/src/openssl/engines/ccgost/gost_sign.c

Source (jump to first uncovered line)
/**********************************************************************
 *                          gost_sign.c                               *
 *             Copyright (c) 2005-2006 Cryptocom LTD                  *
 *         This file is distributed under the same license as OpenSSL *
 *                                                                    *
 *       Implementation of GOST R 34.10-94 signature algorithm        *
 *       for OpenSSL                                                  *
 *          Requires OpenSSL 0.9.9 for compilation                    *
 **********************************************************************/
#include <string.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/err.h>

#include "gost_params.h"
#include "gost_lcl.h"
#include "e_gost_err.h"

#ifdef DEBUG_SIGN
void dump_signature(const char *message, const unsigned char *buffer,
                    size_t len)
{
    size_t i;
    fprintf(stderr, "signature %s Length=%d", message, len);
    for (i = 0; i < len; i++) {
        if (i % 16 == 0)
            fputc('\n', stderr);
        fprintf(stderr, " %02x", buffer[i]);
    }
    fprintf(stderr, "\nEnd of signature\n");
}

void dump_dsa_sig(const char *message, DSA_SIG *sig)
{
    fprintf(stderr, "%s\nR=", message);
    BN_print_fp(stderr, sig->r);
    fprintf(stderr, "\nS=");
    BN_print_fp(stderr, sig->s);
    fprintf(stderr, "\n");
}

#else

# define dump_signature(a,b,c)
# define dump_dsa_sig(a,b)
#endif

/*
 * Computes signature and returns it as DSA_SIG structure
 */
DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
    BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL;
    DSA_SIG *newsig = NULL, *ret = NULL;
    BIGNUM *md = hashsum2bn(dgst);
    /* check if H(M) mod q is zero */
    BN_CTX *ctx = BN_CTX_new();
    if(!ctx) {
        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    BN_CTX_start(ctx);
    newsig = DSA_SIG_new();
    if (!newsig) {
        GOSTerr(GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);
        goto err;
    }
    tmp = BN_CTX_get(ctx);
    k = BN_CTX_get(ctx);
    tmp2 = BN_CTX_get(ctx);
    if(!tmp || !k || !tmp2) {
        GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    BN_mod(tmp, md, dsa->q, ctx);
    if (BN_is_zero(tmp)) {
        BN_one(md);
    }
    do {
        do {
            /*
             * Generate random number k less than q
             */
            BN_rand_range(k, dsa->q);
            /* generate r = (a^x mod p) mod q */
            BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
            if (!(newsig->r)) {
                newsig->r = BN_new();
                if(!newsig->r) {
                    GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
                    goto err;
                }
            }
            BN_mod(newsig->r, tmp, dsa->q, ctx);
        }
        while (BN_is_zero(newsig->r));
        /* generate s = (xr + k(Hm)) mod q */
        BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
        BN_mod_mul(tmp2, k, md, dsa->q, ctx);
        if (!newsig->s) {
            newsig->s = BN_new();
            if(!newsig->s) {
                GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
                goto err;
            }
        }
        BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
    }
    while (BN_is_zero(newsig->s));

    ret = newsig;
 err:
    BN_free(md);
    if(ctx) {
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
    }
    if(!ret && newsig) {
        DSA_SIG_free(newsig);
    }
    return ret;
}

/*
 * Packs signature according to Cryptocom rules
 * and frees up DSA_SIG structure
 */
/*-
int pack_sign_cc(DSA_SIG *s,int order,unsigned char *sig, size_t *siglen)
        {
        *siglen = 2*order;
        memset(sig,0,*siglen);
        store_bignum(s->r, sig,order);
        store_bignum(s->s, sig + order,order);
        dump_signature("serialized",sig,*siglen);
        DSA_SIG_free(s);
        return 1;
        }
*/
/*
 * Packs signature according to Cryptopro rules
 * and frees up DSA_SIG structure
 */
int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen)
{
    *siglen = 2 * order;
    memset(sig, 0, *siglen);
    store_bignum(s->s, sig, order);
    store_bignum(s->r, sig + order, order);
    dump_signature("serialized", sig, *siglen);
    DSA_SIG_free(s);
    return 1;
}

/*
 * Verifies signature passed as DSA_SIG structure
 *
 */

int gost_do_verify(const unsigned char *dgst, int dgst_len,
                   DSA_SIG *sig, DSA *dsa)
{
    BIGNUM *md = NULL, *tmp = NULL;
    BIGNUM *q2 = NULL;
    BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL;
    BIGNUM *tmp2 = NULL, *tmp3 = NULL;
    int ok = 0;
    BN_CTX *ctx = BN_CTX_new();
    if(!ctx) {
        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    BN_CTX_start(ctx);
    if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) {
        GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
        goto err;
    }
    md = hashsum2bn(dgst);

    tmp = BN_CTX_get(ctx);
    v = BN_CTX_get(ctx);
    q2 = BN_CTX_get(ctx);
    z1 = BN_CTX_get(ctx);
    z2 = BN_CTX_get(ctx);
    tmp2 = BN_CTX_get(ctx);
    tmp3 = BN_CTX_get(ctx);
    u = BN_CTX_get(ctx);
    if(!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) {
        GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    BN_mod(tmp, md, dsa->q, ctx);
    if (BN_is_zero(tmp)) {
        BN_one(md);
    }
    BN_copy(q2, dsa->q);
    BN_sub_word(q2, 2);
    BN_mod_exp(v, md, q2, dsa->q, ctx);
    BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
    BN_sub(tmp, dsa->q, sig->r);
    BN_mod_mul(z2, tmp, v, dsa->p, ctx);
    BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
    BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
    BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
    BN_mod(u, tmp3, dsa->q, ctx);
    ok = (BN_cmp(u, sig->r) == 0);

    if (!ok) {
        GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
    }
err:
    if(md) BN_free(md);
    if(ctx) {
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
    }
    return ok;
}

/*
 * Computes public keys for GOST R 34.10-94 algorithm
 *
 */
int gost94_compute_public(DSA *dsa)
{
    /* Now fill algorithm parameters with correct values */
    BN_CTX *ctx;
    if (!dsa->g) {
        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
        return 0;
    }
    ctx = BN_CTX_new();
    if(!ctx) {
        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
        return 0;
    }

    dsa->pub_key = BN_new();
    if(!dsa->pub_key) {
        GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
        BN_CTX_free(ctx);
        return 0;
    }
    /* Compute public key  y = a^x mod p */
    BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
    BN_CTX_free(ctx);
    return 1;
}

/*
 * Fill GOST 94 params, searching them in R3410_paramset array
 * by nid of paramset
 *
 */
int fill_GOST94_params(DSA *dsa, int nid)
{
    R3410_params *params = R3410_paramset;
    while (params->nid != NID_undef && params->nid != nid)
        params++;
    if (params->nid == NID_undef) {
        GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
        return 0;
    }
#define dump_signature(a,b,c)
    if (dsa->p) {
        BN_free(dsa->p);
    }
    dsa->p = NULL;
    BN_dec2bn(&(dsa->p), params->p);
    if (dsa->q) {
        BN_free(dsa->q);
    }
    dsa->q = NULL;
    BN_dec2bn(&(dsa->q), params->q);
    if (dsa->g) {
        BN_free(dsa->g);
    }
    dsa->g = NULL;
    BN_dec2bn(&(dsa->g), params->a);
    return 1;
}

/*
 *  Generate GOST R 34.10-94 keypair
 *
 *
 */
int gost_sign_keygen(DSA *dsa)
{
    dsa->priv_key = BN_new();
    if(!dsa->priv_key) {
        GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    BN_rand_range(dsa->priv_key, dsa->q);
    return gost94_compute_public(dsa);
}

/* Unpack signature according to cryptocom rules  */
/*-
DSA_SIG *unpack_cc_signature(const unsigned char *sig,size_t siglen)
        {
        DSA_SIG *s;
        s = DSA_SIG_new();
        if (s == NULL)
                {
                GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,GOST_R_NO_MEMORY);
                return(NULL);
                }
        s->r = getbnfrombuf(sig, siglen/2);
        s->s = getbnfrombuf(sig + siglen/2, siglen/2);
        return s;
        }
*/
/* Unpack signature according to cryptopro rules  */
DSA_SIG *unpack_cp_signature(const unsigned char *sig, size_t siglen)
{
    DSA_SIG *s;

    s = DSA_SIG_new();
    if (s == NULL) {
        GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, GOST_R_NO_MEMORY);
        return NULL;
    }
    s->s = getbnfrombuf(sig, siglen / 2);
    s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
    return s;
}

/* Convert little-endian byte array into bignum */
BIGNUM *hashsum2bn(const unsigned char *dgst)
{
    unsigned char buf[32];
    int i;
    for (i = 0; i < 32; i++) {
        buf[31 - i] = dgst[i];
    }
    return getbnfrombuf(buf, 32);
}

/* Convert byte buffer to bignum, skipping leading zeros*/
BIGNUM *getbnfrombuf(const unsigned char *buf, size_t len)
{
    while (*buf == 0 && len > 0) {
        buf++;
        len--;
    }
    if (len) {
        return BN_bin2bn(buf, len, NULL);
    } else {
        BIGNUM *b = BN_new();
        BN_zero(b);
        return b;
    }
}

/*
 * Pack bignum into byte buffer of given size, filling all leading bytes by
 * zeros
 */
int store_bignum(BIGNUM *bn, unsigned char *buf, int len)
{
    int bytes = BN_num_bytes(bn);
    if (bytes > len)
        return 0;
    memset(buf, 0, len);
    BN_bn2bin(bn, buf + len - bytes);
    return 1;
}

Coverage Report

Created: 2022-11-30 06:20

Line	Count	Source (jump to first uncovered line)
1		/**********************************************************************
2		* gost_sign.c *
3		* Copyright (c) 2005-2006 Cryptocom LTD *
4		* This file is distributed under the same license as OpenSSL *
5		* *
6		* Implementation of GOST R 34.10-94 signature algorithm *
7		* for OpenSSL *
8		* Requires OpenSSL 0.9.9 for compilation *
9		**********************************************************************/
10		#include <string.h>
11		#include <openssl/rand.h>
12		#include <openssl/bn.h>
13		#include <openssl/dsa.h>
14		#include <openssl/evp.h>
15		#include <openssl/err.h>
16
17		#include "gost_params.h"
18		#include "gost_lcl.h"
19		#include "e_gost_err.h"
20
21		#ifdef DEBUG_SIGN
22		void dump_signature(const char message, const unsigned char buffer,
23		size_t len)
24		{
25		size_t i;
26		fprintf(stderr, "signature %s Length=%d", message, len);
27		for (i = 0; i < len; i++) {
28		if (i % 16 == 0)
29		fputc('\n', stderr);
30		fprintf(stderr, " %02x", buffer[i]);
31		}
32		fprintf(stderr, "\nEnd of signature\n");
33		}
34
35		void dump_dsa_sig(const char message, DSA_SIG sig)
36		{
37		fprintf(stderr, "%s\nR=", message);
38		BN_print_fp(stderr, sig->r);
39		fprintf(stderr, "\nS=");
40		BN_print_fp(stderr, sig->s);
41		fprintf(stderr, "\n");
42		}
43
44		#else
45
46		# define dump_signature(a,b,c)
47		# define dump_dsa_sig(a,b)
48		#endif
49
50		/*
51		* Computes signature and returns it as DSA_SIG structure
52		*/
53		DSA_SIG gost_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
54	0	{
55	0	BIGNUM k = NULL, tmp = NULL, *tmp2 = NULL;
56	0	DSA_SIG newsig = NULL, ret = NULL;
57	0	BIGNUM *md = hashsum2bn(dgst);
58		/* check if H(M) mod q is zero */
59	0	BN_CTX *ctx = BN_CTX_new();
60	0	if(!ctx) {
61	0	GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
62	0	goto err;
63	0	}
64	0	BN_CTX_start(ctx);
65	0	newsig = DSA_SIG_new();
66	0	if (!newsig) {
67	0	GOSTerr(GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY);
68	0	goto err;
69	0	}
70	0	tmp = BN_CTX_get(ctx);
71	0	k = BN_CTX_get(ctx);
72	0	tmp2 = BN_CTX_get(ctx);
73	0	if(!tmp \|\| !k \|\| !tmp2) {
74	0	GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
75	0	goto err;
76	0	}
77	0	BN_mod(tmp, md, dsa->q, ctx);
78	0	if (BN_is_zero(tmp)) {
79	0	BN_one(md);
80	0	}
81	0	do {
82	0	do {
83		/*
84		* Generate random number k less than q
85		*/
86	0	BN_rand_range(k, dsa->q);
87		/* generate r = (a^x mod p) mod q */
88	0	BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx);
89	0	if (!(newsig->r)) {
90	0	newsig->r = BN_new();
91	0	if(!newsig->r) {
92	0	GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
93	0	goto err;
94	0	}
95	0	}
96	0	BN_mod(newsig->r, tmp, dsa->q, ctx);
97	0	}
98	0	while (BN_is_zero(newsig->r));
99		/* generate s = (xr + k(Hm)) mod q */
100	0	BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx);
101	0	BN_mod_mul(tmp2, k, md, dsa->q, ctx);
102	0	if (!newsig->s) {
103	0	newsig->s = BN_new();
104	0	if(!newsig->s) {
105	0	GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE);
106	0	goto err;
107	0	}
108	0	}
109	0	BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx);
110	0	}
111	0	while (BN_is_zero(newsig->s));
112
113	0	ret = newsig;
114	0	err:
115	0	BN_free(md);
116	0	if(ctx) {
117	0	BN_CTX_end(ctx);
118	0	BN_CTX_free(ctx);
119	0	}
120	0	if(!ret && newsig) {
121	0	DSA_SIG_free(newsig);
122	0	}
123	0	return ret;
124	0	}
125
126		/*
127		* Packs signature according to Cryptocom rules
128		* and frees up DSA_SIG structure
129		*/
130		/*-
131		int pack_sign_cc(DSA_SIG s,int order,unsigned char sig, size_t *siglen)
132		{
133		siglen = 2order;
134		memset(sig,0,*siglen);
135		store_bignum(s->r, sig,order);
136		store_bignum(s->s, sig + order,order);
137		dump_signature("serialized",sig,*siglen);
138		DSA_SIG_free(s);
139		return 1;
140		}
141		*/
142		/*
143		* Packs signature according to Cryptopro rules
144		* and frees up DSA_SIG structure
145		*/
146		int pack_sign_cp(DSA_SIG s, int order, unsigned char sig, size_t *siglen)
147	0	{
148	0	siglen = 2 order;
149	0	memset(sig, 0, *siglen);
150	0	store_bignum(s->s, sig, order);
151	0	store_bignum(s->r, sig + order, order);
152	0	dump_signature("serialized", sig, *siglen);
153	0	DSA_SIG_free(s);
154	0	return 1;
155	0	}
156
157		/*
158		* Verifies signature passed as DSA_SIG structure
159		*
160		*/
161
162		int gost_do_verify(const unsigned char *dgst, int dgst_len,
163		DSA_SIG sig, DSA dsa)
164	0	{
165	0	BIGNUM md = NULL, tmp = NULL;
166	0	BIGNUM *q2 = NULL;
167	0	BIGNUM u = NULL, v = NULL, z1 = NULL, z2 = NULL;
168	0	BIGNUM tmp2 = NULL, tmp3 = NULL;
169	0	int ok = 0;
170	0	BN_CTX *ctx = BN_CTX_new();
171	0	if(!ctx) {
172	0	GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
173	0	goto err;
174	0	}
175
176	0	BN_CTX_start(ctx);
177	0	if (BN_cmp(sig->s, dsa->q) >= 1 \|\| BN_cmp(sig->r, dsa->q) >= 1) {
178	0	GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q);
179	0	goto err;
180	0	}
181	0	md = hashsum2bn(dgst);
182
183	0	tmp = BN_CTX_get(ctx);
184	0	v = BN_CTX_get(ctx);
185	0	q2 = BN_CTX_get(ctx);
186	0	z1 = BN_CTX_get(ctx);
187	0	z2 = BN_CTX_get(ctx);
188	0	tmp2 = BN_CTX_get(ctx);
189	0	tmp3 = BN_CTX_get(ctx);
190	0	u = BN_CTX_get(ctx);
191	0	if(!tmp \|\| !v \|\| !q2 \|\| !z1 \|\| !z2 \|\| !tmp2 \|\| !tmp3 \|\| !u) {
192	0	GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE);
193	0	goto err;
194	0	}
195
196	0	BN_mod(tmp, md, dsa->q, ctx);
197	0	if (BN_is_zero(tmp)) {
198	0	BN_one(md);
199	0	}
200	0	BN_copy(q2, dsa->q);
201	0	BN_sub_word(q2, 2);
202	0	BN_mod_exp(v, md, q2, dsa->q, ctx);
203	0	BN_mod_mul(z1, sig->s, v, dsa->q, ctx);
204	0	BN_sub(tmp, dsa->q, sig->r);
205	0	BN_mod_mul(z2, tmp, v, dsa->p, ctx);
206	0	BN_mod_exp(tmp, dsa->g, z1, dsa->p, ctx);
207	0	BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx);
208	0	BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx);
209	0	BN_mod(u, tmp3, dsa->q, ctx);
210	0	ok = (BN_cmp(u, sig->r) == 0);
211
212	0	if (!ok) {
213	0	GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
214	0	}
215	0	err:
216	0	if(md) BN_free(md);
217	0	if(ctx) {
218	0	BN_CTX_end(ctx);
219	0	BN_CTX_free(ctx);
220	0	}
221	0	return ok;
222	0	}
223
224		/*
225		* Computes public keys for GOST R 34.10-94 algorithm
226		*
227		*/
228		int gost94_compute_public(DSA *dsa)
229	0	{
230		/* Now fill algorithm parameters with correct values */
231	0	BN_CTX *ctx;
232	0	if (!dsa->g) {
233	0	GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED);
234	0	return 0;
235	0	}
236	0	ctx = BN_CTX_new();
237	0	if(!ctx) {
238	0	GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
239	0	return 0;
240	0	}
241
242	0	dsa->pub_key = BN_new();
243	0	if(!dsa->pub_key) {
244	0	GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
245	0	BN_CTX_free(ctx);
246	0	return 0;
247	0	}
248		/* Compute public key y = a^x mod p */
249	0	BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx);
250	0	BN_CTX_free(ctx);
251	0	return 1;
252	0	}
253
254		/*
255		* Fill GOST 94 params, searching them in R3410_paramset array
256		* by nid of paramset
257		*
258		*/
259		int fill_GOST94_params(DSA *dsa, int nid)
260	0	{
261	0	R3410_params *params = R3410_paramset;
262	0	while (params->nid != NID_undef && params->nid != nid)
263	0	params++;
264	0	if (params->nid == NID_undef) {
265	0	GOSTerr(GOST_F_FILL_GOST94_PARAMS, GOST_R_UNSUPPORTED_PARAMETER_SET);
266	0	return 0;
267	0	}
268	0	#define dump_signature(a,b,c)
269	0	if (dsa->p) {
270	0	BN_free(dsa->p);
271	0	}
272	0	dsa->p = NULL;
273	0	BN_dec2bn(&(dsa->p), params->p);
274	0	if (dsa->q) {
275	0	BN_free(dsa->q);
276	0	}
277	0	dsa->q = NULL;
278	0	BN_dec2bn(&(dsa->q), params->q);
279	0	if (dsa->g) {
280	0	BN_free(dsa->g);
281	0	}
282	0	dsa->g = NULL;
283	0	BN_dec2bn(&(dsa->g), params->a);
284	0	return 1;
285	0	}
286
287		/*
288		* Generate GOST R 34.10-94 keypair
289		*
290		*
291		*/
292		int gost_sign_keygen(DSA *dsa)
293	0	{
294	0	dsa->priv_key = BN_new();
295	0	if(!dsa->priv_key) {
296	0	GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE);
297	0	return 0;
298	0	}
299	0	BN_rand_range(dsa->priv_key, dsa->q);
300	0	return gost94_compute_public(dsa);
301	0	}
302
303		/* Unpack signature according to cryptocom rules */
304		/*-
305		DSA_SIG unpack_cc_signature(const unsigned char sig,size_t siglen)
306		{
307		DSA_SIG *s;
308		s = DSA_SIG_new();
309		if (s == NULL)
310		{
311		GOSTerr(GOST_F_UNPACK_CC_SIGNATURE,GOST_R_NO_MEMORY);
312		return(NULL);
313		}
314		s->r = getbnfrombuf(sig, siglen/2);
315		s->s = getbnfrombuf(sig + siglen/2, siglen/2);
316		return s;
317		}
318		*/
319		/* Unpack signature according to cryptopro rules */
320		DSA_SIG unpack_cp_signature(const unsigned char sig, size_t siglen)
321	0	{
322	0	DSA_SIG *s;
323
324	0	s = DSA_SIG_new();
325	0	if (s == NULL) {
326	0	GOSTerr(GOST_F_UNPACK_CP_SIGNATURE, GOST_R_NO_MEMORY);
327	0	return NULL;
328	0	}
329	0	s->s = getbnfrombuf(sig, siglen / 2);
330	0	s->r = getbnfrombuf(sig + siglen / 2, siglen / 2);
331	0	return s;
332	0	}
333
334		/* Convert little-endian byte array into bignum */
335		BIGNUM hashsum2bn(const unsigned char dgst)
336	0	{
337	0	unsigned char buf[32];
338	0	int i;
339	0	for (i = 0; i < 32; i++) {
340	0	buf[31 - i] = dgst[i];
341	0	}
342	0	return getbnfrombuf(buf, 32);
343	0	}
344
345		/* Convert byte buffer to bignum, skipping leading zeros*/
346		BIGNUM getbnfrombuf(const unsigned char buf, size_t len)
347	0	{
348	0	while (*buf == 0 && len > 0) {
349	0	buf++;
350	0	len--;
351	0	}
352	0	if (len) {
353	0	return BN_bin2bn(buf, len, NULL);
354	0	} else {
355	0	BIGNUM *b = BN_new();
356	0	BN_zero(b);
357	0	return b;
358	0	}
359	0	}
360
361		/*
362		* Pack bignum into byte buffer of given size, filling all leading bytes by
363		* zeros
364		*/
365		int store_bignum(BIGNUM bn, unsigned char buf, int len)
366	0	{
367	0	int bytes = BN_num_bytes(bn);
368	0	if (bytes > len)
369	0	return 0;
370	0	memset(buf, 0, len);
371	0	BN_bn2bin(bn, buf + len - bytes);
372	0	return 1;
373	0	}