An implementation of Russian cryptography standards for OpenSSL.
-Since v.1.0.0 OpenSSL provides facilities for creating external
-dynamically loaded cryptographic engines (OpenSSL should be built
-with dynamic engine support to be able to use it).
+Since v.0.9.6 OpenSSL provides facilities for creating external dynamically
+loaded cryptographic engines (OpenSSL should be built with dynamic engine
+support to be able to use it). Since v 1.0 it became possible to provide
+digital signature algorithms via engines.
This engine provides an implementation of various Russian cryptographic
-algorithms, known generally as GOST cryptographic algorithms (see detailed
-list below). These algorithms, can be used both via OpenSSL command line
-tools and via high-level libopenssl calls.
+algorithms, known generally as GOST cryptographic algorithms (see detailed list
+below). These algorithms can be used both via OpenSSL command line tools and
+via high-level libopenssl calls.
-OpenSSL GOST Engine also includes gostsum и gost12sum command line tools,
-for generating and checking GOST R34.11-94 and GOST R34.11-2012 hash sums.
-They have the same purposes and behavior as well known sha1sum and md5sum
-utilities.
+OpenSSL GOST Engine also includes 'gostsum' and 'gost12sum' command line tools
+for generating and checking GOST R34.11-94 and GOST R34.11-2012 hashsums.
+They have the same purposes and behavior as the well-known sha1sum and md5sum
+utilities. These utilities can be used independently from OpenSSL.
ALGORITHMS SUPPORTED
GOST R 34.10-2001 and GOST R 34.10-2012 - digital signature algorithms.
Also support key exchange based on public keys. See RFC 4357 for
details of VKO key exchange algorithm. These algorithms use
- 256 bit private keys. Public keys are 1024 bit for 94 and 512 bit for
- 2001 (which is elliptic-curve based). Key exchange algorithms
- (VKO R 34.10) are supported on these keys too.
-
+ 256 bit private keys for GOST 2001, 256/512 bits for GOST 2012.
+ Public keys are 512 bit for GOST 2001 and 512/1024 for GOST 2012.
+ Key exchange algorithms (VKO R 34.10) are supported on these keys too.
+
+GOST R 34.11-94 Message digest algorithm. 256-bit hash value.
+
GOST R 34.11-2012 Message digest algorithm. 256- and 512-bit hash values.
-GOST 28147-89 - Symmetric cipher with 256-bit key. Various modes are
- defined in the standard, but only CFB and CNT modes are implemented
+GOST 28147-89 - Symmetric cipher with 256-bit key. Various modes are
+ defined in the standard, but only CBC, CFB and CNT modes are implemented
in the engine. To make statistical analysis more difficult, key
meshing is supported (see RFC 4357).
-GOST 28147-89 MAC mode. Message authentication code. While most MAC
- algorithms out there are based on hash functions using HMAC
- algorithm, this algoritm is based on symmetric cipher.
- It has 256-bit symmetric key and only 32 bits of MAC value
+GOST 28147-89 MAC mode. Message authentication code. While a lot of MAC
+ algorithms out there are based on hash functions using HMAC algorithm,
+ this algoritm is based on symmetric cipher.
+ It has 256-bit symmetric key and 8-64 (default 32) bits of MAC value
(while HMAC has same key size and value size).
-
- Really, this algorithm supports from 8 to 64 bits of the MAC value
-
It is implemented as combination of EVP_PKEY type and EVP_MD type.
GOST R 34.13–2015 - Symmetric cypher Grasshopper ("Kuznechik")
-USAGE OF THESE ALGORITHMS
+USAGE OF GOST ALGORITHMS
-This engine is designed to allow usage of this algorithms in the
-high-level openssl functions, such as PKI, S/MIME and TLS.
+This engine is designed to allow usage of this algorithms in the high-level
+openssl functions, such as PKI, S/MIME and TLS. All the necessary constants are
+added to the main source tree of OpenSSL.
-See RFC 4490 for S/MIME with GOST algorithms and RFC 4491 for PKI.
-TLS support is implemented according IETF
-draft-chudov-cryptopro-cptls-03.txt and is compatible with
-CryptoPro CSP 3.0 and 3.6 as well as with MagPro CSP.
-GOST ciphersuites implemented in CryptoPro CSP 2.0 are not supported
-because they use ciphersuite numbers used now by AES ciphersuites.
+See RFC 4490 for S/MIME with GOST algorithms and RFC 4491 for PKI. TLS support
+is implemented according IETF draft-chudov-cryptopro-cptls-03.txt and is
+compatible with CryptoPro CSP 3.0+.
To use the engine you have to load it via openssl configuration
file. Applications should read openssl configuration file or provide
private keys, should use generic EVP_PKEY API instead of using RSA or
other algorithm-specific API.
-CONFIGURATION FILE
-
-Configuration file should include following statement in the global
-section, i.e. before first bracketed section header (see config(5) for details)
-
- openssl_conf = openssl_def
-
-where openssl_def is name of the section in configuration file which
-describes global defaults.
-
-This section should contain following statement:
-
- [openssl_def]
- engines = engine_section
-
-which points to the section which describes list of the engines to be
-loaded. This section should contain:
-
- [engine_section]
- gost = gost_section
-
-And section which describes configuration of the engine should contain
-
- [gost_section]
- engine_id = gost
- dynamic_path = /usr/lib/ssl/engines/libgost.so
- default_algorithms = ALL
- CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
-
-BouncyCastle cryptoprovider has some problems with private key parsing from PrivateKeyInfo,
-so if you want to use old private key representation format, which supported by BC,
-you must add:
- PK_PARAMS = LEGACY_PK_WRAP
-to [gost_section]
-
-Where engine_id parameter specifies name of engine (should be "gost").
-dynamic_path is a location of the loadable shared library implementing the
-engine. If the engine is compiled statically or is located in the OpenSSL
-engines directory, this line can be omitted.
-default_algorithms parameter specifies that all algorithms, provided by
-engine, should be used.
-
-The CRYPT_PARAMS parameter is engine-specific. It allows the user to choose
-between different parameter sets of symmetric cipher algorithm. RFC 4357
-specifies several parameters for the GOST 28147-89 algorithm, but OpenSSL
-doesn't provide user interface to choose one when encrypting. So use engine
-configuration parameter instead.
-
-Value of this parameter can be either short name, defined in OpenSSL
-obj_dat.h header file or numeric representation of OID, defined in RFC
-4357.
-
USAGE WITH COMMAND LINE openssl UTILITY
1. Generation of private key
Use -algorithm option to specify algorithm.
Use -pkeyopt option to pass paramset to algorithm. The following paramsets
are supported by
- gost94: 0,A,B,C,D,XA,XB,XC
- gost2001: 0,A,B,C,XA,XB
+ gost2001: 0,A,B,C,XA,XB
+ gost2012_256: 0,A,B,C,XA,XB,TCA,TCB,TCC,TCD
+ gost2012_512: A,B,C
You can also use numeric representation of OID as to destinate
paramset.
Ciphersuites with NULL encryption should be enabled explicitely if
needed.
-GOST2001-GOST89-GOST89 Uses GOST R 34.10-2001 for auth and key exchange
- GOST 28147-89 for encryption and GOST 28147-89 MAC
-GOST94-GOST89-GOST89 Uses GOST R 34.10-94 for auth and key exchange
+GOST2001-GOST89-GOST89 Uses GOST R 34.10-2001 for auth and key exchange,
GOST 28147-89 for encryption and GOST 28147-89 MAC
GOST2001-NULL-GOST94 Uses GOST R 34.10-2001 for auth and key exchange,
- no encryption and HMAC, based on GOST R 34.11-94
-GOST94-NULL-GOST94 Uses GOST R 34.10-94 for auth and key exchange,
- no encryption and HMAC, based on GOST R 34.11-94
+ no encryption and HMAC, based on GOST R 34.11-94
+GOST2012-GOST8912-GOST8912 Uses GOST R 34.10-2001 or 2012 for auth and key exchange,
+ GOST 28147-89 with paramset Z for encryption and GOST 28147-89 MAC with paramset Z
+GOST2012-NULL-GOST1 Uses GOST R 34.10-2001 or 2012 for auth and key exchange,
+ no encryption and HMAC, based on GOST R 34.11-2012 256-bit.
-Gost 94 and gost 2001 keys can be used simultaneously in the TLS server.
RSA, DSA and EC keys can be used simultaneously with GOST keys, if
server implementation supports loading more than two private
key/certificate pairs. In this case ciphersuites which use any of loaded
Calculation of HMAC based on GOST R 34.11-94
- openssl dgst -md_gost94 -mac hmac -macopt key:<32 bytes of key> datafile
+ openssl dgst -md_gost94 -hmac <32 bytes of key> datafile
(or use hexkey if key contain NUL bytes)
Calculation of GOST 28147 MAC
projects / openssl-gost / engine.git / blobdiff