[openssl-dev] [openssl.org #3311] [PATCH] Introduce GOST R 34.11-2012 hash function
GOST is done via external engine now. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl.org #3311] [PATCH] Introduce GOST R 34.11-2012 hash function
On 2014-04-14 at 21:52:46, Dmitry Olshansky via RT r...@openssl.org wrote: It's been a bit over 2 years since the new Russian cryptography standard is out. RFCs 6986 and 7091 been out there for a while[1,2]. Other toolkits are adding support, e.g. Libgcrypt introduced GOST 34.11-2012 in 1.6.0 [3]. Keeping in mind that OpenSSL provides GOST reference engine it seems natural to revise it in the light of the new standard. To summarize the full set of changes for the new standard: - New hash function GOST R 34.11-2012 (Stribog) takes place of GOST R 34.11-94. After 2018 usage of 34.11-94 is basically prohibited. - Digital signature algorithm GOST 34.10-2001 is extended to support both 256bit and 512bit keys. The hash function to use is GOST R 34.11-2012. 256bit version is exactly the same modulo the hashing. - 2 new parameter sets (curves) for 512bit GOST 34.10-2012 are listed as recommended. Older ones stay as is for 256-bit version. - Symmetric cipher stays the same, one new S-box set was defined. - Key Exchange (VKO) is the same algorithm but with different hash function (HMAC of GOST 34.11-2012). This patch adds support for hash algorithm GOST R 34.11-2012 _only_ . The source code was initially tested on x86, PowerPC and ARMv4. New digests have short names md_gost12_256 and md_gost12_512 respectively. Hi. Thank you for working on this. At first glance the patch looks fine for me. See attached patch or browse it on github: https://github.com/openssl/openssl/pull/68 Next steps towards full support are far less involved and consist mostly of minor changes such as adding paramsets and/or removing artificial limitations. 1. GOST R 34.11-2012: Hash Function http://tools.ietf.org/html/rfc6986 2. GOST R 34.10-2012: Digital Signature Algorithm http://tools.ietf.org/html/rfc7091 3. http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000336.html signature.asc Description: This is a digitally signed message part.
Re: [openssl.org #3311] [PATCH] Introduce GOST R 34.11-2012 hash function
On 04/17/2014 12:12 AM, Andrey Kulikov wrote: Hello Dmitry, Thanks a lot for your commitment! It would be good idea to add test cases for new functionality as well. Yes, I tried my best to follow what other tests did, such as gost2814789t.c. See gosthash12t.c. This is initial patch, it includes only the hash function and test cases for it. I'm preparing the other smaller patches based on it to follow. On 14 April 2014 23:52, Dmitry Olshansky via RT r...@openssl.org mailto:r...@openssl.org wrote: It's been a bit over 2 years since the new Russian cryptography standard is out. RFCs 6986 and 7091 been out there for a while[1,2]. Other toolkits are adding support, e.g. Libgcrypt introduced GOST 34.11-2012 in 1.6.0 [3]. Keeping in mind that OpenSSL provides GOST reference engine it seems natural to revise it in the light of the new standard. To summarize the full set of changes for the new standard: - New hash function GOST R 34.11-2012 (Stribog) takes place of GOST R 34.11-94. After 2018 usage of 34.11-94 is basically prohibited. - Digital signature algorithm GOST 34.10-2001 is extended to support both 256bit and 512bit keys. The hash function to use is GOST R 34.11-2012. 256bit version is exactly the same modulo the hashing. - 2 new parameter sets (curves) for 512bit GOST 34.10-2012 are listed as recommended. Older ones stay as is for 256-bit version. - Symmetric cipher stays the same, one new S-box set was defined. - Key Exchange (VKO) is the same algorithm but with different hash function (HMAC of GOST 34.11-2012). This patch adds support for hash algorithm GOST R 34.11-2012 _only_ . The source code was initially tested on x86, PowerPC and ARMv4. New digests have short names md_gost12_256 and md_gost12_512 respectively. See attached patch or browse it on github: https://github.com/openssl/openssl/pull/68 Next steps towards full support are far less involved and consist mostly of minor changes such as adding paramsets and/or removing artificial limitations. 1. GOST R 34.11-2012: Hash Function http://tools.ietf.org/html/rfc6986 2. GOST R 34.10-2012: Digital Signature Algorithm http://tools.ietf.org/html/rfc7091 3. http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000336.html -- Dmitry Olshansky -- Dmitry Olshansky Systems Engineer Demos llc.
Re: [openssl.org #3311] [PATCH] Introduce GOST R 34.11-2012 hash function
Hello Dmitry, Thanks a lot for your commitment! It would be good idea to add test cases for new functionality as well. On 14 April 2014 23:52, Dmitry Olshansky via RT r...@openssl.org wrote: It's been a bit over 2 years since the new Russian cryptography standard is out. RFCs 6986 and 7091 been out there for a while[1,2]. Other toolkits are adding support, e.g. Libgcrypt introduced GOST 34.11-2012 in 1.6.0 [3]. Keeping in mind that OpenSSL provides GOST reference engine it seems natural to revise it in the light of the new standard. To summarize the full set of changes for the new standard: - New hash function GOST R 34.11-2012 (Stribog) takes place of GOST R 34.11-94. After 2018 usage of 34.11-94 is basically prohibited. - Digital signature algorithm GOST 34.10-2001 is extended to support both 256bit and 512bit keys. The hash function to use is GOST R 34.11-2012. 256bit version is exactly the same modulo the hashing. - 2 new parameter sets (curves) for 512bit GOST 34.10-2012 are listed as recommended. Older ones stay as is for 256-bit version. - Symmetric cipher stays the same, one new S-box set was defined. - Key Exchange (VKO) is the same algorithm but with different hash function (HMAC of GOST 34.11-2012). This patch adds support for hash algorithm GOST R 34.11-2012 _only_ . The source code was initially tested on x86, PowerPC and ARMv4. New digests have short names md_gost12_256 and md_gost12_512 respectively. See attached patch or browse it on github: https://github.com/openssl/openssl/pull/68 Next steps towards full support are far less involved and consist mostly of minor changes such as adding paramsets and/or removing artificial limitations. 1. GOST R 34.11-2012: Hash Function http://tools.ietf.org/html/rfc6986 2. GOST R 34.10-2012: Digital Signature Algorithm http://tools.ietf.org/html/rfc7091 3. http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000336.html -- Dmitry Olshansky