Updates for GOST 2012 support

GOST uses IEEE style formatting for signatures rather than DER struct. Confirmed using 2012 test certs from CryptoPro GH #1860 #1897
author: Jack Lloyd <[email protected]> 2019-08-01 09:20:26 -0400
committer: Jack Lloyd <[email protected]> 2019-08-01 09:26:00 -0400
commit: cb90f825466b08cf8a64c042e72b40d9191f2033 (patch)
tree: 14d677e41a51891eafd750c04162a2fdd40a88ac /src/lib
parent: fdf9970f921bf6b3e99c2a99ebc251b6e5dd760e (diff)
9 files changed, 47 insertions, 14 deletions
diff --git a/src/lib/asn1/oid_maps.cpp b/src/lib/asn1/oid_maps.cpp
index ed1e3df38..0072f989b 100644
--- a/src/lib/asn1/oid_maps.cpp
+++ b/src/lib/asn1/oid_maps.cpp
@@ -1,7 +1,7 @@
 /*
 * OID maps
 *
-* This file was automatically generated by ./src/scripts/oids.py on 2019-06-23
+* This file was automatically generated by ./src/scripts/oids.py on 2019-08-01
 *
 * All manual edits to this file will be lost. Edit the script
 * then regenerate this source file.
@@ -39,12 +39,23 @@ std::unordered_map<std::string, std::string> OIDS::load_oid2str_map()
       { "1.2.410.200004.1.100.4.4", "ECKCDSA/EMSA1(SHA-224)" },
       { "1.2.410.200004.1.100.4.5", "ECKCDSA/EMSA1(SHA-256)" },
       { "1.2.410.200004.1.4", "SEED/CBC" },
+      { "1.2.643.100.1", "GOST.OGRN" },
+      { "1.2.643.100.111", "GOST.SubjectSigningTool" },
+      { "1.2.643.100.112", "GOST.IssuerSigningTool" },
       { "1.2.643.2.2.19", "GOST-34.10" },
       { "1.2.643.2.2.3", "GOST-34.10/EMSA1(GOST-R-34.11-94)" },
       { "1.2.643.2.2.35.1", "gost_256A" },
       { "1.2.643.2.2.36.0", "gost_256A" },
+      { "1.2.643.3.131.1.1", "GOST.INN" },
+      { "1.2.643.7.1.1.1.1", "GOST-34.10-2012-256" },
+      { "1.2.643.7.1.1.1.2", "GOST-34.10-2012-512" },
       { "1.2.643.7.1.1.2.2", "Streebog-256" },
       { "1.2.643.7.1.1.2.3", "Streebog-512" },
+      { "1.2.643.7.1.1.3.2", "GOST-34.10/EMSA1(Streebog-256)" },
+      { "1.2.643.7.1.2.1.1.1", "gost_256A" },
+      { "1.2.643.7.1.2.1.1.2", "gost_256B" },
+      { "1.2.643.7.1.2.1.2.1", "gost_512A" },
+      { "1.2.643.7.1.2.1.2.2", "gost_512B" },
       { "1.2.840.10040.4.1", "DSA" },
       { "1.2.840.10040.4.3", "DSA/EMSA1(SHA-160)" },
       { "1.2.840.10045.2.1", "ECDSA" },
@@ -213,6 +224,7 @@ std::unordered_map<std::string, std::string> OIDS::load_oid2str_map()
       { "2.16.840.1.113730.1.13", "Certificate Comment" },
       { "2.5.29.14", "X509v3.SubjectKeyIdentifier" },
       { "2.5.29.15", "X509v3.KeyUsage" },
+      { "2.5.29.16", "X509v3.PrivateKeyUsagePeriod" },
       { "2.5.29.17", "X509v3.SubjectAlternativeName" },
       { "2.5.29.18", "X509v3.IssuerAlternativeName" },
       { "2.5.29.19", "X509v3.BasicConstraints" },
@@ -242,6 +254,7 @@ std::unordered_map<std::string, std::string> OIDS::load_oid2str_map()
       { "2.5.4.65", "X520.Pseudonym" },
       { "2.5.4.7", "X520.Locality" },
       { "2.5.4.8", "X520.State" },
+      { "2.5.4.9", "X520.StreetAddress" },
       { "2.5.8.1.1", "RSA" }
       };
    }
@@ -318,8 +331,15 @@ std::unordered_map<std::string, OID> OIDS::load_str2oid_map()
       { "Ed25519", OID({1,3,101,112}) },
       { "ElGamal", OID({1,3,6,1,4,1,3029,1,2,1}) },
       { "GOST-34.10", OID({1,2,643,2,2,19}) },
+      { "GOST-34.10-2012-256", OID({1,2,643,7,1,1,1,1}) },
+      { "GOST-34.10-2012-512", OID({1,2,643,7,1,1,1,2}) },
       { "GOST-34.10/EMSA1(GOST-R-34.11-94)", OID({1,2,643,2,2,3}) },
       { "GOST-34.10/EMSA1(SHA-256)", OID({1,3,6,1,4,1,25258,1,6,1}) },
+      { "GOST-34.10/EMSA1(Streebog-256)", OID({1,2,643,7,1,1,3,2}) },
+      { "GOST.INN", OID({1,2,643,3,131,1,1}) },
+      { "GOST.IssuerSigningTool", OID({1,2,643,100,112}) },
+      { "GOST.OGRN", OID({1,2,643,100,1}) },
+      { "GOST.SubjectSigningTool", OID({1,2,643,100,111}) },
       { "HMAC(SHA-160)", OID({1,2,840,113549,2,7}) },
       { "HMAC(SHA-224)", OID({1,2,840,113549,2,8}) },
       { "HMAC(SHA-256)", OID({1,2,840,113549,2,9}) },
@@ -429,6 +449,7 @@ std::unordered_map<std::string, OID> OIDS::load_str2oid_map()
       { "X509v3.KeyUsage", OID({2,5,29,15}) },
       { "X509v3.NameConstraints", OID({2,5,29,30}) },
       { "X509v3.PolicyConstraints", OID({2,5,29,36}) },
+      { "X509v3.PrivateKeyUsagePeriod", OID({2,5,29,16}) },
       { "X509v3.ReasonCode", OID({2,5,29,21}) },
       { "X509v3.SubjectAlternativeName", OID({2,5,29,17}) },
       { "X509v3.SubjectKeyIdentifier", OID({2,5,29,14}) },
@@ -444,6 +465,7 @@ std::unordered_map<std::string, OID> OIDS::load_str2oid_map()
       { "X520.Pseudonym", OID({2,5,4,65}) },
       { "X520.SerialNumber", OID({2,5,4,5}) },
       { "X520.State", OID({2,5,4,8}) },
+      { "X520.StreetAddress", OID({2,5,4,9}) },
       { "X520.Surname", OID({2,5,4,4}) },
       { "X520.Title", OID({2,5,4,12}) },
       { "XMSS", OID({1,3,6,1,4,1,25258,1,8}) },
@@ -456,7 +478,10 @@ std::unordered_map<std::string, OID> OIDS::load_str2oid_map()
       { "brainpool384r1", OID({1,3,36,3,3,2,8,1,1,11}) },
       { "brainpool512r1", OID({1,3,36,3,3,2,8,1,1,13}) },
       { "frp256v1", OID({1,2,250,1,223,101,256,1}) },
-      { "gost_256A", OID({1,2,643,2,2,35,1}) },
+      { "gost_256A", OID({1,2,643,7,1,2,1,1,1}) },
+      { "gost_256B", OID({1,2,643,7,1,2,1,1,2}) },
+      { "gost_512A", OID({1,2,643,7,1,2,1,2,1}) },
+      { "gost_512B", OID({1,2,643,7,1,2,1,2,2}) },
       { "secp160k1", OID({1,3,132,0,9}) },
       { "secp160r1", OID({1,3,132,0,8}) },
       { "secp160r2", OID({1,3,132,0,30}) },
diff --git a/src/lib/pubkey/ec_group/ec_named.cpp b/src/lib/pubkey/ec_group/ec_named.cpp
index ba91b5eaa..3687fabdf 100644
--- a/src/lib/pubkey/ec_group/ec_named.cpp
+++ b/src/lib/pubkey/ec_group/ec_named.cpp
@@ -114,7 +114,7 @@ std::shared_ptr<EC_Group_Data> EC_Group::EC_group_info(const OID& oid)
                                 "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1",
                                 oid);
    // gost_256A
-   if(oid == OID{1,2,643,2,2,35,1})
+   if(oid == OID{1,2,643,2,2,35,1} || oid == OID{1,2,643,2,2,36,0} || oid == OID{1,2,643,7,1,2,1,1,1})
       return load_EC_group_info("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97",
                                 "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94",
                                 "0xA6",
diff --git a/src/lib/pubkey/ecc_key/info.txt b/src/lib/pubkey/ecc_key/info.txt
index f46c9bb54..32d05f2f9 100644
--- a/src/lib/pubkey/ecc_key/info.txt
+++ b/src/lib/pubkey/ecc_key/info.txt
@@ -1,5 +1,6 @@
 <defines>
 ECC_PUBLIC_KEY_CRYPTO -> 20131128
+ECC_KEY -> 20190801
 </defines>
 
 <requires>
diff --git a/src/lib/pubkey/gost_3410/gost_3410.h b/src/lib/pubkey/gost_3410/gost_3410.h
index 52b6ad758..8c42f5091 100644
--- a/src/lib/pubkey/gost_3410/gost_3410.h
+++ b/src/lib/pubkey/gost_3410/gost_3410.h
@@ -53,6 +53,9 @@ class BOTAN_PUBLIC_API(2,0) GOST_3410_PublicKey : public virtual EC_PublicKey
       size_t message_part_size() const override
          { return domain().get_order().bytes(); }
 
+      Signature_Format default_x509_signature_format() const
+         { return IEEE_1363; }
+
       std::unique_ptr<PK_Ops::Verification>
          create_verification_op(const std::string& params,
                                 const std::string& provider) const override;
diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp
index 16bfbfb1f..126f27cd4 100644
--- a/src/lib/pubkey/pk_algs.cpp
+++ b/src/lib/pubkey/pk_algs.cpp
@@ -146,7 +146,7 @@ load_public_key(const AlgorithmIdentifier& alg_id,
 #endif
 
 #if defined(BOTAN_HAS_GOST_34_10_2001)
-   if(alg_name == "GOST-34.10")
+   if(alg_name == "GOST-34.10" || alg_name == "GOST-34.10-2012-256" || alg_name == "GOST-34.10-2012-512")
       return std::unique_ptr<Public_Key>(new GOST_3410_PublicKey(alg_id, key_bits));
 #endif
 
@@ -222,7 +222,7 @@ load_private_key(const AlgorithmIdentifier& alg_id,
 #endif
 
 #if defined(BOTAN_HAS_GOST_34_10_2001)
-   if(alg_name == "GOST-34.10")
+   if(alg_name == "GOST-34.10" || alg_name == "GOST-34.10-2012-256" || alg_name == "GOST-34.10-2012-512")
       return std::unique_ptr<Private_Key>(new GOST_3410_PrivateKey(alg_id, key_bits));
 #endif
 
diff --git a/src/lib/pubkey/pk_keys.h b/src/lib/pubkey/pk_keys.h
index 0aa9caf54..e7e86d8fa 100644
--- a/src/lib/pubkey/pk_keys.h
+++ b/src/lib/pubkey/pk_keys.h
@@ -19,6 +19,11 @@ namespace Botan {
 class RandomNumberGenerator;
 
 /**
+* The two types of signature format supported by Botan.
+*/
+enum Signature_Format { IEEE_1363, DER_SEQUENCE };
+
+/**
 * Public Key Base Class.
 */
 class BOTAN_PUBLIC_API(2,0) Public_Key
@@ -118,6 +123,11 @@ class BOTAN_PUBLIC_API(2,0) Public_Key
       */
       virtual size_t message_part_size() const { return 0; }
 
+      virtual Signature_Format default_x509_signature_format() const
+         {
+         return (this->message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
+         }
+
       /**
       * This is an internal library function exposed on key types.
       * In almost all cases applications should use wrappers in pubkey.h
diff --git a/src/lib/pubkey/pubkey.h b/src/lib/pubkey/pubkey.h
index dc4ef6ee6..2aa8ea916 100644
--- a/src/lib/pubkey/pubkey.h
+++ b/src/lib/pubkey/pubkey.h
@@ -23,11 +23,6 @@ namespace Botan {
 class RandomNumberGenerator;
 
 /**
-* The two types of signature format supported by Botan.
-*/
-enum Signature_Format { IEEE_1363, DER_SEQUENCE };
-
-/**
 * Public Key Encryptor
 * This is the primary interface for public key encryption
 */
diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp
index 7907d08e2..249ce7817 100644
--- a/src/lib/x509/ocsp.cpp
+++ b/src/lib/x509/ocsp.cpp
@@ -170,7 +170,7 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue
          return Certificate_Status_Code::OCSP_RESPONSE_INVALID;
 
       std::string padding = sig_info[1];
-      Signature_Format format = (pub_key->message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
+      const Signature_Format format = pub_key->default_x509_signature_format();
 
       PK_Verifier verifier(*pub_key, padding, format);
 
diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp
index 74786c224..a48e088ac 100644
--- a/src/lib/x509/x509_obj.cpp
+++ b/src/lib/x509/x509_obj.cpp
@@ -197,8 +197,7 @@ Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key)
    else
       return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS;
 
-   const Signature_Format format =
-      (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
+   const Signature_Format format = pub_key.default_x509_signature_format();
 
    if(padding == "EMSA4")
       {
@@ -369,7 +368,7 @@ std::unique_ptr<PK_Signer> X509_Object::choose_sig_format(AlgorithmIdentifier& s
                                                           const std::string& hash_fn,
                                                           const std::string& padding_algo)
    {
-   const Signature_Format format = (key.message_parts() > 1) ? DER_SEQUENCE : IEEE_1363;
+   const Signature_Format format = key.default_x509_signature_format();
 
    const std::string emsa = choose_sig_algo(sig_algo, key, hash_fn, padding_algo);
author	Jack Lloyd <[email protected]>	2019-08-01 09:20:26 -0400
committer	Jack Lloyd <[email protected]>	2019-08-01 09:26:00 -0400
commit	cb90f825466b08cf8a64c042e72b40d9191f2033 (patch)
tree	14d677e41a51891eafd750c04162a2fdd40a88ac /src/lib
parent	fdf9970f921bf6b3e99c2a99ebc251b6e5dd760e (diff)