Re: [openssl.org #3311] [PATCH] Introduce GOST R 34.11-2012 hash function

Thu, 17 Apr 2014 04:31:31 -0700 

On 04/17/2014 12:12 AM, Andrey Kulikov wrote:

Hello Dmitry,

Thanks a lot for your commitment!

It would be good idea to add test cases for new functionality as well.
Yes, I tried my best to follow what other tests did, such as gost2814789t.c. 
See gosthash12t.c.
This is initial patch, it includes only the hash function and test cases for it. 
I'm preparing the other smaller patches based on it to follow.
On 14 April 2014 23:52, Dmitry Olshansky via RT <[email protected] <mailto:[email protected]>> wrote: 

    It's been a bit over 2 years since the new Russian cryptography
    standard
    is out.
    RFCs 6986 and 7091 been out there for a while[1,2]. Other toolkits are
    adding support, e.g. Libgcrypt introduced GOST 34.11-2012 in 1.6.0
    [3].

    Keeping in mind that OpenSSL provides GOST reference engine it seems
    natural to revise it in the light of the new standard.

    To summarize the full set of changes for the new standard:
         - New hash function GOST R 34.11-2012 (Stribog) takes place
    of GOST
    R 34.11-94. After 2018 usage of 34.11-94 is basically prohibited.

         - Digital signature algorithm GOST 34.10-2001 is extended to
    support both 256bit and 512bit keys. The hash function to use is
    GOST R
    34.11-2012. 256bit version is exactly the same modulo the hashing.

         - 2 new parameter sets (curves) for 512bit GOST 34.10-2012 are
    listed as recommended. Older ones stay as is for 256-bit version.

         - Symmetric cipher stays the same, one new S-box set was defined.

         - Key Exchange (VKO) is the same algorithm but with different
    hash
    function (HMAC of GOST 34.11-2012).

    This patch adds support for hash algorithm GOST R 34.11-2012 _only_ .
    The source code was initially tested on x86, PowerPC and ARMv4.
    New digests have short names "md_gost12_256" and "md_gost12_512"
    respectively.

    See attached patch or browse it on github:
    https://github.com/openssl/openssl/pull/68

    Next steps towards full support are far less involved and consist
    mostly
    of minor changes such as adding paramsets and/or removing artificial
    limitations.

    1. GOST R 34.11-2012: Hash Function http://tools.ietf.org/html/rfc6986
    2. GOST R 34.10-2012: Digital Signature Algorithm
    http://tools.ietf.org/html/rfc7091
    3. http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000336.html

    --
    Dmitry Olshansky






--
Dmitry Olshansky

Systems Engineer
Demos llc.

Reply via email to