Hi,
2017-05-20 23:39 GMT+03:00 Niels Möller nisse@lysator.liu.se:
Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
This is the first round of patches expanding GOST algorithms support in Nettle cryptographic library. They are implemented according to published RFCs and GOST standards and serve the base of GOST ciphersuites implementation for GnuTLS.
It's good to know what the direction is, but it's a pretty large "first round". For context, where's the spec of these TLS ciphersuites? From a quick search, I only find this internet-draft with no recent activity: https://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04, is that what you're implementing? Is it used in practice?
Basically yes. That internet draft + version from GOST technical comitee that include newer hash function (Streebog) and longer keys support.
Dmitry Eremin-Solenikov (13): Add GOST R 34.11 to nettle_hashes Add HMAC functions for GOSTHASH94 Start separating GOST 28147-89 from GOST R 34.11-94 Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box Implement PBKDF2 shortcut function for GOSTHASH94CP Add the rest of sboxes for GOST 28147 Add GOST 28147-89 ECB encryption and decryption support Add CFB block mode support Add CFB mode support for GOST 28147-89 Add special CNT mode for GOST 28147-89 cipher Add GOST 28147-89 IMIT support Implement GOST R 34.11-2012 (Streebog) hash function Implement PBKDF2 shortcut function for Streebog256/512
Just looking at this list, we have CFB support (seems generally useful), two additional GOST hash functions ("CryptoPro" S-boxes and Streebog), a GOST cipher, and a few wrappers for using these with hmac, pbkdf2, nettle-meta.h, etc.
I think we have to do this in smaller pieces. Which one should I start looking at?
I've mostly ordered patched in the way the should be looked.
(And then I'm not familiar with GOST, are the different algorithms with that name technically close, or are they just specified by the same government body?)
It is just a governmental body (like NIST).
Some references:
- symmetric encryption: RFC 5830 - old hash function (GOST R 34.11-94): RFC 5831 - new hash function (Streebog): RFC 6986 - digital signatures: RFC 5832 + RFC 7091 - additional algorithms and definitions: RFC 4357