Dmitry Eremin-Solenikov dbaryshkov@gmail.com writes:
This is the first round of patches expanding GOST algorithms support in Nettle cryptographic library. They are implemented according to published RFCs and GOST standards and serve the base of GOST ciphersuites implementation for GnuTLS.
It's good to know what the direction is, but it's a pretty large "first round". For context, where's the spec of these TLS ciphersuites? From a quick search, I only find this internet-draft with no recent activity: https://tools.ietf.org/html/draft-chudov-cryptopro-cptls-04, is that what you're implementing? Is it used in practice?
Dmitry Eremin-Solenikov (13): Add GOST R 34.11 to nettle_hashes Add HMAC functions for GOSTHASH94 Start separating GOST 28147-89 from GOST R 34.11-94 Add support for GOSTHASH94CP: GOST R 34.11-94 hash with CryptoPro S-box Implement PBKDF2 shortcut function for GOSTHASH94CP Add the rest of sboxes for GOST 28147 Add GOST 28147-89 ECB encryption and decryption support Add CFB block mode support Add CFB mode support for GOST 28147-89 Add special CNT mode for GOST 28147-89 cipher Add GOST 28147-89 IMIT support Implement GOST R 34.11-2012 (Streebog) hash function Implement PBKDF2 shortcut function for Streebog256/512
Just looking at this list, we have CFB support (seems generally useful), two additional GOST hash functions ("CryptoPro" S-boxes and Streebog), a GOST cipher, and a few wrappers for using these with hmac, pbkdf2, nettle-meta.h, etc.
I think we have to do this in smaller pieces. Which one should I start looking at?
(And then I'm not familiar with GOST, are the different algorithms with that name technically close, or are they just specified by the same government body?)
Regards, /Niels