3

If there a way to insert custom parameters into the GOST 2001 parameters set programmatically and what API should be used? After being managed to generate EVP_PKEY by simulating OpenSSLs' function I found out that parameters are bound to NID, so there's a need in adding custom ones there. Ideas anyone?

divanov
  • 6,173
  • 3
  • 32
  • 51
Artem Gulyamshaev
  • 153
  • 6
  • You're in uncharted grounds with the GOST 2001 algorithm for me, all I can do is mod up... – Maarten Bodewes Oct 13 '12 at 15:42
  • Modding up means that standart OpenSSL won't work and it'd has to be patched every single time and makes it fully dependent on current version. Writing your own engine is not an option either in whole number of reasons. I personally think that dinamic parameters setting should take place in API, otherwise it ties hands really badly. – Artem Gulyamshaev Oct 13 '12 at 20:46
  • LOL, no I meant the question :) I put a bounty on your other question by the way. – Maarten Bodewes Oct 13 '12 at 21:14
  • Did you mean changing a substitution boxes or something else? – Pavel Ognev Oct 15 '12 at 06:03
  • Let me describe what I'm doing then: The main idea is to generate pkcs#12 container programmatically using GOST algorithms with custom parameters (from GOST standart for example) and a self-made random sequence. To accomplish that I've managed to get EVP_PKEY through EC_KEY that passes EC_KEY_check_key() test. To generate container there's also a need in X509 certificate. During its creation there's a error "X509_PUBKEY_get:public key decode error:x_pubkey.c:164:" that leads to "FILL_GOST2001_PARAMS:unsupported parameter set:gost2001.c:53:" cause of dropping of from – Artem Gulyamshaev Oct 15 '12 at 06:45
  • while (params->nid!=NID_undef && params->nid != nid) params++; cycle that walks through "R3410_2001_paramset" table and can't match none of default parameters. So I'm trying to get over it somehow. – Artem Gulyamshaev Oct 15 '12 at 06:48
  • By the way, using those default parameters makes everything works great, It passes everything and generates container just so you know, otherwise it's trickier. – Artem Gulyamshaev Oct 15 '12 at 07:26

1 Answers1

1

Problem solved next way:

  1. Upper error FILL_GOST2001_PARAMS:unsupported parameter set appears if you don't set your CurveName as one of already existing parameter set NID, so it should be like this: EC_GROUP_set_curve_name(CurveGroup,NID_id_GostR3410_2001_TestParamSet).
  2. However setting one for default parameters set doesn't mean that It'll be used every time, for example in EC_KEY_check_key() function, you call it. What OpenSSL does is - it takes parameters from your EC_KEY object, so it's easily customizable, as long as those are correct (point is on curve and etc.).
Artem Gulyamshaev
  • 153
  • 6