On 09/15/2009 07:47 AM, Andreev Konstantin wrote:
Hello.
I am currently in the process of adding support for GOST algorithms
(RFC 4357,4490,4491) into the NSS.
At this moment I implemented GOST hashing and GOST signature
verification algorithms in the NSS. This works throughout the whole
stack of mozilla code, from adding GOST X.509 certificate into the PSM
GUI to the freebl backend.
I'd like to contribute my work to Mozilla, and would like to
communicate with one of the NSS project owners/developers for code
review and guidelines.
Best regards,
--
I would like make some points about in this thread:
Currently both Seed and Camillia were added directly to NSS softoken.
This has the advantage that you can mimic what the other natively
supported algorithms do in NSS, it has the disadvantage that it puts
your non-FIPS algorithm into our FIPS token, subject to the restrictions
of FIPS update.
An alternative solution would be to add the new algorithm as a
separately loaded PKCS #11 module. NSS is capable to identifying these
modules and using them when necessary. At some point I would like to
move both Camillia and SEED to this type of module. In fact there is no
reason that this module couldn't hold all the non-FIPS algorithms.
The one thing I still really need to make this work is a way to
automatically add the new algorithm's configuration. (And add the
appropriate information to SSL, which currently still needs to have all
new cipher suites added programmatically).
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
