gost94: add OID support #417
Conversation
There was a problem hiding this comment.
I wonder how the retracted TC26 OID 1.2.643.7.1.1.2.1 relates to the ones used in this PR. IIUC the OIDs are introduced by the CryptoPro company and it's not clear how "official" they are.
gost94/src/gost94_core.rs
Outdated
| { | ||
| const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.643.2.2.9"); | ||
| } | ||
|
|
There was a problem hiding this comment.
I would expect something like:
impl<P> AssociatedOid for Gost94Core<P>
where
P: Gost94Params + AssociatedOid,
{
const OID: ObjectIdentifier = P::OID;
}Or maybe even:
impl AssociatedOid for Gost94Core<TestParam> {
const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.643.2.2.30.0");
}
impl AssociatedOid for Gost94Core<CryptoProParam> {
const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.643.2.2.30.1");
}The latter approach would not be extensible for parameters defined in third-party crates, but I am not sure we need such capability.
There was a problem hiding this comment.
The problem is that the GOST 34.311-95 is referenced using the 1.2.643.2.2.9 OID rather than individual params OIDs. See, for example, the RFC4490 and its examples. Or likewise the examples from MR 26.2.002-2012.
In the worst case, we can use the 1.2.643.2.2.9 OID for Gost94Core<CryptoProParam>.
I'm waiting for @IvashchenkoSerhii to sched the light on 1.2.804.2.1.1.1.1.2.1 usage.
There was a problem hiding this comment.
Sigh... The situation is quite annoying. We generally use OIDs for a "complete" function. It's not clear how we can support a function which has OID in a parametrized form and separate OIDs for its parameters.
The problem is that the GOST 34.311-95 is referenced using the 1.2.643.2.2.9 OID rather than individual params OIDs. See, for example, the RFC4490 and its examples. Or likewise the examples from MR 26.2.002-2012.
IIUC in the RFC 4490 case the OID is given for the CryptoPro paramset:
This function is always used with default parameters id-GostR3411-94-CryptoProParamSet (see Section 8.2 of [CPALGS]).
Maybe MR 26.2.002-2012 is the same?
There was a problem hiding this comment.
Yes, the mentioned MR document doesn't specify any other params (or a way to specify them), so only CryptoPro params can be used with 1.2.643.2.2.9.
If I understand correctly this started in the same way as the story of RIPEMD OIDs. However unlike RIPEMD, the TC26 retracted duplicating OIDs. Now back to usage question. The OID |
|
For now I think we should use It may be worth to add a comment to the crate docs about |
lumag
force-pushed
the
gost94-oid
branch
2 times, most recently
from
edec2c6 to
1266d94
Compare
|
Done |
gost94/src/params.rs
Outdated
| impl AssociatedOid for CryptoProParam { | ||
| /// Per the RFC 4490, this OID is used for the GOST R 34.11-94 hash with CryptoPro params. | ||
| /// The OID 1.2.643.2.2.30.1 is used in the PublicKey params to denote CryptoPro paramset, but | ||
| /// not the hash function itself. |
There was a problem hiding this comment.
According to this description we should use:
impl AssociatedOid for Gost94Core<CryptoProParam> {
const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.643.2.2.9");
}
impl AssociatedOid for CryptoProParam {
const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.643.2.2.30.1");
}Of course, the blanket impl would be removed with code like this. It does create a certain ambiguity, but I think it's the best we can do.
Also comment like this probably should go the crate docs, otherwise it will be hard for users to discover it.
Signed-off-by: Dmitry Baryshkov <[email protected]>
|
Thank you! |
|
OID It really is a GOST 34.311-95 with the DSTU sBox (https://zakon.rada.gov.ua/laws/show/z0729-07#Text search by |
|
@IvashchenkoSerhii thank you! |
3 participants
This is an RFC for the 'oid' feature. I do not have example files with the DSTU usage, but hopefully @IvashchenkoSerhii can comment whether
1.2.804.2.1.1.1.1.2.1is used as a separate digest parameter OID or if it is an OID of the GOST 34.311-95 with the DSTU sBox.Additional notice. I have added
AssociatedOidimplementation for the individual params, howeve I do not see a way to get such OID given only the upper-level Gost94 type (CoreWrapper<Gost945Core<Gost94Params>>). Suggestions would be appreciated.