Hi!
I'm currently working on getting TLS with GOST ciphersuites in NSS: http://git.altlinux.org/people/manowar/packages/?p=nss.git;a=shortlog;h=refs/heads/gost-tls That's work in progress. However, I have some questions and proposals to the NSS community. New `SECOidTag algorithm` field in the `struct SECKEYECPublicKeyStr`. The algorithm tag (originated from a certificate) is used to determine how to parse the next `DEREncodedParams` field of that structure. In the upstream NSS code there is an assumption, that DER encoded parameters of an EC key always represent a single OID number. But that is not the case, at least, with GOST keys for which a SEQUENCE of parameters is supplied. On the other hand, the proper way to interpret the encoded parameters can possibly be *guessed* from the DER structure itself (and the actual values there). For example: if there is a sequence of two OIDs in the encoded parameters (and the OID values are in the GOST domain) then most probably it's a GOST key. However, the idea of having an identifier next to the encoded data which explicitly determines what is encoded seems more attractive to me. What do you think? Next, the PRF hashing algorithm in TLS versions prior 1.2. In the upstream NSS code there is currently no way of using a custom PRF hashing algorithm. That affects the calculation of the master secret and the encrypted TLS finishing message. With GOST ciphersuites you have to use GOST hashing for that with any TLS version. I have no good solution here yet. Does it violate the TLS 1.0 and 1.1 standards? And another thing: I can't find a corresponding mapping of the hashing algorithm to the TLS version in OpenSSL. The third is the "stream" MAC mode. The idea that the MACing context shouldn't be re-created for each packet but rather re-used along with the whole sequence of packets in the session. That's how MACing works with GOST. I've added the `stream` flag to the `struct SFTKSessionContextStr` and then have to use a special PKCS#11 mechanism number in order to signal the softoken module to use that mode (the mechanism parameters are standardized, so there is no place for a `stream` flag). -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
