 | VG50lrUkn9EbqriBTKRO8SK2Yu9VJfeVt9uDpYQ9dMu2 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2001_XA.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MH8CAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgSGtJ/s0X+5ld 3 | 2wilev1VMOVYAiYPqxJeBCovJlnsB3agODA2BggqhQMCCQMIATEqBChquxeySqNx 4 | XJ+zRfoydNB3ZnI7WHvyCdevrpnUXi43QfJ7Bofldn7G 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2001_XB.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MH8CAQAwHAYGKoUDAgITMBIGByqFAwICJAEGByqFAwICHgEEIgQgYAQQC17Sjt3F 3 | rg9m7PyzD9Pa2eAYTMr8ltX3IBOmukWgODA2BggqhQMCCQMIATEqBCgl8zuE43h4 4 | 78dfpVXoV7bD85G2SIY1/d7o+bAr8AiQBumvzlnQr2ka 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2012_256_A.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGCAgEAMB8GCCqFAwcBAQEBMBMGByqFAwICIwEGCCqFAwcBAQICBCIEIOTjkLas 3 | e0/SvSH/hFRSfBopnkP9a6mqCqP/zEf6WwFsoDgwNgYIKoUDAgkDCAExKgQoXql/ 4 | cWe/7Tgh3csptrfiEgAaWgGS+VhzbJnZLvn9/STU1/46KWA+0A== 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2012_256_B.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGCAgEAMB8GCCqFAwcBAQEBMBMGByqFAwICIwIGCCqFAwcBAQICBCIEIO6zQc6w 3 | YqWlSTp4BBlVa3q+6w96tRtpWlp+LZjb5ShyoDgwNgYIKoUDAgkDCAExKgQotOvO 4 | EGwCt0ZcyZA+Lq3RwctxfJMIImyY48X/UilpdLTbfuxNTrAP7Q== 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2012_256_C.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGCAgEAMB8GCCqFAwcBAQEBMBMGByqFAwICIwMGCCqFAwcBAQICBCIEIAmU+PyI 3 | r/n63dlQoJhZu0NNJgay2KEFmtb2JvDsLDtzoDgwNgYIKoUDAgkDCAExKgQoTmXk 4 | 7VWKAP0WNGF3y26CldydpwA1llejlnI3eZ0IaIq6In4K3SzWjw== 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2012_256_XA.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGCAgEAMB8GCCqFAwcBAQEBMBMGByqFAwICJAAGCCqFAwcBAQICBCIEIAlnokn7 3 | Vw8a7IykYa4EYlv6zdit8QG5Fxs9wdWF/LuyoDgwNgYIKoUDAgkDCAExKgQopAxM 4 | Ymu/ufjc2DAxKwaMaeI1cQbNZGApKGrBgFr5/azc+wYpkV/tIg== 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2012_256_XB.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGCAgEAMB8GCCqFAwcBAQEBMBMGByqFAwICJAEGCCqFAwcBAQICBCIEIB7ziMjS 3 | yZxVTj9kzt5nyHoz0BVpvWkb8dAxo5SjV9KBoDgwNgYIKoUDAgkDCAExKgQoM1Rx 4 | tOEXmeWQll3cuet7UDp0YEmVid1AMvvdx3MD4LVthAmrIYKUCg== 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2012_512_A.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGkAgEAMCEGCCqFAwcBAQECMBUGCSqFAwcBAgECAQYIKoUDBwEBAgMEQgRAdBFk 3 | 9bJa60Rw9jvTNdtfZ3ImZuep2Klx5Fpap1bpBE4u/T4CI/R2nyjuWCBKPmbBHJO7 4 | 4Z/BTUYYe04l0gWWZaA4MDYGCCqFAwIJAwgBMSoEKCHK4j/oPjNmh1w4eH6Zx1cQ 5 | kzLi1QCYb8u45IFtpBx0jF4O0etcYKo= 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /tcl_tests/private/gost2012_512_B.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGkAgEAMCEGCCqFAwcBAQECMBUGCSqFAwcBAgECAgYIKoUDBwEBAgMEQgRAQ8Hd 3 | iGVmLyWQFF7lR2VnBIV/npcxJOTrsdhnSpNczZVT+ZWEvY66IQMsUPCVUcgZIYyp 4 | 44E3v8kD6x0EuCmPcqA4MDYGCCqFAwIJAwgBMSoEKG0+06BM69y0EvoCeE4fP8jB 5 | XPhDcF9daMRu299ZaXv2H9o/OO+nC5A= 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /tcl_tests/private/rsa_1024.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANiP17PGKutiabuB 3 | HCtGk5sBn/4Sv/X7d2HQBDwpxKx0t8U7Z+hRtzLLCRCyNiY+vnbGHkQKfAi/HfaA 4 | awvG9mGBBOA5jdRU0c9aJUNEHH4I/EkYzEkWxZHTNTVbZM4CUHJvA7AM8kRXyI00 5 | MTKirF0/clTXaiAryhprioSw0ulxAgMBAAECgYEAr5ch3D/neOdYt5Gd13DoKZyN 6 | ryJgxv/X8lUJugZb00Dn6GGchIANPH/nn8P/p87j+8XzsFOX8jeUAdRp9yihhzuN 7 | doY8EW0UEKXApHh5Y0UmlC1YqFrgtk8Y6k4bK6GewNXPekMjTLUhR+cECG6I8yAt 8 | Jtlwo+539uBld6pXEAECQQDuH6IrLZHXfxTYOeDnvYnncKrfk7szUTRV/2q8GAlw 9 | 1bqQPB1xuautWrgw90HRLAvD27KOFgZ0R9fNfULaEA3xAkEA6NHTsZNgZs7VF5Z8 10 | krR6SkszIyR3UyurvPrusR44lT6ypSsulFV+SrjFOAwbuLjl+fap9oGLI1tsbFUA 11 | UeMTgQJAKrX71XjP/vIpX/tJruddU+jujTmnSzYWiBJPJ7u7/cQoOXS+50YhV++8 12 | t/Oxl34qAhBm/3tN3w9/0rjUA977UQJAWLHvKvxRQnlTVvwekyksWXdSkPXIe6fs 13 | cj9KhbFUrw7GsgPEaAA177N6dsKuIO5XtqWQ1Hc/kYW3xYGQcKHIgQJBAIaEvBhO 14 | PkoT0apaZgriQnuWpqGCnFYTjAY7zSr+Y5kI1lnb3DPipIsZZ5X7VQ/c+64nR2M/ 15 | X1NAW+G8zHBxK6o= 16 | -----END PRIVATE KEY----- 17 | -------------------------------------------------------------------------------- /tcl_tests/req-genpkey.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | # создание секретного ключа 3 | # создание заявки и самоподписанного сертификата командой req 4 | # проверка OIDов алгоритма во всех структурах 5 | lappend auto_path [file dirname [info script]] 6 | package require ossltest 7 | cd $::test::dir 8 | start_tests "Создание ключей и заявок, команда genpkey" 9 | 10 | if {[info exists env(ALG_LIST)]} { 11 | set alg_list $env(ALG_LIST) 12 | } else { 13 | switch -exact [engine_name] { 14 | "ccore" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}} 15 | "open" {set alg_list {gost2001:A gost2001:B gost2001:C gost2001:XA gost2001:XB gost2012_256:0 gost2012_256:A gost2012_256:B gost2012_256:C gost2012_256:XA gost2012_256:XB gost2012_512:A gost2012_512:B}} 16 | } 17 | } 18 | 19 | foreach alg $alg_list { 20 | set alg_fn [string map {":" "_"} $alg] 21 | set username pkey_$alg_fn 22 | foreach {alg_only params} [split $alg :] break 23 | 24 | test -createsfiles $username/seckey.pem "Секретный ключ, алгоритм $alg" { 25 | file delete -force $username 26 | file mkdir $username 27 | openssl "genpkey -algorithm $alg_only -pkeyopt paramset:$params -out $username/seckey.pem" 28 | expr {[file size $username/seckey.pem] > 0} 29 | } 0 1 30 | 31 | test -skip {![file exists $username/seckey.pem]} "OID в секретном ключе" { 32 | extract_oids $username/seckey.pem 33 | } 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]] 34 | 35 | test -skip {![file exists $username/seckey.pem]} "Алгоритм $alg, заявка по секретному ключу" { 36 | makeFile $username/req.conf [makeConf] 37 | openssl "req -new -config $username/req.conf -key $username/seckey.pem -out $username/req.pem" 38 | expr {[file size $username/req.pem] > 0} 39 | } 0 1 40 | 41 | test -skip {![file exists $username/req.pem]} "Подпись под заявкой корректна" { 42 | grep "verif" [openssl "req -verify -in $username/req.pem"] 43 | } 0 {Certificate request self-signature verify OK 44 | } 45 | 46 | test -skip {![file exists $username/req.pem]} "OID в заявке, алгоритм $alg" { 47 | extract_oids $username/req.pem 48 | } 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]] 49 | 50 | test -skip {![file exists $username/seckey.pem]} "Алгоритм $alg, сертификат по секретному ключу" { 51 | openssl "req -new -x509 -config $username/req.conf -key $username/seckey.pem -out $username/cert.pem" 52 | expr {[file size $username/cert.pem] > 0} 53 | } 0 1 54 | 55 | test -skip {![file exists $username/cert.pem]} "OID в сертификате" { 56 | extract_oids $username/cert.pem 57 | } 0 [mkObjList [hash_with_sign_long_name $alg] [alg_long_name $alg] [pubkey_long_name $alg]\ 58 | [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $alg]] 59 | 60 | test -createsfiles "$username/seckey.der" "Алгоритм $alg сохраняем ключ в DER-формате" { 61 | openssl "genpkey -algorithm $alg_only -pkeyopt paramset:$params -out $username/seckey.der -outform DER" 62 | file exists $username/seckey.der 63 | } 0 1 64 | 65 | test -skip {![file exists $username/seckey.der]} "OID в секретном ключе $alg DER" { 66 | extract_oids $username/seckey.der DER 67 | } 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]] 68 | 69 | test -skip {![file exists $username/seckey.der]} -createsfiles $username/req2.pem "Создаем заявку из ключа в формате DER" { 70 | openssl "req -new -config $username/req.conf -key $username/seckey.der -keyform der -out $username/req2.pem" 71 | expr {[file size $username/req2.pem] > 0} 72 | } 0 1 73 | 74 | test -skip {![file exists $username/req2.pem]} "Подпись под заявкой корректна" { 75 | grep "verif" [openssl "req -verify -in $username/req2.pem"] 76 | } 0 {Certificate request self-signature verify OK 77 | } 78 | 79 | } 80 | 81 | 82 | end_tests 83 | -------------------------------------------------------------------------------- /tcl_tests/req-newkey.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | if {[info exists env(PKG_PATH)]} { 3 | lappend auto_path $env(PKG_PATH) 4 | } else { 5 | lappend auto_path [file dirname [info script]] 6 | } 7 | package require ossltest 8 | package require asn 0.4.1 9 | cd $::test::dir 10 | 11 | switch -exact [engine_name] { 12 | "ccore" { 13 | set no_param_set "no public key parameters set" 14 | set invalid_paramset "invalid pubic key paramset name" 15 | } 16 | "open" { 17 | set no_param_set "no parameters set" 18 | set invalid_paramset "parameter error" 19 | } 20 | } 21 | 22 | start_tests "Создание ключей и заявок, команда req -newkey" 23 | makeCA 24 | foreach {alg descr code result} { 25 | gost2001: "ГОСТ 2001 Криптопро" 1 no_param_set 26 | gost2001:A "ГОСТ 2001 Криптопро A" 0 1.2.643.2.2.35.1 27 | gost2001:B "ГОСТ 2001 Криптопро B" 0 1.2.643.2.2.35.2 28 | gost2001:C "ГОСТ 2001 Криптопро C" 0 1.2.643.2.2.35.3 29 | gost2001:D "ГОСТ 2001 Криптопро неверный параметр" 1 invalid_paramset 30 | gost2001:test "ГОСТ 2001 Криптопро тестовый" 0 1.2.643.2.2.35.0 31 | gost2001:XA "ГОСТ 2001 Криптопро XA" 0 1.2.643.2.2.36.0 32 | gost2001:XB "ГОСТ 2001 Криптопро XB" 0 1.2.643.2.2.36.1 33 | gost2001:id-GostR3410-2001-CryptoPro-XchB-ParamSet "ГОСТ 2001 Криптопро XB по имени" 0 1.2.643.2.2.36.1 34 | gost2001:1.2.643.2.2.36.1 "ГОСТ 2001 Криптопро XB по OID" 0 1.2.643.2.2.36.1 35 | gost2001:1.2.840.113549.1.1.1 "Недопустимый OID" 1 invalid_paramset 36 | gost2001:RSAencryption: "Недопустимое имя объекта" 1 invalid_paramset 37 | gost2012_256: "ГОСТ 2012 256 бит" 1 no_param_set 38 | gost2012_256:A "ГОСТ 2012 256 бит Криптопро A" 0 1.2.643.2.2.35.1 39 | gost2012_256:B "ГОСТ 2012 256 бит Криптопро B" 0 1.2.643.2.2.35.2 40 | gost2012_256:C "ГОСТ 2012 256 бит Криптопро C" 0 1.2.643.2.2.35.3 41 | gost2012_256:D "ГОСТ 2012 256 бит Криптопро неверный параметр" 1 invalid_paramset 42 | gost2012_256:TCA "ГОСТ 2012 256 бит ТК26 A" 0 1.2.643.7.1.2.1.1.1 43 | gost2012_256:TCB "ГОСТ 2012 256 бит ТК26 B" 0 1.2.643.7.1.2.1.1.2 44 | gost2012_256:TCC "ГОСТ 2012 256 бит ТК26 C" 0 1.2.643.7.1.2.1.1.3 45 | gost2012_256:TCD "ГОСТ 2012 256 бит ТК26 D" 0 1.2.643.7.1.2.1.1.4 46 | gost2012_256:TCE "ГОСТ 2012 256 бит ТК26 неверный параметр" 1 invalid_paramset 47 | gost2012_256:id-GostR3410-2001-CryptoPro-B-ParamSet "ГОСТ 2012 256 бит Криптопро B по имени" 0 1.2.643.2.2.35.2 48 | gost2012_256:1.2.643.2.2.35.1 "ГОСТ 2012 256 бит Криптопро A по OID" 0 1.2.643.2.2.35.1 49 | gost2012_256:1.2.840.113549.1.1.1 "Недопустимый OID" 1 invalid_paramset 50 | gost2012_256:RSAencryption: "Недопустимое имя объекта" 1 invalid_paramset 51 | gost2012_512: "ГОСТ 2012 512 бит" 1 no_param_set 52 | gost2012_512:A "ГОСТ 2012 512 бит ТК26 A" 0 1.2.643.7.1.2.1.2.1 53 | gost2012_512:B "ГОСТ 2012 512 бит ТК26 B" 0 1.2.643.7.1.2.1.2.2 54 | gost2012_512:C "ГОСТ 2012 512 бит ТК26 C" 0 1.2.643.7.1.2.1.2.3 55 | gost2012_512:D "ГОСТ 2012 512 бит неверный параметр" 1 invalid_paramset 56 | gost2012_512:id-tc26-gost-3410-2012-512-paramSetB "ГОСТ 2012 512 бит набор параметров B по имени" 0 1.2.643.7.1.2.1.2.2 57 | gost2012_512:1.2.643.7.1.2.1.2.1 "ГОСТ 2012 512 бит набор параметров A по OID" 0 1.2.643.7.1.2.1.2.1 58 | gost2012_512:1.2.643.2.2.35.1 "Недопустимый OID" 1 invalid_paramset 59 | gost2012_512:RSAencryption: "Недопустимое имя объекта" 1 invalid_paramset 60 | 61 | 62 | } { 63 | 64 | switch -exact $result { 65 | "no_param_set" { set result $no_param_set } 66 | "invalid_paramset" { set result $invalid_paramset } 67 | } 68 | 69 | set index [string first ":" $alg] 70 | if {$index != -1} { 71 | set algname [string range $alg 0 [expr $index-1]] 72 | set algparam [string range $alg [expr $index+1] end] 73 | } else { 74 | set algname $alg 75 | set algparam "" 76 | } 77 | if {$algparam ne ""} { 78 | set algparamcmdline "-pkeyopt paramset:$algparam" 79 | } else { 80 | set algparamcmdline "" 81 | } 82 | 83 | test -skip {{[engine_name] eq "open" && $alg eq "gost2001:test"}} $descr { 84 | openssl "req -newkey $algname $algparamcmdline -keyout test.key -out test.req -batch -nodes -config $::test::ca/req.conf" 85 | set pkcs8 [readpem test.key] 86 | asn::asnGetSequence pkcs8 seq1 87 | asn::asnGetInteger seq1 int0 88 | asn::asnGetSequence seq1 seq2 89 | asn::asnGetObjectIdentifier seq2 oid 90 | asn::asnGetSequence seq2 seq3 91 | asn::asnGetObjectIdentifier seq3 oid 92 | join $oid . 93 | } $code $result 94 | log "errorInfo: $errorInfo" 95 | 96 | test -skip {![file exists test.req]} "Заявка подписана корректно" { 97 | grep "verif" [openssl "req -verify -in test.req"] 98 | } 0 "Certificate request self-signature verify OK\n" 99 | } 100 | end_tests 101 | -------------------------------------------------------------------------------- /tcl_tests/runtest.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rem Тесты на коммерческий энжин выполняются с тем ДСЧ, на использование 4 | rem которого сконфигурирован КриптоПакет (то есть который указан в файле 5 | rem конфигурации или переменной окружения RNG). Исключение - наборы тестов 6 | rem prng.try, rng.try, rng-seed.try (всегда тестируют ДСЧ PROGRAM) и 7 | rem rng2.try (тестирует все ДСЧ, которые найдет на компьютере). 8 | 9 | 10 | rem Состав набора тестов 11 | rem 1. Этот скрипт 12 | rem 2. Файлы *.try 13 | rem 3. Файлы *.tcl 14 | rem 4. Файлы *.ciphers 15 | rem 5. calcstat 16 | rem 6. oidfile 17 | rem 7. name2oid.tst 18 | 19 | rem Пререквизиты, которые должны быть установлены на машине: 20 | rem 1. tclsh. 21 | rem 2. ssh (что характерно, называться должен именно так и не должен выводить 22 | rem лишних сообщений), мы используем ssh.bat вокруг putty: 23 | rem @plink -l build %* 24 | rem Должен и настроен заход по ключам без пароля на lynx и все используемые 25 | rem эталонники. Ключи этих машин должны быть в knownhosts с полными доменными 26 | rem именами серверов, то есть lynx.lan.cryptocom.ru и т.д. (для putty 27 | rem knownhosts хранятся в реесте). 28 | rem В Firewall Windows необходимо прописать исключение, разрешающее 29 | rem соединения для программы openssl.exe. Внимание, Windows неправильно 30 | rem трактует понятие "локальная сеть" в описании исключения, нужно либо 31 | rem выставлять "любой компьютер", либо явно задавать маску 10.51.0.0/255.255.0.0 32 | 33 | 34 | IF "%OPENSSL_APP%"=="" set OPENSSL_APP=c:\cryptopack3\bin\openssl.exe 35 | IF "%TCLSH%"=="" set TCLSH=c:\Tcl\bin\tclsh.exe 36 | 37 | %TCLSH% getengine.tcl > engine_name.txt 38 | set /p ENGINE_NAME= < engine_name.txt 39 | del engine_name.txt 40 | 41 | hostname > host_name.txt 42 | set /p HOST_NAME= < host_name.txt 43 | del host_name.txt 44 | set TESTDIR=%HOST_NAME%-bat-%ENGINE_NAME% 45 | rmdir /s /q %TESTDIR% 46 | mkdir %TESTDIR% 47 | copy oidfile %TESTDIR% 48 | set OTHER_VERSION=../OtherVersion 49 | 50 | IF %ENGINE_NAME%==cryptocom ( 51 | set BASE_TESTS=engine dgst pkcs8 enc req-genpkey req-newkey ca smime smime2 smimeenc cms cms2 cmsenc pkcs12 nopath ocsp ts ssl smime_io cms_io smimeenc_io cmsenc_io 52 | set OTHER_DIR=../%HOST_NAME%-bat-gost 53 | ) ELSE ( 54 | IF %ENGINE_NAME%==gost ( 55 | set BASE_TESTS=engine dgst pkcs8 enc req-genpkey req-newkey ca smime smime2 smimeenc cms cms2 cmsenc pkcs12 nopath ocsp ts ssl smime_io cms_io smimeenc_io cmsenc_io 56 | set OTHER_DIR=../%HOST_NAME%-bat-cryptocom 57 | ) ELSE ( 58 | echo No GOST providing engine found 59 | exit 1 60 | ) 61 | ) 62 | 63 | set PKCS7_COMPATIBILITY_TESTS=smime_cs cmsenc_cs cmsenc_sc 64 | set CLIENT_TESTS=cp20 cp21 65 | set WINCLIENT_TESTS=p1-1xa-tls1-v-cp36r4-srv p1-1xa-tls1-v-cp39-srv p1-1xa-tls1-v-cp4-01 p2-1xa-tls1-v-cp4-01 p2-2xa-tls1-v-cp4-12S p2-5xa-tls1-v-cp4-12L p1-1xa-tls1-v-cp4r3-01 p2-1xa-tls1-v-cp4r3-01 p2-2xa-tls1-v-cp4r3-01 p2-5xa-tls1-v-cp4r3-01 p1-1xa-tls1_1-v-cp4r3-01 p2-1xa-tls1_1-v-cp4r3-01 p2-2xa-tls1_1-v-cp4r3-01 p2-5xa-tls1_1-v-cp4r3-01 p1-1xa-tls1_2-v-cp4r3-01 p2-1xa-tls1_2-v-cp4r3-01 p2-2xa-tls1_2-v-cp4r3-01 p2-5xa-tls1_2-v-cp4r3-01 p1-1xa-tls1-v-cp5-01 p2-1xa-tls1-v-cp5-01 p2-2xa-tls1-v-cp5-01 p2-5xa-tls1-v-cp5-01 p1-1xa-tls1_1-v-cp5-01 p2-1xa-tls1_1-v-cp5-01 p2-2xa-tls1_1-v-cp5-01 p2-5xa-tls1_1-v-cp5-01 p1-1xa-tls1_2-v-cp5-01 p2-1xa-tls1_2-v-cp5-01 p2-2xa-tls1_2-v-cp5-01 p2-5xa-tls1_2-v-cp5-01 66 | set SERVER_TESTS=cp20 cp21 csp36r4 csp39 csp4 csp4r3 csp5 67 | set OPENSSL_DEBUG_MEMORY=on 68 | 69 | FOR %%t IN (%BASE_TESTS%) DO %TCLSH% %%t.try 70 | FOR %%t IN (%PKCS7_COMPATIBILITY_TESTS%) DO %TCLSH% %%t.try 71 | FOR %%t IN (%SERVER_TESTS%) DO %TCLSH% server.try %%t 72 | FOR %%t IN (%CLIENT_TESTS%) DO %TCLSH% client.try %%t 73 | set CVS_RSH=ssh 74 | FOR %%t IN (%WINCLIENT_TESTS%) DO %TCLSH% wcli.try %%t 75 | IF EXIST %TESTDIR%\%OTHER_DIR% %TCLSH% interop.try 76 | IF EXIST %TESTDIR%\%OTHER_VERSION% ( 77 | set OTHER_DIR=%OTHER_VERSION% 78 | IF %ENGINE_NAME%==cryptocom ( 79 | set ALG_LIST="gost2001:A gost2001:B gost2001:C" 80 | set ENC_LIST="gost2001:A:1.2.643.2.2.31.3 gost2001:B:1.2.643.2.2.31.4 gost2001:C:1.2.643.2.2.31.2 gost2001:A:" 81 | ) ELSE ( 82 | set ALG_LIST="gost2001:A gost2001:B gost2001:C" 83 | set ENC_LIST="gost2001:A:1.2.643.2.2.31.3 gost2001:B:1.2.643.2.2.31.4 gost2001:C:1.2.643.2.2.31.2 gost2001:A:" 84 | ) 85 | %TCLSH% interop.try 86 | ) 87 | 88 | %TCLSH% calcstat %TESTDIR%\stats %TESTDIR%\test.result 89 | -------------------------------------------------------------------------------- /tcl_tests/runtest1.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rem Состав набора тестов 4 | rem 1. Этот скрипт 5 | rem 2. Файлы *.try 6 | rem 3. Файлы *.tcl 7 | rem 4. Файлы *.ciphers 8 | rem 5. calcstat 9 | rem 6. oidfile 10 | rem 7. name2oid.tst 11 | 12 | rem Пререквизиты, которые должны быть установлены на машине: 13 | rem 1. tclsh. 14 | rem 2. ssh (что характерно, называться должен именно так и не должен выводить 15 | rem лишних сообщений), мы используем ssh.bat вокруг putty: 16 | rem @plink -l build %* 17 | rem Должен и настроен заход по ключам без пароля на lynx и все используемые 18 | rem эталонники. Ключи этих машин должны быть в knownhosts с полными доменными 19 | rem именами серверов, то есть lynx.lan.cryptocom.ru и т.д. (для putty 20 | rem knownhosts хранятся в реесте). 21 | rem В Firewall Windows необходимо прописать исключение, разрешающее 22 | rem соединения для программы openssl.exe. Внимание, Windows неправильно 23 | rem трактует понятие "локальная сеть" в описании исключения, нужно либо 24 | rem выставлять "любой компьютер", либо явно задавать маску 10.51.0.0/255.255.0.0 25 | 26 | 27 | IF "%OPENSSL_APP%"=="" set OPENSSL_APP=c:\cryptopack3\bin\openssl.exe 28 | IF "%TCLSH%"=="" set TCLSH=c:\Tcl\bin\tclsh.exe 29 | 30 | %TCLSH% getengine.tcl > engine_name.txt 31 | set /p ENGINE_NAME= < engine_name.txt 32 | del engine_name.txt 33 | 34 | hostname > host_name.txt 35 | set /p HOST_NAME= < host_name.txt 36 | del host_name.txt 37 | set TESTDIR=%HOST_NAME%-bat-%ENGINE_NAME% 38 | rmdir /s /q %TESTDIR% 39 | mkdir %TESTDIR% 40 | copy oidfile %TESTDIR% 41 | set OTHER_VERSION=../OtherVersion 42 | 43 | IF %ENGINE_NAME%==cryptocom ( 44 | set BASE_TESTS=engine ssl dgst pkcs8 enc req-genpkey req-newkey ca smime smime2 smimeenc cms cms2 cmsenc pkcs12 nopath ocsp ts smime_io cms_io smimeenc_io cmsenc_io 45 | set OTHER_DIR=../%HOST_NAME%-bat-gost 46 | ) ELSE ( 47 | IF %ENGINE_NAME%==gost ( 48 | set BASE_TESTS=engine dgst pkcs8 enc req-genpkey req-newkey ca smime smime2 smimeenc cms cms2 cmsenc pkcs12 nopath ocsp ts ssl smime_io cms_io smimeenc_io cmsenc_io 49 | set OTHER_DIR=../%HOST_NAME%-bat-cryptocom 50 | ) ELSE ( 51 | echo No GOST providing engine found 52 | exit 1 53 | ) 54 | ) 55 | 56 | set PKCS7_COMPATIBILITY_TESTS=smime_cs cmsenc_cs cmsenc_sc 57 | set CLIENT_TESTS=cp20 cp21 58 | set WINCLIENT_TESTS=p1-1xa-tls1-v-cp36r4-srv p1-1xa-tls1-v-cp39-srv p1-1xa-tls1-v-cp4-01 p2-1xa-tls1-v-cp4-01 p2-2xa-tls1-v-cp4-12S p2-5xa-tls1-v-cp4-12L p1-1xa-tls1-v-cp4r3-01 p2-1xa-tls1-v-cp4r3-01 p2-2xa-tls1-v-cp4r3-01 p2-5xa-tls1-v-cp4r3-01 p1-1xa-tls1_1-v-cp4r3-01 p2-1xa-tls1_1-v-cp4r3-01 p2-2xa-tls1_1-v-cp4r3-01 p2-5xa-tls1_1-v-cp4r3-01 p1-1xa-tls1_2-v-cp4r3-01 p2-1xa-tls1_2-v-cp4r3-01 p2-2xa-tls1_2-v-cp4r3-01 p2-5xa-tls1_2-v-cp4r3-01 p1-1xa-tls1-v-cp5-01 p2-1xa-tls1-v-cp5-01 p2-2xa-tls1-v-cp5-01 p2-5xa-tls1-v-cp5-01 p1-1xa-tls1_1-v-cp5-01 p2-1xa-tls1_1-v-cp5-01 p2-2xa-tls1_1-v-cp5-01 p2-5xa-tls1_1-v-cp5-01 p1-1xa-tls1_2-v-cp5-01 p2-1xa-tls1_2-v-cp5-01 p2-2xa-tls1_2-v-cp5-01 p2-5xa-tls1_2-v-cp5-01 59 | set SERVER_TESTS=cp20 cp21 csp36r4 csp39 csp4 csp4r3 csp5 60 | set OPENSSL_DEBUG_MEMORY=on 61 | 62 | FOR %%t IN (%BASE_TESTS%) DO %TCLSH% %%t.try 63 | FOR %%t IN (%PKCS7_COMPATIBILITY_TESTS%) DO %TCLSH% %%t.try 64 | rem FOR %%t IN (%SERVER_TESTS%) DO %TCLSH% server.try %%t 65 | rem FOR %%t IN (%CLIENT_TESTS%) DO %TCLSH% client.try %%t 66 | set CVS_RSH=ssh 67 | rem FOR %%t IN (%WINCLIENT_TESTS%) DO %TCLSH% wcli.try %%t 68 | IF EXIST %TESTDIR%\%OTHER_DIR% %TCLSH% interop.try 69 | IF EXIST %TESTDIR%\%OTHER_VERSION% ( 70 | set OTHER_DIR=%OTHER_VERSION% 71 | IF %ENGINE_NAME%==cryptocom ( 72 | set ALG_LIST="gost2001:A gost2001:B gost2001:C" 73 | set ENC_LIST="gost2001:A:1.2.643.2.2.31.3 gost2001:B:1.2.643.2.2.31.4 gost2001:C:1.2.643.2.2.31.2 gost2001:A:" 74 | ) ELSE ( 75 | set ALG_LIST="gost2001:A gost2001:B gost2001:C" 76 | set ENC_LIST="gost2001:A:1.2.643.2.2.31.3 gost2001:B:1.2.643.2.2.31.4 gost2001:C:1.2.643.2.2.31.2 gost2001:A:" 77 | ) 78 | %TCLSH% interop.try 79 | ) 80 | 81 | %TCLSH% calcstat %TESTDIR%\stats %TESTDIR%\test.result 82 | -------------------------------------------------------------------------------- /tcl_tests/runtest2.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rem Состав набора тестов 4 | rem 1. Этот скрипт 5 | rem 2. Файлы *.try 6 | rem 3. Файлы *.tcl 7 | rem 4. Файлы *.ciphers 8 | rem 5. calcstat 9 | rem 6. oidfile 10 | rem 7. name2oid.tst 11 | 12 | rem Пререквизиты, которые должны быть установлены на машине: 13 | rem 1. tclsh. 14 | rem 2. ssh (что характерно, называться должен именно так и не должен выводить 15 | rem лишних сообщений), мы используем ssh.bat вокруг putty: 16 | rem @plink -l build %* 17 | rem Должен и настроен заход по ключам без пароля на lynx и все используемые 18 | rem эталонники. Ключи этих машин должны быть в knownhosts с полными доменными 19 | rem именами серверов, то есть lynx.lan.cryptocom.ru и т.д. (для putty 20 | rem knownhosts хранятся в реесте). 21 | rem В Firewall Windows необходимо прописать исключение, разрешающее 22 | rem соединения для программы openssl.exe. Внимание, Windows неправильно 23 | rem трактует понятие "локальная сеть" в описании исключения, нужно либо 24 | rem выставлять "любой компьютер", либо явно задавать маску 10.51.0.0/255.255.0.0 25 | 26 | 27 | IF "%OPENSSL_APP%"=="" set OPENSSL_APP=c:\cryptopack3\bin\openssl.exe 28 | IF "%TCLSH%"=="" set TCLSH=c:\Tcl\bin\tclsh.exe 29 | 30 | %TCLSH% getengine.tcl > engine_name.txt 31 | set /p ENGINE_NAME= < engine_name.txt 32 | del engine_name.txt 33 | 34 | hostname > host_name.txt 35 | set /p HOST_NAME= < host_name.txt 36 | del host_name.txt 37 | set TESTDIR=%HOST_NAME%-bat-%ENGINE_NAME% 38 | rem emdir /s /q %TESTDIR% 39 | rem mkdir %TESTDIR% 40 | rem copy oidfile %TESTDIR% 41 | set OTHER_VERSION=../OtherVersion 42 | 43 | IF %ENGINE_NAME%==cryptocom ( 44 | set BASE_TESTS=engine ssl dgst pkcs8 enc req-genpkey req-newkey ca smime smime2 smimeenc cms cms2 cmsenc pkcs12 nopath ocsp ts smime_io cms_io smimeenc_io cmsenc_io 45 | set OTHER_DIR=../%HOST_NAME%-bat-gost 46 | ) ELSE ( 47 | IF %ENGINE_NAME%==gost ( 48 | set BASE_TESTS=engine dgst pkcs8 enc req-genpkey req-newkey ca smime smime2 smimeenc cms cms2 cmsenc pkcs12 nopath ocsp ts ssl smime_io cms_io smimeenc_io cmsenc_io 49 | set OTHER_DIR=../%HOST_NAME%-bat-cryptocom 50 | ) ELSE ( 51 | echo No GOST providing engine found 52 | exit 1 53 | ) 54 | ) 55 | 56 | set PKCS7_COMPATIBILITY_TESTS=smime_cs cmsenc_cs cmsenc_sc 57 | set CLIENT_TESTS=cp20 cp21 58 | set WINCLIENT_TESTS=p1-1xa-tls1-v-cp36r4-srv p1-1xa-tls1-v-cp39-srv p1-1xa-tls1-v-cp4-01 p2-1xa-tls1-v-cp4-01 p2-2xa-tls1-v-cp4-12S p2-5xa-tls1-v-cp4-12L p1-1xa-tls1-v-cp4r3-01 p2-1xa-tls1-v-cp4r3-01 p2-2xa-tls1-v-cp4r3-01 p2-5xa-tls1-v-cp4r3-01 p1-1xa-tls1_1-v-cp4r3-01 p2-1xa-tls1_1-v-cp4r3-01 p2-2xa-tls1_1-v-cp4r3-01 p2-5xa-tls1_1-v-cp4r3-01 p1-1xa-tls1_2-v-cp4r3-01 p2-1xa-tls1_2-v-cp4r3-01 p2-2xa-tls1_2-v-cp4r3-01 p2-5xa-tls1_2-v-cp4r3-01 p1-1xa-tls1-v-cp5-01 p2-1xa-tls1-v-cp5-01 p2-2xa-tls1-v-cp5-01 p2-5xa-tls1-v-cp5-01 p1-1xa-tls1_1-v-cp5-01 p2-1xa-tls1_1-v-cp5-01 p2-2xa-tls1_1-v-cp5-01 p2-5xa-tls1_1-v-cp5-01 p1-1xa-tls1_2-v-cp5-01 p2-1xa-tls1_2-v-cp5-01 p2-2xa-tls1_2-v-cp5-01 p2-5xa-tls1_2-v-cp5-01 59 | set SERVER_TESTS=cp20 cp21 csp36r4 csp39 csp4 csp4r3 csp5 60 | set OPENSSL_DEBUG_MEMORY=on 61 | 62 | rem eOR %%t IN (%BASE_TESTS%) DO %TCLSH% %%t.try 63 | rem FOR %%t IN (%PKCS7_COMPATIBILITY_TESTS%) DO %TCLSH% %%t.try 64 | FOR %%t IN (%SERVER_TESTS%) DO %TCLSH% server.try %%t 65 | FOR %%t IN (%CLIENT_TESTS%) DO %TCLSH% client.try %%t 66 | set CVS_RSH=ssh 67 | FOR %%t IN (%WINCLIENT_TESTS%) DO %TCLSH% wcli.try %%t 68 | IF EXIST %TESTDIR%\%OTHER_DIR% %TCLSH% interop.try 69 | IF EXIST %TESTDIR%\%OTHER_VERSION% ( 70 | set OTHER_DIR=%OTHER_VERSION% 71 | IF %ENGINE_NAME%==cryptocom ( 72 | set ALG_LIST="gost2001:A gost2001:B gost2001:C" 73 | set ENC_LIST="gost2001:A:1.2.643.2.2.31.3 gost2001:B:1.2.643.2.2.31.4 gost2001:C:1.2.643.2.2.31.2 gost2001:A:" 74 | ) ELSE ( 75 | set ALG_LIST="gost2001:A gost2001:B gost2001:C" 76 | set ENC_LIST="gost2001:A:1.2.643.2.2.31.3 gost2001:B:1.2.643.2.2.31.4 gost2001:C:1.2.643.2.2.31.2 gost2001:A:" 77 | ) 78 | %TCLSH% interop.try 79 | ) 80 | 81 | %TCLSH% calcstat %TESTDIR%\stats %TESTDIR%\test.result 82 | -------------------------------------------------------------------------------- /tcl_tests/smime_cs.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | set testname [file rootname [file tail $::argv0]] 6 | 7 | start_tests "Тесты на восместимость по подписи с эталонными серверами" 8 | 9 | if {[info exists env(ALG_LIST)]} { 10 | set alg_list $env(ALG_LIST) 11 | } else { 12 | switch -exact [engine_name] { 13 | "ccore" {set alg_list {gost2001:A gost2001:B gost2001:C}} 14 | "open" {set alg_list {gost2001:A gost2001:B gost2001:C}} 15 | } 16 | } 17 | 18 | foreach alg $alg_list { 19 | set alg_fn [string map {":" "_"} $alg] 20 | set username U_smime_$alg_fn 21 | switch -glob $alg { 22 | gost2012* {set ::test::ca smimeCA-2012 23 | set ca_sign_alg hash_with_sign12_512 24 | } 25 | * {set ::test::ca smimeCA 26 | set ca_sign_alg hash_with_sign01_cp 27 | } 28 | } 29 | set hosts [list tls-ref-cp21] 30 | foreach hstname $hosts { 31 | 32 | 33 | test -skip {![file exists sign_$alg_fn.msg]} "Verifying a message signed with $alg without ca via cms" { 34 | grep Veri [openssl_remote "$username sign_$alg_fn.msg" "$hstname" "cms -verify -text -in TESTPATH/sign_$alg_fn.msg -out TESTPATH/verified.txt -noverify -certfile TESTPATH/$username/cert.pem" "smime"] 35 | } 0 "Verification successful 36 | " 37 | 38 | test -skip {![file exists sign_$alg_fn.msg]} "Verifying a message signed with $alg with ca via cms" { 39 | grep Veri [openssl_remote "$::test::ca sign_$alg_fn.msg" "$hstname" "cms -verify -text -in TESTPATH/sign_$alg_fn.msg -out TESTPATH/verified.txt -certfile TESTPATH/$username/cert.pem -CAfile TESTPATH/$::test::ca/cacert.pem" "smime"] 40 | } 0 "Verification successful 41 | " 42 | 43 | test -skip {![file exists bad_$alg_fn.msg]} -createsfiles TESTPATH/verified.txt] "Verifying corrupted messages signed with $alg via cms" { 44 | grep Verification [openssl_remote "bad_$alg_fn.msg" "$hstname" "cms -verify -text -in TESTPATH/bad_$alg_fn.msg -out TESTPATH/verified.txt -noverify -certfile TESTPATH/$username/cert.pem" "smime"] 45 | } 1 "Verification failure" 46 | 47 | test -skip {![file exists sign_c_$alg_fn.msg]} "Verifying a message signed with $alg having cert inside without ca via cms" { 48 | grep Veri [openssl_remote "sign_c_$alg_fn.msg" "$hstname" "cms -verify -text -in TESTPATH/sign_c_$alg_fn.msg -out TESTPATH/verified.txt -noverify" "smime"] 49 | } 0 "Verification successful 50 | " 51 | 52 | test -skip {![file exists sign_c_$alg_fn.msg]} "Verifying a message signed with $alg having cert with ca via cms" { 53 | grep Veri [openssl_remote "sign_c_$alg_fn.msg" "$hstname" "cms -verify -text -in TESTPATH/sign_c_$alg_fn.msg -out TESTPATH/verified.txt -CAfile TESTPATH/$::test::ca/cacert.pem" "smime"] 54 | } 0 "Verification successful 55 | " 56 | 57 | test -createsfiles TESTPATH/verified.txt -skip {![file exists sign_op_$alg_fn.msg]} "Verifying a message signed by $alg having cert inside without ca via cms" { 58 | grep Veri [openssl_remote "sign_op_$alg_fn.msg" "$hstname" "cms -verify -text -in TESTPATH/sign_op_$alg_fn.msg -out TESTPATH/verified.txt -noverify" "smime"] 59 | } 0 "Verification successful 60 | " 61 | 62 | test -createsfiles TESTPATH/verified.txt -skip {![file exists sign_op_$alg_fn.msg]} "Verifying a $alg opaque message with ca via cms" { 63 | grep Veri [openssl_remote "sign_op_$alg_fn.msg" "$hstname" "cms -verify -text -in TESTPATH/sign_op_$alg_fn.msg -out TESTPATH/verified.txt -CAfile TESTPATH/$::test::ca/cacert.pem" "smime"] 64 | } 0 "Verification successful 65 | " 66 | 67 | test -skip {![file exists broken_op_$alg_fn.msg]} "Verifying broken $alg opaque message" { 68 | grep Verification [openssl_remote "broken_op_$alg_fn.msg" "$hstname" "cms -verify -text -in TESTPATH/broken_op_$alg_fn.msg -out TESTPATH/verified.txt -CAfile TESTPATH/$::test::ca/cacert.pem" "smime"] 69 | } 1 "Verification failure" 70 | 71 | test -skip {![file exists sign_det_$alg_fn.pem]} "Verifying detached $alg signature via cms" { 72 | grep Veri [openssl_remote "sign_det_$alg_fn.pem sign.dat" "$hstname" "cms -verify -content TESTPATH/sign.dat -inform PEM -in TESTPATH/sign_det_$alg_fn.pem -out TESTPATH/verified.txt -noverify" "smime"] 73 | } 0 "Verification successful 74 | " 75 | 76 | test -skip {![file exists sign_det_$alg_fn.msg] || ![file exists bad.dat]} "Verifying corrupted $alg detached signature" { 77 | grep Verification [openssl_remote "sign_det_$alg_fn.msg bad.dat" "$hstname" "cms -verify -content TESTPATH/bad.dat -in TESTPATH/sign_det_$alg_fn.msg -out TESTPATH/verified.txt -CAfile TESTPATH/$::test::ca/cacert.pem" "smime"] 78 | } 1 "Verification failure" 79 | } 80 | 81 | } 82 | end_tests 83 | -------------------------------------------------------------------------------- /tcl_tests/smime_io.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | set testname [file rootname [file tail $::argv0]] 6 | 7 | start_tests "Тесты на совместимость smime и cms -sign" 8 | 9 | if {[info exists env(ALG_LIST)]} { 10 | set alg_list $env(ALG_LIST) 11 | } else { 12 | switch -exact [engine_name] { 13 | "ccore" {set alg_list {gost2001:A gost2001:B gost2001:C gost2012_256:A gost2012_256:B gost2012_256:C gost2012_512:A gost2012_512:B}} 14 | "open" {set alg_list {gost2001:A gost2001:B gost2001:C gost2012_256:A gost2012_256:B gost2012_256:C gost2012_512:A gost2012_512:B}} 15 | } 16 | } 17 | 18 | foreach alg $alg_list { 19 | set alg_fn [string map {":" "_"} $alg] 20 | set username U_smime_$alg_fn 21 | switch -glob $alg { 22 | gost2012* {set ::test::ca smimeCA-2012 23 | set ca_sign_alg hash_with_sign12_512 24 | } 25 | * {set ::test::ca smimeCA 26 | set ca_sign_alg hash_with_sign01_cp 27 | } 28 | } 29 | 30 | test -skip {![file exists sign_$alg_fn.msg]} "Verifying a message signed with $alg without ca via cms" { 31 | grep Veri [openssl "cms -verify -text -in sign_$alg_fn.msg -out verified.txt -noverify -certfile $username/cert.pem"] 32 | } 0 "CMS Verification successful 33 | " 34 | 35 | test -skip {![file exists sign_$alg_fn.msg]} "Verifying a message signed with $alg with ca via cms" { 36 | grep Veri [openssl "cms -verify -text -in sign_$alg_fn.msg -out verified.txt -certfile $username/cert.pem -CAfile $::test::ca/cacert.pem"] 37 | } 0 "CMS Verification successful 38 | " 39 | 40 | test -skip {![file exists bad_$alg_fn.msg]} -createsfiles verified.txt "Verifying corrupted messages signed with $alg via smime" { 41 | grep Verification [openssl "cms -verify -text -in bad_$alg_fn.msg -out verified.txt -noverify -certfile $username/cert.pem"] 42 | } 1 "Verification failure" 43 | 44 | test -skip {![file exists sign_c_$alg_fn.msg]} "Verifying a message signed with $alg having cert inside without ca via cms" { 45 | grep Veri [openssl "cms -verify -text -in sign_c_$alg_fn.msg -out verified.txt -noverify"] 46 | } 0 "CMS Verification successful 47 | " 48 | 49 | test -skip {![file exists sign_c_$alg_fn.msg]} "Verifying a message signed with $alg having cert with ca via cms" { 50 | grep Veri [openssl "cms -verify -text -in sign_c_$alg_fn.msg -out verified.txt -CAfile $::test::ca/cacert.pem"] 51 | } 0 "CMS Verification successful 52 | " 53 | 54 | test -createsfiles verified.txt -skip {![file exists sign_op_$alg_fn.msg]} "Verifying a message signed by $alg having cert inside without ca via cms" { 55 | grep Veri [openssl "cms -verify -text -in sign_op_$alg_fn.msg -out verified.txt -noverify"] 56 | } 0 "CMS Verification successful 57 | " 58 | 59 | test -createsfiles verified.txt -skip {![file exists sign_op_$alg_fn.msg]} "Verifying a $alg opaque message with ca via cms" { 60 | grep Veri [openssl "cms -verify -text -in sign_op_$alg_fn.msg -out verified.txt -CAfile $::test::ca/cacert.pem"] 61 | } 0 "CMS Verification successful 62 | " 63 | 64 | test -skip {![file exists broken_op_$alg_fn.msg]} "Verifying broken $alg opaque message" { 65 | grep Verification [openssl "cms -verify -text -in broken_op_$alg_fn.msg -out verified.txt -CAfile $::test::ca/cacert.pem"] 66 | } 1 "Verification failure" 67 | 68 | test -skip {![file exists sign_det_$alg_fn.pem]} "Verifying detached $alg signature via cms" { 69 | grep Veri [openssl "cms -verify -binary -content sign.dat -inform PEM -in sign_det_$alg_fn.pem -out verified.txt -noverify"] 70 | } 0 "CMS Verification successful 71 | " 72 | 73 | test -skip {![file exists sign_det_$alg_fn.msg]} -createsfiles {bad.dat} "Verifying corrupted $alg detached signature" { 74 | makeFile bad.dat [regsub Test [getFile sign.dat] Best] 75 | grep Verification [openssl "cms -verify -content bad.dat -in sign_det_$alg_fn.msg -out verified.txt -CAfile $::test::ca/cacert.pem"] 76 | } 1 "Verification failure" 77 | 78 | } 79 | end_tests 80 | -------------------------------------------------------------------------------- /tcl_tests/smimeenc_io.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | set testname [file rootname [file tail $::argv0]] 6 | 7 | start_tests "Тесты на совместимость smime и cms -encrypt" 8 | proc make_fn {alg} { 9 | return [string map {":" "_"} $alg] 10 | } 11 | 12 | proc map {str list} { 13 | set result {} 14 | foreach a $list { 15 | lappend result [subst $str] 16 | } 17 | return $result 18 | } 19 | 20 | if {![info exist env(NO_RSA)]} { 21 | 22 | test -createsfiles io_decrypt.rsa "RSA User 2 (with cert) can decrypt message for RSA user 2" { 23 | set expected [getFile encrypt.dat] 24 | openssl "cms -decrypt -in enc_rsa.msg -recip U_enc_rsa_2/cert.pem -inkey U_enc_rsa_2/seckey.pem -out io_decrypt.rsa" 25 | set result [getFile io_decrypt.rsa] 26 | string eq $expected $result 27 | } 0 1 28 | 29 | test -createsfiles io_decrypt_nocert.rsa "RSA User 2 (without cert) can decrypt message for RSA user 2" { 30 | set expected [getFile encrypt.dat] 31 | openssl "cms -decrypt -in enc_rsa.msg -inkey U_enc_rsa_2/seckey.pem -out io_decrypt_nocert.rsa" 32 | set result [getFile io_decrypt_nocert.rsa] 33 | string eq $expected $result 34 | } 0 1 35 | } 36 | 37 | if {[info exist env(ENC_LIST)]} { 38 | set enc_list $env(ENC_LIST) 39 | } else { 40 | switch -exact [engine_name] { 41 | "ccore" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2001:XA: gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_256:XA: gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1 gost2012_512:A:}} 42 | "open" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1}} 43 | } 44 | } 45 | 46 | foreach enc_tuple $enc_list { 47 | if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} { 48 | set alg $enc_tuple 49 | set crypt_param {} 50 | } 51 | set alg_fn [make_fn $enc_tuple] 52 | set username U_enc_$alg_fn 53 | switch -glob $alg { 54 | gost2012* {set ::test::ca ${testname}CA-2012} 55 | * {set ::test::ca ${testname}CA} 56 | } 57 | 58 | test -createsfiles io_decrypt.$alg_fn "Decrypting file encrypted for $username" { 59 | set expected [getFile encrypt.dat] 60 | openssl "cms -decrypt -in enc_$alg_fn.msg -recip U_enc_$alg_fn/cert.pem -inkey U_enc_$alg_fn/seckey.pem -out io_decrypt.$alg_fn" 61 | set result [getFile io_decrypt.$alg_fn] 62 | string eq $expected $result 63 | } 0 1 64 | 65 | test -createsfiles io_decrypt_t.$alg_fn "Decrypting file text-encrypted for $username" { 66 | set expected [getFile encrypt.dat] 67 | openssl "cms -decrypt -text -in enc_t_$alg_fn.msg -recip U_enc_$alg_fn/cert.pem -inkey U_enc_$alg_fn/seckey.pem -out io_decrypt_t.$alg_fn" 68 | set result [getFile io_decrypt_t.$alg_fn] 69 | string eq $expected $result 70 | } 0 1 71 | 72 | test -createsfiles io_decrypt_t_nocert.$alg_fn "Decrypting file text-encrypted for $username without cert" { 73 | set expected [getFile encrypt.dat] 74 | openssl "cms -decrypt -text -in enc_t_$alg_fn.msg -inkey U_enc_$alg_fn/seckey.pem -out io_decrypt_t_nocert.$alg_fn" 75 | set result [getFile io_decrypt_t_nocert.$alg_fn] 76 | string eq $expected $result 77 | } 0 1 78 | } 79 | 80 | foreach enc_tuple $enc_list { 81 | if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} { 82 | set alg $enc_tuple 83 | set crypt_param {} 84 | } 85 | set alg_fn [make_fn $enc_tuple] 86 | set username U_enc_$alg_fn 87 | 88 | test -skip {![file exists enc_4all.msg]} -createsfiles io_decrypt_4all.$alg_fn "Decrypting gost-encrypted file, recipient $alg_fn" { 89 | set expected [getFile encrypt.dat] 90 | openssl "cms -decrypt -in enc_4all.msg -recip $username/cert.pem -inkey $username/seckey.pem -out io_decrypt_4all.$alg_fn" 91 | set result [getFile io_decrypt_4all.$alg_fn] 92 | string eq $expected $result 93 | } 0 1 94 | 95 | test -skip {![file exists enc_4all.msg]} -createsfiles io_decrypt_4all_nocert.$alg_fn "Decrypting gost-encrypted file without cert, recipient $alg_fn" { 96 | set expected [getFile encrypt.dat] 97 | openssl "cms -decrypt -in enc_4all.msg -inkey $username/seckey.pem -out io_decrypt_4all_nocert.$alg_fn" 98 | set result [getFile io_decrypt_4all_nocert.$alg_fn] 99 | string eq $expected $result 100 | } 0 1 101 | } 102 | 103 | end_tests 104 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/encrypted_keyagree_a211.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIIB/gYJKoZIhvcNAQcDoIIB7zCCAesCAQIxggFioYIBXgIBA6CBo6GBoDAXBggq 3 | hQMHAQEBAjALBgkqhQMHAQIBAgEDgYQABIGAe+itJVNbHM35RHfzuwFJPYdPXqtW 4 | 8hNEF7Z/XFEE2T71SRkhFX7ozYKQNh/TkVY9D4vG0LnD9Znr/pJyOjpsNb+dPcKX 5 | Kbk/0JQxoPGHxFzASVAFq0ov/yBe2XGFWMeKUqtaAr7SvoYS0oEhT5EuT8BXmecd 6 | nRe7NqOzESpb15ahIgQgsqHxOcdOp03l11S7k3OH1k1HNa5F8m9ctrOzH2846FMw 7 | FwYJKoUDBwEBBwIBMAoGCCqFAwcBAQYCMHYwdDBAMDgxDTALBgNVBAoTBFRLMjYx 8 | JzAlBgNVBAMTHkNBIFRLMjY6IEdPU1QgMzQuMTAtMTIgMjU2LWJpdAIEAYy6hQQw 9 | SxLc18zMwzLwXbcKqYhV/VzsdBgVArOHsSBIbaThJWE7zI37VGPMQJM5VXJ7GVcL 10 | MF0GCSqGSIb3DQEHATAfBgkqhQMHAQEFAgIwEgQQ6EeVlADDCz2cdEWKy+tM94Av 11 | yIFl/Ie4VeFFuczTsMsIaOUEe3Jn9GeVp8hZSj3O2q4hslQ/u/+Gj4QkSHm/M0ih 12 | ITAfBgkqhQMHAQAGAQExEgQQs1t6D3J3WCEvxunnEE15NQ== 13 | -----END CMS----- 14 | 15 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/encrypted_keyagree_a221.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIIBawYJKoZIhvcNAQcDoIIBXDCCAVgCAQIxgfehgfQCAQOgQjBAMDgxDTALBgNV 3 | BAoTBFRLMjYxJzAlBgNVBAMTHkNBIFRLMjY6IEdPU1QgMzQuMTAtMTIgMjU2LWJp 4 | dAIEAYy6gqEiBCBvcfyuSF57y8vVyaw8Z0ch3wjC4lPKTrpVRXty4Rhk5DAXBgkq 5 | hQMHAQEHAQEwCgYIKoUDBwEBBgEwbjBsMEAwODENMAsGA1UEChMEVEsyNjEnMCUG 6 | A1UEAxMeQ0EgVEsyNjogR09TVCAzNC4xMC0xMiAyNTYtYml0AgQBjLqDBChPbi6B 7 | krXuLPexPAL2oUGCFWDGQHqINL5ExuMBG7/5XQRqriKARVa0MFkGCSqGSIb3DQEH 8 | ATAbBgkqhQMHAQEFAQEwDgQMdNdCKnYAAAAwqTEDgC9O2bYyTGQJ8WUQGq0zHwzX 9 | L0jFhWHTF1tcAxYmd9pX5i89UwIxhtYqyjX1QHju2g== 10 | -----END CMS----- 11 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/encrypted_keytrans_a231.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIIBlQYJKoZIhvcNAQcDoIIBhjCCAYICAQAxggEcMIIBGAIBADBAMDgxDTALBgNV 3 | BAoTBFRLMjYxJzAlBgNVBAMTHkNBIFRLMjY6IEdPU1QgMzQuMTAtMTIgMjU2LWJp 4 | dAIEAYy6gzAXBgkqhQMHAQEHAgEwCgYIKoUDBwEBBgEEgbcwgbQEMFiMredFR3Mv 5 | 3g2wqyVXRnrhYEBMNFaqqgBpHwPQh3bF98tt9HZPxRDCww0OPfxeuTBeMBcGCCqF 6 | AwcBAQEBMAsGCSqFAwcBAgEBAQNDAARAdFJ9ww+3ptvQiaQpizCldNYhl4DB1rl8 7 | Fx/2FIgnwssCbYRQ+UuRsTk9dfLLTGJG3JIEXKFxXWBgOrK965A5pAQg9f2/EHxG 8 | DfetwCe1a6uUDCWD+wp5dYOpfkry8YRDEJgwXQYJKoZIhvcNAQcBMB8GCSqFAwcB 9 | AQUCATASBBDUHNxmVclO/v3OaY9P7jxOgC+sD9CHGlEMRUpfGn6yfFDMExmYeby8 10 | LzdPJe1MkYV0qQgdC1zI3nQ7/4taf+4zRA== 11 | -----END CMS----- 12 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/encrypted_keytrans_a241.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIIB7wYJKoZIhvcNAQcDoIIB4DCCAdwCAQAxggFfMIIBWwIBADBAMDgxDTALBgNV 3 | BAoTBFRLMjYxJzAlBgNVBAMTHkNBIFRLMjY6IEdPU1QgMzQuMTAtMTIgMjU2LWJp 4 | dAIEAYy6hTAXBgkqhQMHAQEHAgEwCgYIKoUDBwEBBgIEgfowgfcEMPvAcitO3fYI 5 | 4spTrluMWJkMP0hYJKeHPXCd12Qusu5ajFvfG8qCLGFKFIJTeFoiUjCBoDAXBggq 6 | hQMHAQEBAjALBgkqhQMHAQIBAgEDgYQABIGAqPNz+Pd8mddju80lzoXb6ZFVfz8G 7 | 2ftc+4/az2BXxN9p7O8MgtIvklnXi1ugYYDxgJfGLTB2khPeIQkBOcozznG/eaN2 8 | TnwUX3uy/EEsu3Oh1L0sPHBchMU86pa/Jc6CCXj9t/wuOuvWJexfdP/uZiygfqwS 9 | ZdgdJg8RWVLPGg4EIHiz9dVnb+GJiuxJzLDdQIi56+gNy3XkRNwMfRcpwZ+UMFkG 10 | CSqGSIb3DQEHATAbBgkqhQMHAQEFAQIwDgQMgzPtk7gv3Pk+NYEugC+PxP/HyOQt 11 | b8Ry/fcFIQzcjNHzH8JkfM9wEFBfpl/R1SyO5Qg55VcfAc4ETj0246EZMBcGCSqF 12 | AwcBAAYBATEKBAhVf+jhWVm0Jw== 13 | -----END CMS----- 14 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/encrypted_kuznyechik_a421.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MHEGCSqGSIb3DQEHBqBkMGICAQAwXQYJKoZIhvcNAQcBMB8GCSqFAwcBAQUCATAS 3 | BBBSwX+zyOEPPuGyfpsRG4AigC/P8ftTdQMStfIThVkE/vpJlwaHgGv83m2bsPay 4 | eyuqpoTeEMOaqGcO0MxHWsC9hQ== 5 | -----END CMS----- 6 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/encrypted_magma_a411.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIGIBgkqhkiG9w0BBwagezB5AgEAMFkGCSqGSIb3DQEHATAbBgkqhQMHAQEFAQIw 3 | DgQMuncOu3uYPbI30vFCgC9Nsws4R09yLp6jUtadncWUPZGmCGpPKnXGgNHvEmUA 4 | rgKJvu4FPHtLkHuLeQXZg6EZMBcGCSqFAwcBAAYBATEKBAjCbQoH632oGA== 5 | -----END CMS----- 6 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/encryption_key.hex: -------------------------------------------------------------------------------- 1 | 8F5EEF8814D228FB2BBC5612323730CFA33DB7263CC2C0A01A6C6953F33D61D5 2 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/hashed_a311.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MH0GCSqGSIb3DQEHBaBwMG4CAQAwCgYIKoUDBwEBAgIwOwYJKoZIhvcNAQcBoC4E 3 | LMru7fLw7uv87fvpIO/w6Ozl8CDk6/8g8fLw8+ry8/D7IERpZ2VzdERhdGEuBCD/ 4 | esPQYsGkzxZV8uUMIAWt6SI8KtxBP8NyG8AGbJ8i/Q== 5 | -----END CMS----- 6 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/hashed_a321.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIGfBgkqhkiG9w0BBwWggZEwgY4CAQAwCgYIKoUDBwEBAgMwOwYJKoZIhvcNAQcB 3 | oC4ELMru7fLw7uv87fvpIO/w6Ozl8CDk6/8g8fLw8+ry8/D7IERpZ2VzdERhdGEu 4 | BEDe4VUvcKSRvU7RFVhFjajXY+nJSUkUsoi3oOeJBnru4PErt8RusPrCJs614ciH 5 | CM+ehrC4a+M1Nbq77F/Wsa/v 6 | -----END CMS----- 7 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/plain/text_decrypted.plain: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gost-engine/engine/806d9ee6f1075f715b6ce6e32fc2b3e88763448b/tcl_tests/tc26_cms/plain/text_decrypted.plain -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/recipient256_cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB8jCCAZ+gAwIBAgIEAYy6gzAKBggqhQMHAQEDAjA4MQ0wCwYDVQQKEwRUSzI2 3 | MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQwHhcNMDEw 4 | MTAxMDAwMDAwWhcNNDkxMjMxMDAwMDAwWjA6MQ0wCwYDVQQKEwRUSzI2MSkwJwYD 5 | VQQDEyBSRUNJUElFTlQ6IEdPU1QgMzQuMTAtMTIgMjU2LWJpdDBoMCEGCCqFAwcB 6 | AQEBMBUGCSqFAwcBAgEBAQYIKoUDBwEBAgIDQwAEQL8nghlzLGMKWHuWhNMPMN5u 7 | L6SkGqRiJ6qZxZb+4dPKbBT9LNVvNKtwUed+BeE5kfqOfolPgFusnL1rnO9yREOj 8 | gYUwgYIwYQYDVR0BBFowWIAUgNkM95n4Zk2TU4mOwJ5xLaenMRKhOjA4MQ0wCwYD 9 | VQQKEwRUSzI2MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1i 10 | aXSCBAGMuoEwHQYDVR0OBBYEFLue+PUb9Oe+pziBU+MvNejjgrzFMAoGCCqFAwcB 11 | AQMCA0EAPP9Oad1/5jwokSjPpccsQ0xCdVYM+mGQ0IbpiZxQj8gnkt8sq4jR6Ya+ 12 | I/BDkbZNDNE27TU1p3t5rE9NMEeViA== 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/recipient256_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MEgCAQAwIQYIKoUDBwEBAQEwFQYJKoUDBwECAQEBBggqhQMHAQECAgQgzre/jOVK 3 | ur0vHHsZfkIQhvXkUYzK8cOrSxG88h/cyA0= 4 | -----END PRIVATE KEY----- 5 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/recipient512_cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICNTCCAeKgAwIBAgIEAYy6hTAKBggqhQMHAQEDAjA4MQ0wCwYDVQQKEwRUSzI2 3 | MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQwHhcNMDEw 4 | MTAxMDAwMDAwWhcNNDkxMjMxMDAwMDAwWjA6MQ0wCwYDVQQKEwRUSzI2MSkwJwYD 5 | VQQDEyBSRUNJUElFTlQ6IEdPU1QgMzQuMTAtMTIgNTEyLWJpdDCBqjAhBggqhQMH 6 | AQEBAjAVBgkqhQMHAQIBAgEGCCqFAwcBAQIDA4GEAASBgKauwGYvUkzz19g0LP/p 7 | zeRdmwy1m+QSy9W5ZrL/AGuJofm2ARjz40ozNbW6bp9hkHu8x66LX7u5zz+QeS2+ 8 | X5om18UXriComgO0+qhZbc+Hzu0eQ8FjOd8LpLk3TzzfBltfLOX5IiPLjeum+pSP 9 | 0QjoXAVcrop//B4yvZIukvROo4GFMIGCMGEGA1UdAQRaMFiAFIDZDPeZ+GZNk1OJ 10 | jsCecS2npzESoTowODENMAsGA1UEChMEVEsyNjEnMCUGA1UEAxMeQ0EgVEsyNjog 11 | R09TVCAzNC4xMC0xMiAyNTYtYml0ggQBjLqBMB0GA1UdDgQWBBSrXT5VKhm/5uff 12 | kwW0XpG19k6AajAKBggqhQMHAQEDAgNBAAJBpsHRrQKZGb22LOzaReEB8rl2MbIR 13 | ja64NaM5h+cAFoHm6t/k+ziLh2A11rTakR+5of4NQ3EjEhuPtomP2tc= 14 | -----END CERTIFICATE----- 15 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/recipient512_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGgCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRA3HXF+fFK 3 | 6VIJkvHOEhfbcu8ZFQ/bzSS/jLOlrVbAV4fx0YjznHwK387PilH91kv4sWIaWblO 4 | W8B/fAofmBUDpQ== 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/root256_cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB8DCCAZ2gAwIBAgIEAYy6gTAKBggqhQMHAQEDAjA4MQ0wCwYDVQQKEwRUSzI2 3 | MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQwHhcNMDEw 4 | MTAxMDAwMDAwWhcNNDkxMjMxMDAwMDAwWjA4MQ0wCwYDVQQKEwRUSzI2MScwJQYD 5 | VQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQwaDAhBggqhQMHAQEB 6 | ATAVBgkqhQMHAQIBAQEGCCqFAwcBAQICA0MABEAaSoKcjw54UACci6svELNF0IYM 7 | RIW8urUsqamIpoG46XCqrVOuI6Q13N4dwcRsbZdqByf+GC2f5ZfO3baN5bTKo4GF 8 | MIGCMGEGA1UdAQRaMFiAFIDZDPeZ+GZNk1OJjsCecS2npzESoTowODENMAsGA1UE 9 | ChMEVEsyNjEnMCUGA1UEAxMeQ0EgVEsyNjogR09TVCAzNC4xMC0xMiAyNTYtYml0 10 | ggQBjLqBMB0GA1UdDgQWBBSA2Qz3mfhmTZNTiY7AnnEtp6cxEjAKBggqhQMHAQED 11 | AgNBAAgv248F4OeNCkhlzJWec0evHYnMBlSzk1lDm0F875B7CqMrKh2MtJHXenbj 12 | Gc2uRn2IwgmSf/LZDrYsKKqZSxk= 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/root256_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MEgCAQAwIQYIKoUDBwEBAQEwFQYJKoUDBwECAQEBBggqhQMHAQECAgQgzre/jOVK 3 | ur0vHHsZfkIQhvXkUYzK8cOrSxG88h/cyA0= 4 | -----END PRIVATE KEY----- 5 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/sender256_cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB8zCCAaCgAwIBAgIEAYy6gjAKBggqhQMHAQEDAjA4MQ0wCwYDVQQKEwRUSzI2 3 | MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQwHhcNMDEw 4 | MTAxMDAwMDAwWhcNNDkxMjMxMDAwMDAwWjA7MQ0wCwYDVQQKEwRUSzI2MSowKAYD 5 | VQQDEyFPUklHSU5BVE9SOiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQwaDAhBggqhQMH 6 | AQEBATAVBgkqhQMHAQIBAQEGCCqFAwcBAQICA0MABECWKQ0TYllqg4GmY3tBJiyz 7 | pXUN+aOV9WbmTUinqrmEHP7KCNzoAzFg+04SSQpNNSHpQnm+jLAZhuJaJfqZ6VbT 8 | o4GFMIGCMGEGA1UdAQRaMFiAFIDZDPeZ+GZNk1OJjsCecS2npzESoTowODENMAsG 9 | A1UEChMEVEsyNjEnMCUGA1UEAxMeQ0EgVEsyNjogR09TVCAzNC4xMC0xMiAyNTYt 10 | Yml0ggQBjLqBMB0GA1UdDgQWBBTRnChHSWbQYwnJC62n2zu5Njd03zAKBggqhQMH 11 | AQEDAgNBAB41oijaXSEn58l78y2rhxY35/lKEq4XWZ70FtsNlVxWATyzgO5Wliwn 12 | t1O4GoZsxx8r6T/i7VG65UNmQlwdOKQ= 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/sender256_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MEgCAQAwIQYIKoUDBwEBAQEwFQYJKoUDBwECAQEBBggqhQMHAQECAgQg6HfztrYQ 3 | Y/WOBUo0ORFCMsUWevdvbLfDx3iZRA6BIAs= 4 | -----END PRIVATE KEY----- 5 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/sender512_cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICNjCCAeOgAwIBAgIEAYy6hDAKBggqhQMHAQEDAjA4MQ0wCwYDVQQKEwRUSzI2 3 | MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQwHhcNMDEw 4 | MTAxMDAwMDAwWhcNNDkxMjMxMDAwMDAwWjA7MQ0wCwYDVQQKEwRUSzI2MSowKAYD 5 | VQQDEyFPUklHSU5BVE9SOiBHT1NUIDM0LjEwLTEyIDUxMi1iaXQwgaowIQYIKoUD 6 | BwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwOBhAAEgYC0i7davCkOGGVcYqFP 7 | tS1fUIROzB0fYARIe0tclTRpare/qzRuVRapqzzO+K21LDpYVfDPs2Sqa13ZN+Ts 8 | /JUlv59qCFB2cYpFyB/0kh4+K79yvz7r8+4WE0EmZf8T3ae/J1Jo6xGunecH1/G4 9 | hMts9HYLnxbwJDMNVGuIHV6gzqOBhTCBgjBhBgNVHQEEWjBYgBSA2Qz3mfhmTZNT 10 | iY7AnnEtp6cxEqE6MDgxDTALBgNVBAoTBFRLMjYxJzAlBgNVBAMTHkNBIFRLMjY6 11 | IEdPU1QgMzQuMTAtMTIgMjU2LWJpdIIEAYy6gTAdBgNVHQ4EFgQUK+l9HAscONGx 12 | zCcRpxRAmFHvlXowCgYIKoUDBwEBAwIDQQAbjA0Q41/rIKOOvjHKsAsoEJM+WJf6 13 | /PKXg2JaStthmw99bdtwwkU/qDbcje2tF6mt+XWyQBXwvfeES1GFY9fJ 14 | -----END CERTIFICATE----- 15 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/sender512_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MGgCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRAEWkl+ebl 3 | sHWs86SNgRKqSxMOgGhbvR/uZ5/WWfdNG1axvUwVhpcXIxDZUmzQuNzqJBkseI7f 4 | 5/JjXyTFRF1a+Q== 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/signed_a111.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIIENwYJKoZIhvcNAQcCoIIEKDCCBCQCAQExDDAKBggqhQMHAQECAzA7BgkqhkiG 3 | 9w0BBwGgLgQsyu7t8vDu6/zt++kg7/Do7OXwIOTr/yDx8vDz6vLz8PsgU2lnbmVk 4 | RGF0YS6gggI6MIICNjCCAeOgAwIBAgIEAYy6hDAKBggqhQMHAQEDAjA4MQ0wCwYD 5 | VQQKEwRUSzI2MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1i 6 | aXQwHhcNMDEwMTAxMDAwMDAwWhcNNDkxMjMxMDAwMDAwWjA7MQ0wCwYDVQQKEwRU 7 | SzI2MSowKAYDVQQDEyFPUklHSU5BVE9SOiBHT1NUIDM0LjEwLTEyIDUxMi1iaXQw 8 | gaowIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwOBhAAEgYC0i7da 9 | vCkOGGVcYqFPtS1fUIROzB0fYARIe0tclTRpare/qzRuVRapqzzO+K21LDpYVfDP 10 | s2Sqa13ZN+Ts/JUlv59qCFB2cYpFyB/0kh4+K79yvz7r8+4WE0EmZf8T3ae/J1Jo 11 | 6xGunecH1/G4hMts9HYLnxbwJDMNVGuIHV6gzqOBhTCBgjBhBgNVHQEEWjBYgBSA 12 | 2Qz3mfhmTZNTiY7AnnEtp6cxEqE6MDgxDTALBgNVBAoTBFRLMjYxJzAlBgNVBAMT 13 | HkNBIFRLMjY6IEdPU1QgMzQuMTAtMTIgMjU2LWJpdIIEAYy6gTAdBgNVHQ4EFgQU 14 | K+l9HAscONGxzCcRpxRAmFHvlXowCgYIKoUDBwEBAwIDQQAbjA0Q41/rIKOOvjHK 15 | sAsoEJM+WJf6/PKXg2JaStthmw99bdtwwkU/qDbcje2tF6mt+XWyQBXwvfeES1GF 16 | Y9fJMYIBlDCCAZACAQEwQDA4MQ0wCwYDVQQKEwRUSzI2MScwJQYDVQQDEx5DQSBU 17 | SzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQCBAGMuoQwCgYIKoUDBwEBAgOgga0w 18 | GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkwMzIw 19 | MTk1NTIyWjAiBgkqhkiG9w0BCWIxFQQTU2lnbmVkIGF0dHIncyB2YWx1ZTBPBgkq 20 | hkiG9w0BCQQxQgRAUdPHEukF5BIfo9DoQIMdnB0ZLkzq0RueEUZSNv07A7C+GKWi 21 | G62fueArg8uPCHPTUN6d/42p33fgMkEwH7f7cDAKBggqhQMHAQEBAgSBgGUnVka8 22 | FvTlClmOtj/FUUacBdE/nEBeMLOO/535VDYrXlftPE6zQf/4ghS7TQG2VRGQ3GWD 23 | +L3+W09A7d5uyyTEbvgtdllUG0OyqFwKmJEaYsMin87SFVs0cn1PGV1fOKeLluZa 24 | bLx5whxd+mzlpekL5i6ImRX+TpERxrA/xSe5 25 | -----END CMS----- 26 | -------------------------------------------------------------------------------- /tcl_tests/tc26_cms/signed_a121.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CMS----- 2 | MIIDAQYJKoZIhvcNAQcCoIIC8jCCAu4CAQExDDAKBggqhQMHAQECAjA7BgkqhkiG 3 | 9w0BBwGgLgQsyu7t8vDu6/zt++kg7/Do7OXwIOTr/yDx8vDz6vLz8PsgU2lnbmVk 4 | RGF0YS6gggH3MIIB8zCCAaCgAwIBAgIEAYy6gjAKBggqhQMHAQEDAjA4MQ0wCwYD 5 | VQQKEwRUSzI2MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1i 6 | aXQwHhcNMDEwMTAxMDAwMDAwWhcNNDkxMjMxMDAwMDAwWjA7MQ0wCwYDVQQKEwRU 7 | SzI2MSowKAYDVQQDEyFPUklHSU5BVE9SOiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQw 8 | aDAhBggqhQMHAQEBATAVBgkqhQMHAQIBAQEGCCqFAwcBAQICA0MABECWKQ0TYllq 9 | g4GmY3tBJiyzpXUN+aOV9WbmTUinqrmEHP7KCNzoAzFg+04SSQpNNSHpQnm+jLAZ 10 | huJaJfqZ6VbTo4GFMIGCMGEGA1UdAQRaMFiAFIDZDPeZ+GZNk1OJjsCecS2npzES 11 | oTowODENMAsGA1UEChMEVEsyNjEnMCUGA1UEAxMeQ0EgVEsyNjogR09TVCAzNC4x 12 | MC0xMiAyNTYtYml0ggQBjLqBMB0GA1UdDgQWBBTRnChHSWbQYwnJC62n2zu5Njd0 13 | 3zAKBggqhQMHAQEDAgNBAB41oijaXSEn58l78y2rhxY35/lKEq4XWZ70FtsNlVxW 14 | ATyzgO5Wliwnt1O4GoZsxx8r6T/i7VG65UNmQlwdOKQxgaIwgZ8CAQEwQDA4MQ0w 15 | CwYDVQQKEwRUSzI2MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1 16 | Ni1iaXQCBAGMuoIwCgYIKoUDBwEBAgIwCgYIKoUDBwEBAQEEQC6jZPA59szL9FiA 17 | 0wC71EBE42ap6gKxklT800cu2FvbLu972GJYNSI7+UeanVU37OVWyenEXi2E5HkU 18 | 94kBe8Q= 19 | -----END CMS----- 20 | -------------------------------------------------------------------------------- /tcl_tests/tmpl.try: -------------------------------------------------------------------------------- 1 | #!/usr/bin/tclsh 2 | lappend auto_path [file dirname [info script]] 3 | package require ossltest 4 | cd $::test::dir 5 | start_tests "Тесты на команду dgst" 6 | end_tests 7 | -------------------------------------------------------------------------------- /tcl_tests/vn4.ciphers: -------------------------------------------------------------------------------- 1 | gost2001:XA { 2 | GOST2001-GOST89-GOST89 v-vn4-01.vm.cryptocom.ru:443:iis 3 | GOST2012-GOST8912-GOST8912 v-vn4-01.vm.cryptocom.ru:443:iis 4 | # GOST2001-NULL-GOST94 v-vn4-01.vm.cryptocom.ru:443:iis 5 | # GOST2012-NULL-GOST12 v-vn4-01.vm.cryptocom.ru:443:iis 6 | } 7 | gost2012_256:XA { 8 | GOST2012-GOST8912-GOST8912 v-vn4-12S.vm.cryptocom.ru:443:iis 9 | # GOST2012-NULL-GOST12 v-vn4-12S.vm.cryptocom.ru:443:iis 10 | } 11 | gost2012_512:A { 12 | GOST2012-GOST8912-GOST8912 v-vn4-12L.vm.cryptocom.ru:443:iis 13 | # GOST2012-NULL-GOST12 v-vn4-12L.vm.cryptocom.ru:443:iis 14 | } 15 | 16 | -------------------------------------------------------------------------------- /tcl_tests/yarrowc.tcl: -------------------------------------------------------------------------------- 1 | set argport 7670 2 | if {[lindex $argv 0] eq "-port"} { 3 | set argport [lindex $argv 1] 4 | set argv [lrange $argv 2 end] 5 | } 6 | set request [lindex $argv 0] 7 | set len [switch $request ping {expr -1} protocol {expr -2} version {expr -3} check {expr 1} default {expr $request}] 8 | set read_data {} 9 | 10 | proc get_port {} { 11 | if {[regexp {^\d+$} $::argport]} {return $::argport} 12 | set f [open $::argport r] 13 | set r [read -nonewline $f] 14 | close $f 15 | return $r 16 | } 17 | 18 | proc get_data {socket} { 19 | set read_data [read $socket] 20 | if {$read_data eq ""} { 21 | close $socket 22 | handle_data 23 | } else { 24 | append ::read_data $read_data 25 | } 26 | } 27 | 28 | proc handle_data {} { 29 | global len read_data 30 | if {$len > 0} { 31 | if {$::request eq "check" && $read_data ne ""} {exit 0} 32 | if {$read_data eq ""} { 33 | puts stderr "not ready" 34 | exit 1 35 | } 36 | binary scan $read_data H* data 37 | set data [regsub -all ".{48}" [regsub -all ".." $data "& "] "&\n"] 38 | if {[string index $data end] eq "\n"} {set data [string replace $data end end]} 39 | puts $data 40 | } else { 41 | if {$len == -1 || $len == -3} { 42 | if {[string length $read_data] < 4} {error "Not enough data"} 43 | binary scan $read_data I rlen 44 | set read_data [string range $read_data 4 end] 45 | puts [encoding convertfrom utf-8 $read_data] 46 | if {[string length $read_data] != $rlen} { 47 | puts stderr "Real string length [string length $read_data] != claimed $rlen!" 48 | exit 2 49 | } 50 | } elseif {$len == -2} { 51 | if {[string length $read_data] < 4} {error "Not enough data"} 52 | if {[string length $read_data] > 4} {error "Excess data"} 53 | binary scan $read_data I r 54 | puts $r 55 | } 56 | } 57 | exit 0 58 | } 59 | 60 | set port [get_port] 61 | 62 | if {[info exists errmsg] && $errmsg ne ""} {error $errmsg} 63 | if {$port eq ""} {error "Cannot find port number"} 64 | 65 | set s [socket localhost $port] 66 | fconfigure $s -encoding binary -buffering none -blocking 0 67 | fileevent $s readable [list get_data $s] 68 | puts -nonewline $s [binary format I $len] 69 | after 4000 {puts stderr "Timeout. Read for now: '$read_data'"; exit 2} 70 | vwait forever 71 | -------------------------------------------------------------------------------- /test/00-engine.t: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | use Test2::V0; 3 | skip_all('This test is only suitable for the engine') 4 | unless $ARGV[0] eq 'engine'; 5 | plan(7); 6 | use Cwd 'abs_path'; 7 | 8 | # prepare data for 9 | 10 | open (my $F,">","$ARGV[0]-testdata.dat"); 11 | print $F "12345670" x 128; 12 | close $F; 13 | 14 | my $key='0123456789abcdef' x 2; 15 | 16 | # 17 | # You can redefine engine to use using ENGINE_NAME environment variable 18 | # 19 | my $engine=$ENV{'ENGINE_NAME'}||"gost"; 20 | 21 | # Reopen STDERR to eliminate extra output 22 | open STDERR, ">>","tests.err"; 23 | 24 | if (exists $ENV{'OPENSSL_CONF'}) { 25 | delete $ENV{'OPENSSL_CONF'} 26 | } 27 | # 28 | # This test needs output of openssl engine -c command. 29 | # Default one is hardcoded below, but you can place file 30 | # ${ENGINE_NAME}.info into this directory if you use this test suite 31 | # to test other engine implementing GOST cryptography. 32 | # 33 | my $engine_info; 34 | 35 | if ( -f $engine . ".info") { 36 | diag("Reading $engine.info"); 37 | open F, "<", $engine . ".info"; 38 | read F,$engine_info,1024; 39 | } else { 40 | 41 | $engine_info= <","test.cnf"; 58 | print $F <","$provider.cnf"; 40 | print $F <{app_prove}; 15 | 16 | # turn on verbosity 17 | my $verbose = $ENV{CTEST_INTERACTIVE_DEBUG_MODE} || $app->verbose(); 18 | $app->verbose( $verbose ); 19 | 20 | my $openssl_libdir = dirname($ENV{OPENSSL_CRYPTO_LIBRARY}) 21 | if $ENV{OPENSSL_CRYPTO_LIBRARY}; 22 | my $openssl_bindir = dirname($ENV{OPENSSL_PROGRAM}) 23 | if $ENV{OPENSSL_PROGRAM}; 24 | my $openssl_rootdir = $ENV{OPENSSL_ROOT_DIR}; 25 | my $openssl_rootdir_is_buildtree = 26 | $openssl_rootdir && -d catdir($openssl_rootdir, 'configdata.pm'); 27 | 28 | unless ($openssl_libdir) { 29 | $openssl_libdir = $openssl_rootdir_is_buildtree 30 | ? $openssl_rootdir 31 | : catdir($openssl_rootdir, 'lib'); 32 | } 33 | unless ($openssl_bindir) { 34 | $openssl_bindir = $openssl_rootdir_is_buildtree 35 | ? catdir($openssl_rootdir, 'apps') 36 | : catdir($openssl_rootdir, 'bin'); 37 | } 38 | 39 | if ($openssl_libdir) { 40 | # Variants of library paths 41 | $ENV{$_} = join(':', $openssl_libdir, $ENV{$_} // ()) 42 | foreach ( 43 | 'LD_LIBRARY_PATH', # Linux, ELF HP-UX 44 | 'DYLD_LIBRARY_PATH', # MacOS X 45 | 'LIBPATH', # AIX, OS/2 46 | ); 47 | if ($verbose) { 48 | print STDERR "Added $openssl_libdir to:\n"; 49 | print STDERR " LD_LIBRARY_PATH, DYLD_LIBRARY_PATH, LIBPATH\n"; 50 | } 51 | } 52 | 53 | if ($openssl_bindir) { 54 | # Binary path, works the same everywhere 55 | $ENV{PATH} = join(':', $openssl_bindir, $ENV{PATH}); 56 | if ($verbose) { 57 | print STDERR "Added $openssl_bindir to:\n"; 58 | print STDERR " PATH\n"; 59 | } 60 | } 61 | if ($verbose) { 62 | print STDERR "$_=", $ENV{$_} // '', "\n" 63 | foreach qw(LD_LIBRARY_PATH DYLD_LIBRARY_PATH LIBPATH PATH); 64 | } 65 | } 66 | 67 | 1; 68 | -------------------------------------------------------------------------------- /test/engine.cnf: -------------------------------------------------------------------------------- 1 | openssl_conf = openssl_def 2 | [openssl_def] 3 | engines = engines 4 | [engines] 5 | gost = gost_conf 6 | [gost_conf] 7 | default_algorithms = ALL 8 | -------------------------------------------------------------------------------- /test/provider.cnf: -------------------------------------------------------------------------------- 1 | openssl_conf = openssl_def 2 | [openssl_def] 3 | providers = providers 4 | [providers] 5 | gostprov = provider_conf 6 | default = provider_conf 7 | [provider_conf] 8 | activate = 1 9 | -------------------------------------------------------------------------------- /test_gost89.c: -------------------------------------------------------------------------------- 1 | /********************************************************************** 2 | * gost89.c * 3 | * Copyright (c) 2005-2006 Cryptocom LTD * 4 | * This file is distributed under the same license as OpenSSL * 5 | * * 6 | * Implementation of GOST 28147-89 encryption algorithm * 7 | * No OpenSSL libraries required to compile and use * 8 | * this code * 9 | **********************************************************************/ 10 | #ifdef _MSC_VER 11 | # pragma warning(push, 3) 12 | # include 13 | # pragma warning(pop) 14 | #endif 15 | #include 16 | #include "gost89.h" 17 | #include 18 | #include 19 | 20 | static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) 21 | { 22 | int n = 0; 23 | 24 | fprintf(f, "%s", title); 25 | for (; n < l; ++n) { 26 | if ((n % 16) == 0) 27 | fprintf(f, "\n%04x", n); 28 | fprintf(f, " %02x", s[n]); 29 | } 30 | fprintf(f, "\n"); 31 | } 32 | 33 | int main(void) 34 | { 35 | int ret = 0; 36 | 37 | const unsigned char initial_key[] = { 38 | 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 39 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 40 | 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 41 | 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF 42 | }; 43 | 44 | const unsigned char meshed_key[] = { 45 | 0x86, 0x3E, 0xA0, 0x17, 0x84, 0x2C, 0x3D, 0x37, 46 | 0x2B, 0x18, 0xA8, 0x5A, 0x28, 0xE2, 0x31, 0x7D, 47 | 0x74, 0xBE, 0xFC, 0x10, 0x77, 0x20, 0xDE, 0x0C, 48 | 0x9E, 0x8A, 0xB9, 0x74, 0xAB, 0xD0, 0x0C, 0xA0, 49 | }; 50 | 51 | unsigned char buf[32]; 52 | 53 | gost_ctx ctx; 54 | kboxinit(&ctx, &Gost28147_TC26ParamSetZ); 55 | magma_key(&ctx, initial_key); 56 | magma_get_key(&ctx, buf); 57 | 58 | hexdump(stdout, "Initial key", buf, 32); 59 | 60 | acpkm_magma_key_meshing(&ctx); 61 | magma_get_key(&ctx, buf); 62 | hexdump(stdout, "Meshed key - K2", buf, 32); 63 | 64 | if (memcmp(meshed_key, buf, 32)) { 65 | fprintf(stderr, "Magma meshing failed"); 66 | ret = 1; 67 | } 68 | 69 | acpkm_magma_key_meshing(&ctx); 70 | magma_get_key(&ctx, buf); 71 | hexdump(stdout, "Meshed key - K3", buf, 32); 72 | 73 | acpkm_magma_key_meshing(&ctx); 74 | magma_get_key(&ctx, buf); 75 | hexdump(stdout, "Meshed key - K4", buf, 32); 76 | 77 | return ret; 78 | } 79 | --------------------------------------------------------------------------------