sergezhigunov / opengost Goto Github PK

View Code? Open in Web Editor NEW

26.0 4.0 5.0 721 KB

An open-source .NET library providing the modern Russian national standard cryptographic algorithms

License: MIT License

C# 100.00%

digital-signature-algorithm cipher-algorithm hash-algorithm gost security cryptography cmac hmac

opengost's Introduction

OpenGost

Overview

An open-source .NET library providing the modern Russian national standard cryptographic algorithms

Supported Algorithms

512 and 256 bits Streebog hash algorithms (GOST R 34.11-2012)
Streebog HMAC (Hash-based Message Authentification Code) algorithms
Grasshopper block cipher algorithm (GOST R 34.12-2015, GOST R 34.13-2015)
CMAC Grasshopper (Cipher-based Message Authentification Code algorithm)
Magma block cipher algorithm (GOST R 34.12-2015, GOST R 34.13-2015)
CMAC Magma (Cipher-based Message Authentification Code algorithm)
512 and 256 bits GOST Elliptic Curve Digital Signature Algorithm (GOST R 34.10-2012)

Installation

To install Russian national standard cryptographic algorithms, run the following command in the Nuget Package Manager Console:

PM> Install-Package OpenGost.Security.Cryptography

After package installation, enable cryptographic services:

using OpenGost.Security.Cryptography;

OpenGostCryptoConfig.ConfigureCryptographicServices();

References

GOST R 34.11-2012 Information technology. Cryptographic data security. Hash function
GOST R 34.12-2015 Information technology. Cryptographic data security. Block ciphers
GOST R 34.13-2015 Information technology. Cryptographic data security. Modes of operation for block ciphers
NIST-CMAC NIST, Special Publication 800-38B, "Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication", May 2005.
RFC 2104 HMAC: Keyed-Hashing for Message Authentication
RFC 4357 Additional Cryptographic Algorithms for Use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms
RFC 4490 Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and GOST R 34.10-2001 Algorithms with Cryptographic Message Syntax (CMS)
RFC 4491 Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile
RFC 5830 GOST 28147-89: Encryption, Decryption, and Message Authentication Code (MAC) Algorithms
RFC 5831 GOST R 34.11-94: Hash Function Algorithm
RFC 5832 GOST R 34.10-2001: Digital Signature Algorithm
RFC 6986 GOST R 34.11-2012: Hash Function
RFC 7091 GOST R 34.10-2012: Digital Signature Algorithm
RFC 7801 GOST R 34.12-2015: Block Cipher "Kuznyechik"
RFC 7836 Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012
RFC 8133 The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol

opengost's People

Contributors

Stargazers

Watchers

Forkers

kanet4u mythrill longday niktopilsk parli4ment

opengost's Issues

Provide X509 certificate private key extraction mechanism

256-bit GostECDsaManaged sometimes fails

OpenGost.Security.Cryptography.Tests.GostECDsaManagedFacts.SignHash_CreatesVerifiableSignature_IfParametersWasNotGenereated(keySize: 256)
Source: GostECDsaManagedFacts.cs line 56
Duration: 117 ms

Message:
Assert.True() Failure
Expected: True
Actual: False

Stack Trace:
GostECDsaManagedFacts.SignHash_CreatesVerifiableSignature_IfParametersWasNotGenereated(Int32 keySize) line 66

Nuget package?

Thank you very much for such a useful library!
Do you have plans to add it to the nuget.org? Couldn't find it there.

Hi, does it working on Linux? I don't see any docs, can you please tell how does it working on .NET 6? CryptoPro forked CoreFX project for .net Core 3 to make signing possible on linux and windows (out of process on IIS supported only).

Ensure if PKCS#7 works properly with OpenGost

Example usage of OpenGost to verify XMLDSIG.

Hello, I've used this library to verify XMLDSIG created by CryptoPro, the main problem was that I needed to extract public key manually. Example:

public static bool VerifyXMLDSIG(string xmldsigFilename)
{
    if (xmldsigFilename == null)
        throw new ArgumentNullException(nameof(xmldsigFilename));

    var xmlDocument = new XmlDocument();
    xmlDocument.PreserveWhitespace = true;
    xmlDocument.Load(xmldsigFilename);
    var signedXml = new SignedXml(xmlDocument);
    var signatureElement = xmlDocument.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl)[0] as XmlElement;
    signedXml.LoadXml(signatureElement);
    
    var isValidXml = false;

    if (signedXml.KeyInfo != null)
    {
        foreach (KeyInfoClause clause in signedXml.KeyInfo)
        {
            if (isValidXml) break;

            if (clause is KeyInfoX509Data x509Data)
            {
                foreach(X509Certificate2 cert  in x509Data.Certificates)
                {
                    if (isValidXml) break;

                    var oid = cert.PublicKey.EncodedParameters.Oid;                            
                    var key = default(AsymmetricAlgorithm);

                    if (oid.Value == "1.2.643.7.1.1.1.1" || oid.Value == "1.2.643.7.1.1.1.2")
                    {
                        key = cert.GetGostECDsaPublicKey();
                        
                    } else
                    {
                        key = cert.GetECDsaPublicKey();
                    }

                    if (key  != null)
                    {
                        isValidXml = signedXml.CheckSignature(key);
                        key.Dispose();
                        key = null;
                    }                            
                }
            }
        }
    }           
    return isValidXml;
}

Add performance tests

SymmetricTransform.GetValidPadSize throws unexpected CryptographicException

Port to .NET 5.0

Port to .NET Standard 2.0

Optimize Streebog performance

Implement cryptographic services introduction into CryptoConfig

Add deterministic build support

SymmetricTransform.TransformFinalBlock throws unexpected IndexOutOfRangeException

Provide X509 certificate public key extraction mechanism

Optimize Grasshopper performance

Optimize Magma performance

It appears there is a bug in `GostECDsaCertificateExtensions.ReadParameters()`

It returns new ECParameters { Curve = curve, Q = publicPoint }; but GostECDsa.ImportParameters() also expects to read CryptoUtils.CloneArray(parameters.D).

However, the issue that brought me there is that it appears that my certificate's public key isn't read correctly. The parameters.D field is null after var publicKey = cert.GetGostECDsaPublicKey()!; var parameters = publicKey.ExportParameters(true); so subsequent attempts to use the results for signing a XML document results in NRE deep within this package's code.

Ensure if XMLDSig works properly with OpenGost

Create hash algorithm from OID

Hello, can anybody guide to how to create, for example, Streebog256 hash algorithm not from name:

HashAlgorithm.Create("Streebog256");

but something like:

HashAlgorithm.Create(HashAlgorithmName.FromOid("1.2.643.7.1.1.2.2").Name);

p.s.: Thanks for this awesome lib 👍