Independent Submission S. Smyshlyaev, Ed.
Request for Comments: 7836 E. Alekseev
Category: Informational I. Oshkin
ISSN: 2070-1721 V. Popov
S. Leontiev
CRYPTO-PRO
V. Podobaev
FACTOR-TS
D. Belyavsky
TCI
March 2016
Independent Submission S. Smyshlyaev, Ed.
Request for Comments: 7836 E. Alekseev
Category: Informational I. Oshkin
ISSN: 2070-1721 V. Popov
S. Leontiev
CRYPTO-PRO
V. Podobaev
FACTOR-TS
D. Belyavsky
TCI
March 2016
Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012
与标准GOST R 34.10-2012和GOST R 34.11-2012的使用相关的加密算法指南
Abstract
摘要
The purpose of this document is to make the specifications of the cryptographic algorithms defined by the Russian national standards GOST R 34.10-2012 and GOST R 34.11-2012 available to the Internet community for their implementation in the cryptographic protocols based on the accompanying algorithms.
本文件的目的是使俄罗斯国家标准GOST R 34.10-2012和GOST R 34.11-2012中定义的加密算法规范可供互联网社区使用,以在基于随附算法的加密协议中实施。
These specifications define the pseudorandom functions, the key agreement algorithm based on the Diffie-Hellman algorithm and a hash function, the parameters of elliptic curves, the key derivation functions, and the key export functions.
这些规范定义了伪随机函数、基于Diffie-Hellman算法和哈希函数的密钥协商算法、椭圆曲线的参数、密钥派生函数和密钥导出函数。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
这是对RFC系列的贡献,独立于任何其他RFC流。RFC编辑器已选择自行发布此文档,并且未声明其对实现或部署的价值。RFC编辑批准发布的文件不适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7836.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7836.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions Used in This Document . . . . . . . . . . . . . . 3
3. Basic Terms, Definitions, and Notations . . . . . . . . . . . 3
4. Algorithm Descriptions . . . . . . . . . . . . . . . . . . . 6
4.1. HMAC Functions . . . . . . . . . . . . . . . . . . . . . 6
4.2. Pseudorandom Functions . . . . . . . . . . . . . . . . . 7
4.3. VKO Algorithms for Key Agreement . . . . . . . . . . . . 8
4.4. The Key Derivation Function KDF_TREE_GOSTR3411_2012_256 . 10
4.5. The Key Derivation Function KDF_GOSTR3411_2012_256 . . . 11
4.6. Key Wrap and Key Unwrap . . . . . . . . . . . . . . . . . 11
5. The Parameters of Elliptic Curves . . . . . . . . . . . . . . 12
5.1. Canonical Form . . . . . . . . . . . . . . . . . . . . . 13
5.2. Twisted Edwards Form . . . . . . . . . . . . . . . . . . 14
6. Security Considerations . . . . . . . . . . . . . . . . . . . 15
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 16
7.1. Normative References . . . . . . . . . . . . . . . . . . 16
7.2. Informative References . . . . . . . . . . . . . . . . . 17
Appendix A. Values of the Parameter Sets . . . . . . . . . . . . 18
A.1. Canonical Form Parameters . . . . . . . . . . . . . . . . 18
A.2. Twisted Edwards Form Parameters . . . . . . . . . . . . . 20
Appendix B. Test Examples . . . . . . . . . . . . . . . . . . . 22
Appendix C. GOST 28147-89 Parameter Set . . . . . . . . . . . . 30
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 30
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions Used in This Document . . . . . . . . . . . . . . 3
3. Basic Terms, Definitions, and Notations . . . . . . . . . . . 3
4. Algorithm Descriptions . . . . . . . . . . . . . . . . . . . 6
4.1. HMAC Functions . . . . . . . . . . . . . . . . . . . . . 6
4.2. Pseudorandom Functions . . . . . . . . . . . . . . . . . 7
4.3. VKO Algorithms for Key Agreement . . . . . . . . . . . . 8
4.4. The Key Derivation Function KDF_TREE_GOSTR3411_2012_256 . 10
4.5. The Key Derivation Function KDF_GOSTR3411_2012_256 . . . 11
4.6. Key Wrap and Key Unwrap . . . . . . . . . . . . . . . . . 11
5. The Parameters of Elliptic Curves . . . . . . . . . . . . . . 12
5.1. Canonical Form . . . . . . . . . . . . . . . . . . . . . 13
5.2. Twisted Edwards Form . . . . . . . . . . . . . . . . . . 14
6. Security Considerations . . . . . . . . . . . . . . . . . . . 15
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 16
7.1. Normative References . . . . . . . . . . . . . . . . . . 16
7.2. Informative References . . . . . . . . . . . . . . . . . 17
Appendix A. Values of the Parameter Sets . . . . . . . . . . . . 18
A.1. Canonical Form Parameters . . . . . . . . . . . . . . . . 18
A.2. Twisted Edwards Form Parameters . . . . . . . . . . . . . 20
Appendix B. Test Examples . . . . . . . . . . . . . . . . . . . 22
Appendix C. GOST 28147-89 Parameter Set . . . . . . . . . . . . 30
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 30
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30
The accompanying algorithms are intended for the implementation of cryptographic protocols. This memo contains a description of the accompanying algorithms based on the Russian national standards GOST R 34.10-2012 [GOST3410-2012] and GOST R 34.11-2012 [GOST3411-2012]. The English versions of these standards can be found in [RFC7091] and [RFC6986]; the English version of the encryption standard GOST 28147-89 [GOST28147-89] (which is used in the key export functions) can be found in [RFC5830].
附带的算法旨在实现加密协议。本备忘录包含基于俄罗斯国家标准GOST R 34.10-2012[GOST3410-2012]和GOST R 34.11-2012[GOST3411-2012]的随附算法说明。这些标准的英文版本见[RFC7091]和[RFC6986];加密标准GOST 28147-89[GOST28147-89](用于密钥导出功能)的英文版本可在[RFC5830]中找到。
The specifications of algorithms and parameters proposed in this memo are provided on the basis of experience in the development of the cryptographic protocols, as described in [RFC4357], [RFC4490], and [RFC4491].
本备忘录中提出的算法和参数规范是根据[RFC4357]、[RFC4490]和[RFC4491]中所述的密码协议开发经验提供的。
This memo describes the pseudorandom functions, the key agreement algorithm based on the Diffie-Hellman algorithm and a hash function, the parameters of elliptic curves, the key derivation functions, and the key export functions necessary to ensure interoperability of security protocols that make use of the Russian cryptographic standards GOST R 34.10-2012 [GOST3410-2012] digital signature algorithm and GOST R 34.11-2012 [GOST3411-2012] cryptographic hash function.
本备忘录介绍了伪随机函数、基于Diffie-Hellman算法和哈希函数的密钥协商算法、椭圆曲线参数、密钥派生函数、,以及确保使用俄罗斯加密标准GOST R 34.10-2012[GOST3410-2012]数字签名算法和GOST R 34.11-2012[GOST3411-2012]加密哈希函数的安全协议互操作性所需的密钥导出功能。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
This document uses the following terms and definitions for the sets and operations on the elements of these sets:
本文档使用以下术语和定义来描述集合和集合元素的操作:
(xor) Exclusive-or of two binary vectors of the same length.
(异或)两个长度相同的二进制向量的异或。
V_n The finite vector space over GF(2) of dimension n, n >= 0,
with the (xor) operation. For n = 0, the V_0 space consists
of a single empty element of size 0.
If U is an element of V_n, then U = (u_(n-1), u_(n-2), ...,
u_1, u_0), where u_i in {0, 1}.
V_n The finite vector space over GF(2) of dimension n, n >= 0,
with the (xor) operation. For n = 0, the V_0 space consists
of a single empty element of size 0.
If U is an element of V_n, then U = (u_(n-1), u_(n-2), ...,
u_1, u_0), where u_i in {0, 1}.
V_(8, r)
The set of byte vectors of size r, r >= 0, for r = 0 the
V_(8, r) set consists of a single empty element of size 0.
If W is an element of V_(8, r), r > 0, then W = (w^0, w^1,
..., w^(r-1)), where w^0, w^1, ..., w^(r-1) are elements of
V_8.
V_(8, r)
The set of byte vectors of size r, r >= 0, for r = 0 the
V_(8, r) set consists of a single empty element of size 0.
If W is an element of V_(8, r), r > 0, then W = (w^0, w^1,
..., w^(r-1)), where w^0, w^1, ..., w^(r-1) are elements of
V_8.
Bit representation
The bit representation of the element W = (w^0, w^1, ...,
w^(r-1)) of V_(8, r) is an element (w_(8r-1), w_(8r-2), ...,
w_1, w_0) of V_(8*r), where w^0 = (w_7, w_6, ..., w_0),
w^1 = (w_15, w_14, ..., w_8), ..., w^(r-1) = (w_(8r-1),
w_(8r-2), ..., w_(8r-8)) are elements of V_8.
Bit representation
The bit representation of the element W = (w^0, w^1, ...,
w^(r-1)) of V_(8, r) is an element (w_(8r-1), w_(8r-2), ...,
w_1, w_0) of V_(8*r), where w^0 = (w_7, w_6, ..., w_0),
w^1 = (w_15, w_14, ..., w_8), ..., w^(r-1) = (w_(8r-1),
w_(8r-2), ..., w_(8r-8)) are elements of V_8.
Byte representation
If n is a multiple of 8, r = n/8, then the byte
representation of the element W = (w_(n-1), w_(n-2), ...,
w_0) of V_n is a byte vector (w^0, w^1, ..., w^(r-1)) of
V_(8, r), where w^0 = (w_7, w_6, ..., w_0), w^1 = (w_15,
w_14, ..., w_8), ..., w^(r-1) = (w_(8r-1), w_(8r-2), ...,
w_(8r-8)) are elements of V_8.
Byte representation
If n is a multiple of 8, r = n/8, then the byte
representation of the element W = (w_(n-1), w_(n-2), ...,
w_0) of V_n is a byte vector (w^0, w^1, ..., w^(r-1)) of
V_(8, r), where w^0 = (w_7, w_6, ..., w_0), w^1 = (w_15,
w_14, ..., w_8), ..., w^(r-1) = (w_(8r-1), w_(8r-2), ...,
w_(8r-8)) are elements of V_8.
A|B Concatenation of byte vectors A and B, i.e., if A in
V_(8, r1), B in V_(8, r2), A = (a^0, a^1, ..., a^(r1-1)) and
B = (b^0, b^1, ..., b^(r2-1)), then A|B = (a^0, a^1, ...,
a^(r1-1), b^0, b^1, ..., b^(r2-1)) is an element of V_(8,
r1+r2).
A|B Concatenation of byte vectors A and B, i.e., if A in
V_(8, r1), B in V_(8, r2), A = (a^0, a^1, ..., a^(r1-1)) and
B = (b^0, b^1, ..., b^(r2-1)), then A|B = (a^0, a^1, ...,
a^(r1-1), b^0, b^1, ..., b^(r2-1)) is an element of V_(8,
r1+r2).
K (key) An arbitrary element of V_n. If K in V_n, then its size (in bits) is equal to n, where n can be an arbitrary natural number.
K(key)V_n的任意元素。如果K在V_n中,则其大小(以位为单位)等于n,其中n可以是任意自然数。
This memo uses the following abbreviations and symbols:
本备忘录使用以下缩写和符号:
+---------+---------------------------------------------------------+
| Symbols | Meaning |
+---------+---------------------------------------------------------+
| H_256 | GOST R 34.11-2012 hash function with 256-bit output |
| | |
| H_512 | GOST R 34.11-2012 hash function with 512-bit output |
| | |
| HMAC | Hashed-based Message Authentication Code. A function |
| | for calculating a message authentication code, based on |
| | a hash function in accordance with [RFC2104] |
| | |
| PRF | A pseudorandom function, i.e., a transformation that |
| | allows generation of a pseudorandom sequence of bytes |
| | |
| KDF | A key derivation function, i.e., a transformation that |
| | allows keys and keying material to be derived from the |
| | root key and additional input using a pseudorandom |
| | function |
| | |
| VKO | A key agreement algorithm based on the Diffie-Hellman |
| | algorithm and a hash function |
+---------+---------------------------------------------------------+
+---------+---------------------------------------------------------+
| Symbols | Meaning |
+---------+---------------------------------------------------------+
| H_256 | GOST R 34.11-2012 hash function with 256-bit output |
| | |
| H_512 | GOST R 34.11-2012 hash function with 512-bit output |
| | |
| HMAC | Hashed-based Message Authentication Code. A function |
| | for calculating a message authentication code, based on |
| | a hash function in accordance with [RFC2104] |
| | |
| PRF | A pseudorandom function, i.e., a transformation that |
| | allows generation of a pseudorandom sequence of bytes |
| | |
| KDF | A key derivation function, i.e., a transformation that |
| | allows keys and keying material to be derived from the |
| | root key and additional input using a pseudorandom |
| | function |
| | |
| VKO | A key agreement algorithm based on the Diffie-Hellman |
| | algorithm and a hash function |
+---------+---------------------------------------------------------+
To generate a byte sequence of the size r with functions that give a longer output, the output is truncated to the first r bytes. This remark applies to the following functions:
要使用提供更长输出的函数生成大小为r的字节序列,输出将被截断为第一个r字节。此备注适用于以下功能:
o the functions described in Section 4.2;
o 第4.2节所述的功能;
o KDF_TREE_GOSTR3411_2012_256 described in Section 4.4;
o 第4.4节所述KDF_TREE_GOSTR3411_2012_256;
o KDF_GOSTR3411_2012_256 described in Section 4.5.
o KDF_GOSTR3411_2012_256如第4.5节所述。
Hereinafter, all data are provided in byte representation unless otherwise specified.
下文中,除非另有规定,否则所有数据均以字节表示形式提供。
If a function is defined outside this document (e.g., H_256) and its definition requires arguments in bit representation, it is assumed that the bit representations of the arguments are formed immediately before the calculation of the function (in particular, immediately after the application of the operation (|) to the byte representation of the arguments).
如果函数是在本文档之外定义的(例如,H|256),且其定义需要位表示形式的参数,则假定参数的位表示形式是在函数计算之前(尤其是在应用操作(|)之后)立即形成的到参数的字节表示形式)。
If the output of another function defined outside of this document is used as an argument of the functions defined below and it has the bit representation, then it is assumed that an output MUST have a length
如果本文档之外定义的另一个函数的输出用作下面定义的函数的参数,并且具有位表示,则假定输出必须具有长度
that is a multiple of 8 and that it will be translated into the byte representation in advance.
这是8的倍数,它将提前转换为字节表示形式。
When a point on an elliptic curve is given to an input of a hash function, affine coordinates for short Weierstrass form are used (see Section 5): an x coordinate value is fed first, a y coordinate value is fed second, both in little-endian format.
当将椭圆曲线上的一个点作为散列函数的输入时,使用短Weierstrass形式的仿射坐标(参见第5节):首先输入x坐标值,然后输入y坐标值,这两种格式都是little-endian格式。
This section defines the HMAC transformations based on the GOST R 34.11-2012 [GOST3411-2012] algorithm.
本节定义了基于GOST R 34.11-2012[GOST3411-2012]算法的HMAC转换。
This HMAC transformation is based on the GOST R 34.11-2012 [GOST3411-2012] hash function with 256-bit output. The object identifier of this transformation is shown below:
此HMAC转换基于GOST R 34.11-2012[GOST3411-2012]哈希函数,具有256位输出。此转换的对象标识符如下所示:
id-tc26-hmac-gost-3411-12-256::= {iso(1) member-body(2) ru(643)
rosstandart(7) tc26(1) algorithms(1) mac(4) hmac-gost-
3411-12-256(1)}.
id-tc26-hmac-gost-3411-12-256::= {iso(1) member-body(2) ru(643)
rosstandart(7) tc26(1) algorithms(1) mac(4) hmac-gost-
3411-12-256(1)}.
This algorithm uses H_256 as a hash function for HMAC, described in [RFC2104]. The method of forming the values of ipad and opad is also specified in [RFC2104]. The size of HMAC_GOSTR3411_2012_256 output is equal to 32 bytes, the block size of the iterative procedure for the H_256 compression function is equal to 64 bytes (in the notation of [RFC2104], L = 32 and B = 64, respectively).
该算法使用H_256作为HMAC的哈希函数,如[RFC2104]所述。[RFC2104]中还规定了形成ipad和opad值的方法。HMAC_GOSTR3411_2012_256输出的大小等于32字节,H_256压缩函数的迭代过程的块大小等于64字节(以[RFC2104]表示,分别为L=32和B=64)。
This HMAC transformation is based on the GOST R 34.11-2012 [GOST3411-2012] hash function with 512-bit output. The object identifier of this transformation is shown below:
此HMAC转换基于GOST R 34.11-2012[GOST3411-2012]哈希函数,输出512位。此转换的对象标识符如下所示:
id-tc26-hmac-gost-3411-12-512::= {iso(1) member-body(2) ru(643)
rosstandart(7) tc26(1) algorithms(1) mac(4) hmac-gost-
3411-12-512(2)}.
id-tc26-hmac-gost-3411-12-512::= {iso(1) member-body(2) ru(643)
rosstandart(7) tc26(1) algorithms(1) mac(4) hmac-gost-
3411-12-512(2)}.
This algorithm uses H_512 as a hash function for HMAC, described in [RFC2104]. The method of forming the values of ipad and opad is also specified in [RFC2104]. The size of HMAC_GOSTR3411_2012_512 output is equal to 64 bytes, the block size of the iterative procedure for the H_512 compression function is equal to 64 bytes (in the notation of [RFC2104], L = 64 and B = 64, respectively).
该算法使用H_512作为HMAC的哈希函数,如[RFC2104]所述。[RFC2104]中还规定了形成ipad和opad值的方法。HMAC_GOSTR3411_2012_512输出的大小等于64字节,H_512压缩函数的迭代过程的块大小等于64字节(以[RFC2104]表示,分别为L=64和B=64)。
This section defines four HMAC-based PRF transformations recommended for usage. Two of them are designed for the Transport Layer Security (TLS) protocol and two are designed for the IPsec protocol.
本节定义了推荐使用的四种基于HMAC的PRF转换。其中两个是为传输层安全(TLS)协议设计的,两个是为IPsec协议设计的。
This is the transformation providing the pseudorandom function for the TLS protocol (1.0 and higher versions) in accordance with GOST R 34.11-2012 [GOST3411-2012]. It uses the P_GOSTR3411_2012_256 function that is similar to the P_hash function defined in Section 5 of [RFC5246], where the HMAC_GOSTR3411_2012_256 function (defined in Section 4.1.1 of this document) is used as the HMAC_hash function.
这是根据GOST R 34.11-2012[GOST3411-2012]为TLS协议(1.0及更高版本)提供伪随机函数的转换。它使用P_GOSTR3411_2012_256函数,该函数类似于[RFC5246]第5节中定义的P_散列函数,其中HMAC_GOSTR3411_2012_256函数(在本文件第4.1.1节中定义)用作HMAC_散列函数。
PRF_TLS_GOSTR3411_2012_256 (secret, label, seed) = = P_GOSTR3411_2012_256 (secret, label | seed).
PRF_TLS_GOSTR3411_2012_256(机密、标签、种子)=P_GOSTR3411_2012_256(机密、标签、种子)。
Label and seed values MUST be assigned by a protocol, their lengths SHOULD be fixed by a protocol in order to avoid possible collisions.
标签和种子值必须由协议指定,其长度应由协议固定,以避免可能的冲突。
This is the transformation providing the pseudorandom function for the TLS protocol (1.0 and higher versions) in accordance with GOST R 34.11-2012 [GOST3411-2012]. It uses the P_GOSTR3411_2012_512 function that is similar to the P_hash function defined in Section 5 of [RFC5246], where the HMAC_GOSTR3411_2012_512 function (defined in Section 4.1.2 of this document) is used as the HMAC_hash function.
这是根据GOST R 34.11-2012[GOST3411-2012]为TLS协议(1.0及更高版本)提供伪随机函数的转换。它使用P_GOSTR3411_2012_512函数,该函数类似于[RFC5246]第5节中定义的P_散列函数,其中HMAC_GOSTR3411_2012_512函数(在本文件第4.1.2节中定义)用作HMAC_散列函数。
PRF_TLS_GOSTR3411_2012_512 (secret, label, seed) = = P_GOSTR3411_2012_512 (secret, label | seed).
PRF_TLS_GOSTR3411_2012_512(机密、标签、种子)=P_GOSTR3411_2012_512(机密、标签、种子)。
Label and seed values MUST be assigned by a protocol, their lengths SHOULD be fixed by a protocol in order to avoid possible collisions.
标签和种子值必须由协议指定,其长度应由协议固定,以避免可能的冲突。
The specification for the Internet Key Exchange protocol version 2 (IKEv2) [RFC7296] defines the usage of PRFs in various parts of the protocol for the purposes of generating and authenticating keying material.
互联网密钥交换协议版本2(IKEv2)[RFC7296]的规范定义了协议各部分中PRF的使用,以生成和验证密钥材料。
IKEv2 has no default PRF. This document specifies that HMAC_GOSTR3411_2012_256 may be used as the "prf" function in the "prf+" function for the IKEv2 protocol
IKEv2没有默认的PRF。本文件规定HMAC_GOSTR3411_2012_256可用作IKEv2协议“prf+”功能中的“prf”功能
(PRF_IPSEC_PRFPLUS_GOSTR3411_2012_256). Also, this document specifies that HMAC_GOSTR3411_2012_512 may be used as the "prf" function in the "prf+" function for the IKEv2 protocol (PRF_IPSEC_PRFPLUS_GOSTR3411_2012_512).
(PRF_IPSEC_PRFPLUS_GOSTR3411_2012_256)。此外,本文件规定HMAC_GOSTR3411_2012_512可用作IKEv2协议(prf_IPSEC_PRFPLUS_GOSTR3411_2012_512)的“prf+”函数中的“prf”函数。
This section specifies the key agreement algorithms based on GOST R 34.10-2012 [GOST3410-2012].
本节规定了基于GOST R 34.10-2012[GOST3410-2012]的关键协议算法。
The VKO_GOSTR3410_2012_256 transformation is used for agreement of 256-bit keys and is based on the 256-bit version of GOST R 34.11-2012 [GOST3411-2012]. This algorithm can be applied for a key agreement using GOST R 34.10-2012 [GOST3410-2012] with 256-bit or 512-bit private keys.
VKO_GOSTR3410_2012_256转换用于协议256位密钥,并基于GOST R 34.11-2012的256位版本[GOST3411-2012]。该算法可用于使用GOST R 34.10-2012[GOST3410-2012]和256位或512位私钥的密钥协议。
The algorithm is designed to produce an encryption key or a keying material of size 256 bits to be used in various cryptographic protocols. A key or a keying material KEK_VKO (x, y, UKM) is produced from the private key x of one side, the public key y*P of the opposite side and the User Keying Material (UKM) value.
该算法设计用于产生256位大小的加密密钥或密钥材料,以用于各种加密协议。密钥或密钥材料KEK_VKO(x,y,UKM)由一侧的私钥x、另一侧的公钥y*P和用户密钥材料(UKM)值产生。
The algorithm can be used for static and ephemeral keys with the public key size n >= 512 bits including the case where one side uses a static key and the other uses an ephemeral one.
该算法可用于公钥大小n>=512位的静态密钥和临时密钥,包括一方使用静态密钥而另一方使用临时密钥的情况。
The UKM parameter is optional (the default UKM = 1) and can take any integer value from 1 to 2^(n/2)-1. It is allowed to use a non-zero UKM of an arbitrary size that does not exceed n/2 bits. If at least one of the parties uses static keys, the RECOMMENDED length of UKM is 64 bits or more.
UKM参数是可选的(默认UKM=1),可以取1到2^(n/2)-1之间的任何整数值。允许使用不超过n/2位的任意大小的非零UKM。如果至少有一方使用静态密钥,建议的UKM长度为64位或更多。
KEK_VKO (x, y, UKM) is calculated using the formulas:
KEK_VKO(x,y,UKM)的计算公式如下:
KEK_VKO (x, y, UKM) = H_256 (K (x, y, UKM)),
KEK_VKO(x,y,UKM)=H_256(K(x,y,UKM)),
K (x, y, UKM) = (m/q*UKM*x mod q)*(y*P),
K (x, y, UKM) = (m/q*UKM*x mod q)*(y*P),
where m and q are the parameters of an elliptic curve defined in the GOST R 34.10-2012 [GOST3411-2012] standard (m is an elliptic curve points group order, q is an order of a cyclic subgroup), P is a non-zero point of the subgroup; P is defined by a protocol.
其中m和q是GOST R 34.10-2012[GOST3411-2012]标准中定义的椭圆曲线的参数(m是椭圆曲线点群阶,q是循环子群阶),P是子群的非零点;P由协议定义。
This algorithm is defined similar to the one specified in Section 5.2 of [RFC4357], but applies the hash function H_256 instead of the hash function GOST R 34.11-94 [GOST3411-94] (referred to as "gostR3411").
该算法的定义类似于[RFC4357]第5.2节中规定的算法,但应用哈希函数H_256,而不是哈希函数GOST R 34.11-94[GOST3411-94](称为“gostR3411”)。
In addition, K(x, y, UKM) is calculated with public key size n >= 512 bits and UKM has a size up to n/2 bits.
此外,K(x,y,UKM)是使用公钥大小n>=512位来计算的,并且UKM的大小高达n/2位。
The VKO_GOSTR3410_2012_512 transformation is used for agreement of 512-bit keys and is based on the 512-bit version of GOST R 34.11-2012 [GOST3411-2012]. This algorithm can be applied for a key agreement using GOST R 34.10-2012 [GOST3410-2012] with 512-bit private keys.
VKO_GOSTR3410_2012_512转换用于512位密钥的协商,并基于GOST R 34.11-2012的512位版本[GOST3411-2012]。该算法可用于使用GOST R 34.10-2012[GOST3410-2012]和512位私钥的密钥协议。
The algorithm is designed to produce an encryption key or a keying material of size 512 bits to be used in various cryptographic protocols. A key or a keying material KEK_VKO (x, y, UKM) is produced from the private key x of one side, the public key y*P of the opposite side and the UKM value, considered as an integer.
该算法旨在产生一个大小为512位的加密密钥或密钥材料,用于各种加密协议。密钥或密钥材料KEK_VKO(x,y,UKM)由一侧的私钥x、另一侧的公钥y*P和被视为整数的UKM值产生。
The algorithm can be used for static and ephemeral keys with the public key size n >= 1024 bits including the case where one side uses a static key and the other uses an ephemeral one.
该算法可用于公钥大小n>=1024位的静态密钥和临时密钥,包括一方使用静态密钥而另一方使用临时密钥的情况。
The UKM parameter is optional (the default UKM = 1) and can take any integer value from 1 to 2^(n/2)-1. It is allowed to use a non-zero UKM of an arbitrary size that does not exceed n/2 bits. If at least one of the parties uses static keys, the RECOMMENDED length of UKM is 128 bits or more.
UKM参数是可选的(默认UKM=1),可以取1到2^(n/2)-1之间的任何整数值。允许使用不超过n/2位的任意大小的非零UKM。如果至少有一方使用静态密钥,建议的UKM长度为128位或更多。
KEK_VKO (x, y, UKM) is calculated using the formulas:
KEK_VKO(x,y,UKM)的计算公式如下:
KEK_VKO (x, y, UKM) = H_512 (K (x, y, UKM)),
KEK_VKO(x,y,UKM)=H_512(K(x,y,UKM)),
K (x, y, UKM) = (m/q*UKM*x mod q)*(y*P),
K (x, y, UKM) = (m/q*UKM*x mod q)*(y*P),
where m and q are the parameters of an elliptic curve defined in the GOST R 34.10-2012 [GOST3411-2012] standard (m is an elliptic curve points group order, q is an order of a cyclic subgroup), P is a non-zero point of the subgroup; P is defined by a protocol.
其中m和q是GOST R 34.10-2012[GOST3411-2012]标准中定义的椭圆曲线的参数(m是椭圆曲线点群阶,q是循环子群阶),P是子群的非零点;P由协议定义。
This algorithm is defined similar to the one specified in Section 5.2 of [RFC4357], but applies the hash function H_512 instead of the hash function GOST R 34.11-94 [GOST3411-94] (referred to as "gostR3411"). In addition, K(x, y, UKM) is calculated with public key size n >= 1024 bits and UKM has a size up to n/2 bits.
该算法的定义类似于[RFC4357]第5.2节中规定的算法,但应用哈希函数H_512,而不是哈希函数GOST R 34.11-94[GOST3411-94](称为“gostR3411”)。此外,K(x,y,UKM)是使用公钥大小n>=1024位来计算的,并且UKM的大小高达n/2位。
The key derivation function KDF_TREE_GOSTR3411_2012_256 based on the HMAC_GOSTR3411_2012_256 function is given by:
基于HMAC_GOSTR3411_2012_256函数的密钥派生函数KDF_TREE_GOSTR3411_2012_256如下所示:
KDF_TREE_GOSTR3411_2012_256 (K_in, label, seed, R) = K(1) | K(2) | K(3) | K(4) |...,
KDF|U TREE_GOSTR3411_2012_256(K|U in,标签,种子,R)=K(1)| K(2)| K(3)| K(4)|。。。,
K(i) = HMAC_GOSTR3411_2012_256 (K_in, [i]_b | label | 0x00 | seed | [L]_b), i >= 1,
K(i)=HMAC_GOSTR3411_2012_256(K_in,[i]_b |标签| 0x00 |种子|[L]_b),i>=1,
where:
哪里:
K_in Derivation key.
K_在派生键中。
label, seed The parameters that MUST be assigned by a protocol; their lengths SHOULD be fixed by a protocol.
标记、种子必须由协议分配的参数;其长度应通过协议固定。
R A fixed external parameter, with possible values of 1, 2, 3, or 4.
R一个固定的外部参数,可能值为1、2、3或4。
i Iteration counter.
我需要一个迭代计数器。
[i]_b Byte representation of the iteration counter (in the network byte order); the number of bytes in the representation [i]_b is equal to R (no more than 4 bytes).
[i] 迭代计数器的字节表示(以网络字节顺序);表示[i]_b中的字节数等于R(不超过4个字节)。
L The required size (in bits) of the generated keying material (an integer, not exceeding 256*(2^(8*R)-1)).
L生成的键控材料的所需大小(位)(整数,不超过256*(2^(8*R)-1))。
[L]_b Byte representation of L, in network byte order (variable length: no leading zero bytes added).
[五十] _b以网络字节顺序表示L(可变长度:未添加前导零字节)。
The key derivation function KDF_TREE_GOSTR3411_2012_256 is intended for generating a keying material of size L, not exceeding 256*(2^(8*R)-1) bits, and utilizing general principles of the input and output for the key derivation function outlined in Section 5.1 of NIST SP 800-108 [NISTSP800-108]. The HMAC_GOSTR3411_2012_256 algorithm described in Section 4.1.1 is selected as a pseudorandom function.
密钥派生函数KDF_TREE_GOSTR3411_2012_256旨在生成大小为L的密钥材料,不超过256*(2^(8*R)-1)位,并利用NIST SP 800-108[NISTSP800-108]第5.1节中概述的密钥派生函数输入和输出的一般原理。选择第4.1.1节中描述的HMAC_GOSTR3411_2012_256算法作为伪随机函数。
Each key derived from the keying material formed using the derivation key K_in (0-level key) may be a 1-level derivation key and may be used to generate a new keying material. The keying material derived from the first level derivation key can be split down into the second level derivation keys. The application of this procedure leads to the construction of the key tree with the root key and the formation
从使用派生密钥K_in(0级密钥)形成的键控材料派生的每个密钥可以是1级派生密钥,并且可以用于生成新的键控材料。从第一级衍生关键点衍生的关键点材质可以拆分为第二级衍生关键点。应用此过程可以构造具有根键的键树并形成
of the keying material to the hierarchy of the levels, as described in Section 6 of NIST SP 800-108 [NISTSP800-108]. The partitioning procedure for keying material at each level is defined in accordance with a specific protocol.
按照NIST SP 800-108[NISTSP800-108]第6节中的描述,将键控材料分为等级。根据特定协议定义了在每一级别上对材料进行键控的分区过程。
The KDF_GOSTR3411_2012_256 function is equivalent to the function KDF_TREE_GOSTR3411_2012_256, when R = 1, L = 256, and is given by:
当R=1,L=256时,KDF_GOSTR3411_2012_256函数等效于函数KDF_TREE_GOSTR3411_2012_256,由下式给出:
KDF_GOSTR3411_2012_256 (K_in, label, seed) = HMAC_GOSTR3411_2012_256 (K_in, 0x01 | label | 0x00 | seed | 0x01 | 0x00),
KDF_GOSTR3411_2012_256(K_-in,标签,种子)=HMAC_GOSTR3411_2012_256(K_-in,0x01 |标签| 0x00 |种子| 0x01 | 0x00),
where:
哪里:
K_in Derivation key.
K_在派生键中。
label, seed The parameters that MUST be assigned by a protocol; their lengths SHOULD be fixed by a protocol.
标记、种子必须由协议分配的参数;其长度应通过协议固定。
Wrapped representation of a secret key K (256-bit GOST 28147-89 [GOST28147-89] key, 256-bit or 512-bit GOST R 34.10-2012 [GOST3410-2012] private key) is formed as follows by using a given export key K_e (GOST 28147-89 [GOST28147-89] key) and a random seed vector:
密钥K(256位GOST 28147-89[GOST28147-89]密钥、256位或512位GOST R 34.10-2012[GOST3410-2012]私钥)的包装表示通过使用给定的导出密钥K_e(GOST 28147-89[GOST28147-89]密钥)和随机种子向量形成如下:
1. Generate a random seed vector from 8 up to 16 bytes.
1. 生成8到16字节的随机种子向量。
2. With the key derivation function, using an export key K_e as a derivation key, produce a key KEK_e (K_e, seed), where:
2. 使用密钥派生函数,使用导出密钥K_e作为派生密钥,生成密钥K_e(K_e,seed),其中:
KEK_e (K_e, seed) = KDF_GOSTR3411_2012_256 (K_e, label, seed),
KEK_e(K_e,种子)=KDF_GOSTR3411_2012_256(K_e,标签,种子),
where the KDF_GOSTR3411_2012_256 function (see Section 4.5) is used as a key derivation function for the fixed label value
其中,KDF_GOSTR3411_2012_256函数(见第4.5节)用作固定标签值的键派生函数
label = (0x26 | 0xBD | 0xB8 | 0x78).
label = (0x26 | 0xBD | 0xB8 | 0x78).
3. GOST 28147-89 [GOST28147-89] Message Authentication Code (MAC) value (4-byte) for the data K and the key KEK_e (K_e, seed) is calculated; the initialization vector (IV) in this case is equal to the first 8 bytes of seed. The resulting value is denoted as CEK_MAC.
3. GOST 28147-89[GOST28147-89]计算数据K和密钥KEK_e(K_e,seed)的消息认证码(MAC)值(4字节);在这种情况下,初始化向量(IV)等于种子的前8个字节。结果值表示为CEK_MAC。
4. The key K is encrypted with the GOST 28147-89 [GOST28147-89] algorithm in the Electronic Codebook (ECB) mode with the key KEK_e (K_e, seed). The result is denoted as CEK_ENC.
4. 在电子码本(ECB)模式下,使用GOST 28147-89[GOST28147-89]算法和密钥KEK_e(K_e,seed)对密钥K进行加密。结果表示为CEK_ENC。
5. The wrapped representation of the key is (seed | CEK_ENC | CEK_MAC).
5. 密钥的包装表示为(seed | CEK_ENC | CEK_MAC)。
The value of key K is restored from the wrapped representation of the key and the export key K_e as follows:
密钥K的值从密钥和导出密钥K_e的包装表示中恢复,如下所示:
1. Obtain the seed, CEK_ENC and CEK_MAC values from the wrapped representation of the key.
1. 从密钥的包装表示中获取seed、CEK_ENC和CEK_MAC值。
2. With the key derivation function, using the export key K_e as a derivation key, produce a key KEK_e(K_e, seed), where:
2. 使用密钥派生函数,使用导出密钥K_e作为派生密钥,生成密钥K_e(K_e,seed),其中:
KEK_e (K_e, seed) = KDF_GOSTR3411_2012_256 (K_e, label, seed),
KEK_e(K_e,种子)=KDF_GOSTR3411_2012_256(K_e,标签,种子),
where the KDF_GOSTR3411_2012_256 function (see Section 4.5) is used as a key derivation function for the fixed label value
其中,KDF_GOSTR3411_2012_256函数(见第4.5节)用作固定标签值的键派生函数
label = (0x26 | 0xBD | 0xB8 | 0x78).
label = (0x26 | 0xBD | 0xB8 | 0x78).
3. The CEK_ENC field is decrypted with the GOST 28147-89 [GOST28147-89] algorithm in the Electronic Codebook (ECB) mode with the key KEK_e(K_e, seed). The unwrapped key K is assumed to be equal to the result of decryption.
3. 在电子码本(ECB)模式下,通过GOST 28147-89[GOST28147-89]算法,使用密钥KEK_e(K_e,seed)对CEK_ENC字段进行解密。假定解包裹密钥K等于解密结果。
4. GOST 28147-89 [GOST28147-89] MAC value (4-byte) for the data K and the key KEK_e(K_e, seed) is calculated; the initialization vector (IV) in this case is equal to the first 8 bytes of seed. If the result is not equal to CEK_MAC, an error is returned.
4. 计算数据K和密钥KEK_e(K_e,seed)的GOST 28147-89[GOST2847-89]MAC值(4字节);在这种情况下,初始化向量(IV)等于种子的前8个字节。如果结果不等于CEK_MAC,则返回错误。
The GOST 28147-89 [GOST28147-89] algorithm is used with the parameter set defined in Appendix C of this document.
GOST 28147-89[GOST28147-89]算法与本文件附录C中定义的参数集一起使用。
This section defines the elliptic curves parameters and object identifiers that are RECOMMENDED for usage with the signature and verification algorithms of the digital signature in accordance with the GOST R 34.10-2012 [GOST3410-2012] standard and with the key agreement algorithms VKO_GOSTR3410_2012_256 and VKO_GOSTR3410_2012_512.
根据GOST R 34.10-2012[GOST3410-2012]标准和密钥协商算法VKO_GOSTR3410_2012_256和VKO_GOSTR3410_2012_512,本节定义了建议用于数字签名的签名和验证算法的椭圆曲线参数和对象标识符。
This document does not negate the use of other parameters of elliptic curves.
本文件并不否定椭圆曲线其他参数的使用。
This section defines the elliptic curves parameters of the GOST R 34.10-2012 [GOST3410-2012] standard for the case of elliptic curves with prime 512-bit moduli in canonical (short Weierstrass) form, that is given by the following equation defined in GOST R 34.10-2012 [GOST3410-2012]:
本节定义了GOST R 34.10-2012[GOST3410-2012]标准中的椭圆曲线参数,适用于标准(短Weierstrass)形式的素数512位模椭圆曲线,由GOST R 34.10-2012[GOST3410-2012]中定义的以下等式给出:
y^2 = x^3 + ax + b (mod p).
y^2=x^3+ax+b(模式p)。
In case of elliptic curves with 256-bit prime moduli, the parameters defined in [RFC4357] are proposed for use.
对于具有256位素数模的椭圆曲线,建议使用[RFC4357]中定义的参数。
The parameters for each elliptic curve are represented by the following values, which are defined in GOST R 34.10-2012 [GOST3410-2012]:
每个椭圆曲线的参数由以下值表示,这些值在GOST R 34.10-2012[GOST3410-2012]中定义:
p the characteristic of the underlying prime field;
p底层素域的特征;
a, b the coefficients of the equation of the elliptic curve in the canonical form;
a、 b标准型椭圆曲线方程的系数;
m the elliptic curve group order;
m椭圆曲线群阶;
q the elliptic curve subgroup order;
q椭圆曲线子群阶;
(x, y) the coordinates of the point P (generator of the subgroup of order q) of the elliptic curve in the canonical form.
(x,y)标准形椭圆曲线P点(q阶子群的生成元)的坐标。
Both sets of the parameters are presented as structures of the form:
这两组参数均表示为以下形式的结构:
SEQUENCE {
p INTEGER,
a INTEGER,
b INTEGER,
m INTEGER,
q INTEGER,
x INTEGER,
y INTEGER
}
SEQUENCE {
p INTEGER,
a INTEGER,
b INTEGER,
m INTEGER,
q INTEGER,
x INTEGER,
y INTEGER
}
The parameter sets have the following object identifiers:
参数集具有以下对象标识符:
1. id-tc26-gost-3410-12-512-paramSetA::= {iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) gost-3410-12-512-constants(2) paramSetA(1)};
1. id-tc26-gost-3410-12-512-paramSetA::={iso(1)成员体(2)ru(643)rosstandart(7)tc26(1)常数(2)符号常数(1)gost-3410-12-512-常数(2)paramSetA(1)};
2. id-tc26-gost-3410-12-512-paramSetB::= {iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) gost-3410-12-512-constants(2) paramSetB(2)}.
2. id-tc26-gost-3410-12-512-paramseb::={iso(1)成员体(2)ru(643)rosstandart(7)tc26(1)常数(2)符号常数(1)gost-3410-12-512-常数(2)paramseb(2)}。
The corresponding values of the parameter sets can be found in Appendix A.1.
参数集的相应值见附录A.1。
This section defines the elliptic curves parameters and object identifiers of the GOST R 34.10-2012 [GOST3410-2012] standard for the case of elliptic curves that have a representation in the twisted Edwards form with prime 256-bit and 512-bit moduli.
本节定义了GOST R 34.10-2012[GOST3410-2012]标准中的椭圆曲线参数和对象标识符,适用于椭圆曲线的情况,椭圆曲线的表示形式为扭曲爱德华兹形式,具有素数256位和512位模。
A twisted Edwards curve E over a finite prime field F_p, p > 3, is an elliptic curve defined by the equation:
有限素数场F_p,p>3上的扭曲爱德华兹曲线E是一条椭圆曲线,由以下等式定义:
e*u^2 + v^2 = 1 + d*u^2*v^2 (mod p),
e*u^2+v^2=1+d*u^2*v^2(模p),
where e, d are in F_p, ed(e-d) != 0.
其中e,d在fp,ed(e-d)!=0
A twisted Edwards curve has an equivalent representation in the short Weierstrass form defined by parameters a, b. The parameters a, b, e, and d are related as follows:
扭曲爱德华兹曲线具有由参数A、b定义的短Weierstrass形式的等效表示。参数a、b、e和d的关系如下:
a = s^2 - 3*t^2 (mod p), b = 2*t^3 - t*s^2 (mod p),
a=s^2-3*t^2(模p),b=2*t^3-t*s^2(模p),
where:
哪里:
s = (e - d)/4 (mod p),
t = (e + d)/6 (mod p).
s = (e - d)/4 (mod p),
t = (e + d)/6 (mod p).
Coordinate transformations are defined as follows:
坐标变换的定义如下:
(u,v) --> (x,y) = (s(1 + v)/(1 - v) + t, s(1 + v)/((1 - v)u)),
(x,y) --> (u,v) = ((x - t)/y, (x - t - s)/(x - t + s)).
(u,v) --> (x,y) = (s(1 + v)/(1 - v) + t, s(1 + v)/((1 - v)u)),
(x,y) --> (u,v) = ((x - t)/y, (x - t - s)/(x - t + s)).
The parameters for each elliptic curve are represented by the following values, which are defined in GOST R 34.10-2012 [GOST3410-2012]:
每个椭圆曲线的参数由以下值表示,这些值在GOST R 34.10-2012[GOST3410-2012]中定义:
p The characteristic of the underlying prime field.
p基本素域的特征。
a, b The coefficients of the equation of the elliptic curve in the canonical form.
a、 b标准形椭圆曲线方程的系数。
e, d The coefficients of the equation of the elliptic curve in the twisted Edwards form.
e、 d扭曲爱德华兹形式的椭圆曲线方程的系数。
m The elliptic curve group order.
m椭圆曲线群阶。
q The elliptic curve subgroup order.
q椭圆曲线子群阶。
(x, y) The coordinates of the point P (generator of the subgroup of order q) of the elliptic curve in the canonical form.
(x,y)标准形椭圆曲线P点(q阶子群的生成元)的坐标。
(u, v) The coordinates of the point P (generator of the subgroup of order q) of the elliptic curve in the twisted Edwards form.
(u,v)扭曲爱德华兹形式椭圆曲线P点(q阶子群的生成元)的坐标。
Both sets of the parameters are presented as ASN structures of the form:
这两组参数均以ASN结构的形式表示:
SEQUENCE {
p INTEGER,
a INTEGER,
b INTEGER,
e INTEGER,
d INTEGER,
m INTEGER,
q INTEGER,
x INTEGER,
y INTEGER,
u INTEGER,
v INTEGER
}
SEQUENCE {
p INTEGER,
a INTEGER,
b INTEGER,
e INTEGER,
d INTEGER,
m INTEGER,
q INTEGER,
x INTEGER,
y INTEGER,
u INTEGER,
v INTEGER
}
The parameter sets have the following object identifiers:
参数集具有以下对象标识符:
1. id-tc26-gost-3410-2012-256-paramSetA ::= {iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) gost-3410-12-256-constants(1) paramSetA(1)};
1. id-tc26-gost-3410-2012-256-paramSetA::={iso(1)成员体(2)ru(643)rosstandart(7)tc26(1)常数(2)符号常数(1)gost-3410-12-256-常数(1)paramSetA(1)};
2. id-tc26-gost-3410-2012-512-paramSetC ::= {iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) gost-3410-12-512-constants(2) paramSetC(3)}.
2. id-tc26-gost-3410-2012-512-paramSetC::={iso(1)成员体(2)ru(643)rosstandart(7)tc26(1)常数(2)符号常数(1)gost-3410-12-512-常数(2)paramSetC(3)}。
The corresponding values of the parameter sets can be found in Appendix A.2.
参数集的相应值见附录A.2。
This entire document is about security considerations.
整个文档都是关于安全方面的考虑。
[GOST28147-89] "Systems of information processing. Cryptographic data security. Algorithms of cryptographic transformation", GOST 28147-89 Gosudarstvennyi Standard of USSR, Government Committee of the USSR for Standards, 1989.
[GOST28147-89]“信息处理系统。加密数据安全。加密转换算法”,GOST 28147-89苏联GOST28147-89 GOST28147-89 GOST28147-89标准,苏联政府标准委员会,1989年。
[GOST3410-2012] "Information technology. Cryptographic data security. Signature and verification processes of [electronic] digital signature", GOST R 34.10-2012 Federal Agency on Technical Regulating and Metrology (In Russian), 2012.
[GOST3410-2012]“信息技术、加密数据安全、[电子]数字签名的签名和验证过程”,GOST R 34.10-2012联邦技术监管和计量局(俄语),2012年。
[GOST3411-2012] "Information technology. Cryptographic Data Security. Hashing function", GOST R 34.11-2012 Federal Agency on Technical Regulating and Metrology (In Russian), 2012.
[GOST3411-2012]“信息技术、加密数据安全、哈希函数”,GOST R 34.11-2012联邦技术监管和计量局(俄语),2012年。
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, DOI 10.17487/RFC2104, February 1997, <http://www.rfc-editor.org/info/rfc2104>.
[RFC2104]Krawczyk,H.,Bellare,M.,和R.Canetti,“HMAC:用于消息认证的键控哈希”,RFC 2104,DOI 10.17487/RFC2104,1997年2月<http://www.rfc-editor.org/info/rfc2104>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC4357] Popov, V., Kurepkin, I., and S. Leontiev, "Additional Cryptographic Algorithms for Use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms", RFC 4357, DOI 10.17487/RFC4357, January 2006, <http://www.rfc-editor.org/info/rfc4357>.
[RFC4357]Popov,V.,Kurepkin,I.,和S.Leontiev,“用于GOST 28147-89,GOST R 34.10-94,GOST R 34.10-2001和GOST R 34.11-94算法的其他加密算法”,RFC 4357,DOI 10.17487/RFC4357,2006年1月<http://www.rfc-editor.org/info/rfc4357>.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/RFC5246, August 2008, <http://www.rfc-editor.org/info/rfc5246>.
[RFC5246]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,DOI 10.17487/RFC5246,2008年8月<http://www.rfc-editor.org/info/rfc5246>.
[RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 2014, <http://www.rfc-editor.org/info/rfc7296>.
[RFC7296]Kaufman,C.,Hoffman,P.,Nir,Y.,Eronen,P.,和T.Kivinen,“互联网密钥交换协议版本2(IKEv2)”,STD 79,RFC 7296,DOI 10.17487/RFC72962014年10月<http://www.rfc-editor.org/info/rfc7296>.
[GOST3411-94] "Information technology. Cryptographic Data Security. Hashing function", GOST R 34.11-94 Federal Agency on Technical Regulating and Metrology (In Russian), 1994.
[GOST3411-94]“信息技术.加密数据安全.散列函数”,GOST R 34.11-94联邦技术规范和计量局(俄语),1994年。
[NISTSP800-108] National Institute of Standards and Technology, "Recommendation for Key Derivation Using Pseudorandom Functions", NIST SP 800-108, October 2009, <http://csrc.nist.gov/publications/nistpubs/800-108/ sp800-108.pdf>.
[NISTSP800-108]国家标准与技术研究所,“使用伪随机函数进行密钥推导的建议”,NIST SP 800-108,2009年10月<http://csrc.nist.gov/publications/nistpubs/800-108/ sp800-108.pdf>。
[RFC4490] Leontiev, S., Ed. and G. Chudov, Ed., "Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and GOST R 34.10-2001 Algorithms with Cryptographic Message Syntax (CMS)", RFC 4490, DOI 10.17487/RFC4490, May 2006, <http://www.rfc-editor.org/info/rfc4490>.
[RFC4490]Leontiev,S.,Ed.和G.Chudov,Ed.,“使用GOST 28147-89、GOST R 34.11-94、GOST R 34.10-94和GOST R 34.10-2001加密消息语法算法(CMS)”,RFC 4490,DOI 10.17487/RFC4490,2006年5月<http://www.rfc-editor.org/info/rfc4490>.
[RFC4491] Leontiev, S., Ed. and D. Shefanovski, Ed., "Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile", RFC 4491, DOI 10.17487/RFC4491, May 2006, <http://www.rfc-editor.org/info/rfc4491>.
[RFC4491]Leontiev,S.,Ed.和D.Shefanovski,Ed.,“将GOST R 34.10-94、GOST R 34.10-2001和GOST R 34.11-94算法与Internet X.509公钥基础设施证书和CRL配置文件结合使用”,RFC 4491,DOI 10.17487/RFC4491,2006年5月<http://www.rfc-editor.org/info/rfc4491>.
[RFC5830] Dolmatov, V., Ed., "GOST 28147-89: Encryption, Decryption, and Message Authentication Code (MAC) Algorithms", RFC 5830, DOI 10.17487/RFC5830, March 2010, <http://www.rfc-editor.org/info/rfc5830>.
[RFC5830]Dolmatov,V.,Ed.“GOST 28147-89:加密、解密和消息认证码(MAC)算法”,RFC 5830,DOI 10.17487/RFC5830,2010年3月<http://www.rfc-editor.org/info/rfc5830>.
[RFC6986] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.11-2012: Hash Function", RFC 6986, DOI 10.17487/RFC6986, August 2013, <http://www.rfc-editor.org/info/rfc6986>.
[RFC6986]Dolmatov,V.,Ed.和A.Degtyarev,“GOST R 34.11-2012:哈希函数”,RFC 6986,DOI 10.17487/RFC6986,2013年8月<http://www.rfc-editor.org/info/rfc6986>.
[RFC7091] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.10-2012: Digital Signature Algorithm", RFC 7091, DOI 10.17487/RFC7091, December 2013, <http://www.rfc-editor.org/info/rfc7091>.
[RFC7091]Dolmatov,V.,Ed.和A.Degtyarev,“GOST R 34.10-2012:数字签名算法”,RFC 7091,DOI 10.17487/RFC7091,2013年12月<http://www.rfc-editor.org/info/rfc7091>.
Parameter set: id-tc26-gost-3410-12-512-paramSetA
参数集:id-tc26-gost-3410-12-512-paramSetA
SEQUENCE
{
OBJECT IDENTIFIER
id-tc26-gost-3410-12-512-paramSetA
SEQUENCE
{
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FD
C7
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FD
C4
INTEGER
00 E8 C2 50 5D ED FC 86 DD C1 BD 0B 2B 66 67 F1
DA 34 B8 25 74 76 1C B0 E8 79 BD 08 1C FD 0B 62
65 EE 3C B0 90 F3 0D 27 61 4C B4 57 40 10 DA 90
DD 86 2E F9 D4 EB EE 47 61 50 31 90 78 5A 71 C7
60
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF 27 E6 95 32 F4 8D 89 11 6F F2 2B 8D 4E 05 60
60 9B 4B 38 AB FA D2 B8 5D CA CD B1 41 1F 10 B2
75
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF 27 E6 95 32 F4 8D 89 11 6F F2 2B 8D 4E 05 60
60 9B 4B 38 AB FA D2 B8 5D CA CD B1 41 1F 10 B2
75
INTEGER
03
SEQUENCE
{
OBJECT IDENTIFIER
id-tc26-gost-3410-12-512-paramSetA
SEQUENCE
{
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FD
C7
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FD
C4
INTEGER
00 E8 C2 50 5D ED FC 86 DD C1 BD 0B 2B 66 67 F1
DA 34 B8 25 74 76 1C B0 E8 79 BD 08 1C FD 0B 62
65 EE 3C B0 90 F3 0D 27 61 4C B4 57 40 10 DA 90
DD 86 2E F9 D4 EB EE 47 61 50 31 90 78 5A 71 C7
60
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF 27 E6 95 32 F4 8D 89 11 6F F2 2B 8D 4E 05 60
60 9B 4B 38 AB FA D2 B8 5D CA CD B1 41 1F 10 B2
75
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF 27 E6 95 32 F4 8D 89 11 6F F2 2B 8D 4E 05 60
60 9B 4B 38 AB FA D2 B8 5D CA CD B1 41 1F 10 B2
75
INTEGER
03
INTEGER
75 03 CF E8 7A 83 6A E3 A6 1B 88 16 E2 54 50 E6
CE 5E 1C 93 AC F1 AB C1 77 80 64 FD CB EF A9 21
DF 16 26 BE 4F D0 36 E9 3D 75 E6 A5 0E 3A 41 E9
80 28 FE 5F C2 35 F5 B8 89 A5 89 CB 52 15 F2 A4
}
}
INTEGER
75 03 CF E8 7A 83 6A E3 A6 1B 88 16 E2 54 50 E6
CE 5E 1C 93 AC F1 AB C1 77 80 64 FD CB EF A9 21
DF 16 26 BE 4F D0 36 E9 3D 75 E6 A5 0E 3A 41 E9
80 28 FE 5F C2 35 F5 B8 89 A5 89 CB 52 15 F2 A4
}
}
Parameter set: id-tc26-gost-3410-12-512-paramSetB
参数集:id-tc26-gost-3410-12-512-paramSetB
SEQUENCE
{
OBJECT IDENTIFIER
id-tc26-gost-3410-12-512-paramSetB
SEQUENCE
{
INTEGER
00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
6F
INTEGER
00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
6C
INTEGER
68 7D 1B 45 9D C8 41 45 7E 3E 06 CF 6F 5E 25 17
B9 7C 7D 61 4A F1 38 BC BF 85 DC 80 6C 4B 28 9F
3E 96 5D 2D B1 41 6D 21 7F 8B 27 6F AD 1A B6 9C
50 F7 8B EE 1F A3 10 6E FB 8C CB C7 C5 14 01 16
INTEGER
00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 49 A1 EC 14 25 65 A5 45 AC FD B7 7B D9 D4 0C
FA 8B 99 67 12 10 1B EA 0E C6 34 6C 54 37 4F 25
BD
INTEGER
00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 49 A1 EC 14 25 65 A5 45 AC FD B7 7B D9 D4 0C
FA 8B 99 67 12 10 1B EA 0E C6 34 6C 54 37 4F 25
BD
INTEGER
02
SEQUENCE
{
OBJECT IDENTIFIER
id-tc26-gost-3410-12-512-paramSetB
SEQUENCE
{
INTEGER
00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
6F
INTEGER
00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
6C
INTEGER
68 7D 1B 45 9D C8 41 45 7E 3E 06 CF 6F 5E 25 17
B9 7C 7D 61 4A F1 38 BC BF 85 DC 80 6C 4B 28 9F
3E 96 5D 2D B1 41 6D 21 7F 8B 27 6F AD 1A B6 9C
50 F7 8B EE 1F A3 10 6E FB 8C CB C7 C5 14 01 16
INTEGER
00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 49 A1 EC 14 25 65 A5 45 AC FD B7 7B D9 D4 0C
FA 8B 99 67 12 10 1B EA 0E C6 34 6C 54 37 4F 25
BD
INTEGER
00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 49 A1 EC 14 25 65 A5 45 AC FD B7 7B D9 D4 0C
FA 8B 99 67 12 10 1B EA 0E C6 34 6C 54 37 4F 25
BD
INTEGER
02
INTEGER
1A 8F 7E DA 38 9B 09 4C 2C 07 1E 36 47 A8 94 0F
3C 12 3B 69 75 78 C2 13 BE 6D D9 E6 C8 EC 73 35
DC B2 28 FD 1E DF 4A 39 15 2C BC AA F8 C0 39 88
28 04 10 55 F9 4C EE EC 7E 21 34 07 80 FE 41 BD
}
}
INTEGER
1A 8F 7E DA 38 9B 09 4C 2C 07 1E 36 47 A8 94 0F
3C 12 3B 69 75 78 C2 13 BE 6D D9 E6 C8 EC 73 35
DC B2 28 FD 1E DF 4A 39 15 2C BC AA F8 C0 39 88
28 04 10 55 F9 4C EE EC 7E 21 34 07 80 FE 41 BD
}
}
Parameter set: id-tc26-gost-3410-2012-256-paramSetA
参数集:id-tc26-gost-3410-2012-256-paramSetA
SEQUENCE
{
OBJECT IDENTIFIER
id-tc26-gost-3410-2012-256-paramSetA
SEQUENCE
{
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FD
97
INTEGER
00 C2 17 3F 15 13 98 16 73 AF 48 92 C2 30 35 A2
7C E2 5E 20 13 BF 95 AA 33 B2 2C 65 6F 27 7E 73
35
INTEGER
29 5F 9B AE 74 28 ED 9C CC 20 E7 C3 59 A9 D4 1A
22 FC CD 91 08 E1 7B F7 BA 93 37 A6 F8 AE 95 13
INTEGER
01
INTEGER
06 05 F6 B7 C1 83 FA 81 57 8B C3 9C FA D5 18 13
2B 9D F6 28 97 00 9A F7 E5 22 C3 2D 6D C7 BF FB
INTEGER
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 3F 63 37 7F 21 ED 98 D7 04 56 BD 55 B0 D8 31
9C
INTEGER
40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F D8 CD DF C8 7B 66 35 C1 15 AF 55 6C 36 0C 67
INTEGER
00 91 E3 84 43 A5 E8 2C 0D 88 09 23 42 57 12 B2
BB 65 8B 91 96 93 2E 02 C7 8B 25 82 FE 74 2D AA
28
SEQUENCE
{
OBJECT IDENTIFIER
id-tc26-gost-3410-2012-256-paramSetA
SEQUENCE
{
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FD
97
INTEGER
00 C2 17 3F 15 13 98 16 73 AF 48 92 C2 30 35 A2
7C E2 5E 20 13 BF 95 AA 33 B2 2C 65 6F 27 7E 73
35
INTEGER
29 5F 9B AE 74 28 ED 9C CC 20 E7 C3 59 A9 D4 1A
22 FC CD 91 08 E1 7B F7 BA 93 37 A6 F8 AE 95 13
INTEGER
01
INTEGER
06 05 F6 B7 C1 83 FA 81 57 8B C3 9C FA D5 18 13
2B 9D F6 28 97 00 9A F7 E5 22 C3 2D 6D C7 BF FB
INTEGER
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 3F 63 37 7F 21 ED 98 D7 04 56 BD 55 B0 D8 31
9C
INTEGER
40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F D8 CD DF C8 7B 66 35 C1 15 AF 55 6C 36 0C 67
INTEGER
00 91 E3 84 43 A5 E8 2C 0D 88 09 23 42 57 12 B2
BB 65 8B 91 96 93 2E 02 C7 8B 25 82 FE 74 2D AA
28
INTEGER
32 87 94 23 AB 1A 03 75 89 57 86 C4 BB 46 E9 56
5F DE 0B 53 44 76 67 40 AF 26 8A DB 32 32 2E 5C
INTEGER
0D
INTEGER
60 CA 1E 32 AA 47 5B 34 84 88 C3 8F AB 07 64 9C
E7 EF 8D BE 87 F2 2E 81 F9 2B 25 92 DB A3 00 E7
}
}
INTEGER
32 87 94 23 AB 1A 03 75 89 57 86 C4 BB 46 E9 56
5F DE 0B 53 44 76 67 40 AF 26 8A DB 32 32 2E 5C
INTEGER
0D
INTEGER
60 CA 1E 32 AA 47 5B 34 84 88 C3 8F AB 07 64 9C
E7 EF 8D BE 87 F2 2E 81 F9 2B 25 92 DB A3 00 E7
}
}
Parameter set: id-tc26-gost-3410-2012-512-paramSetC
参数集:id-tc26-gost-3410-2012-512-paramSetC
SEQUENCE
{
OBJECT IDENTIFIER
id-tc26-gost-3410-2012-512-paramSetC
SEQUENCE
{
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FD
C7
INTEGER
00 DC 92 03 E5 14 A7 21 87 54 85 A5 29 D2 C7 22
FB 18 7B C8 98 0E B8 66 64 4D E4 1C 68 E1 43 06
45 46 E8 61 C0 E2 C9 ED D9 2A DE 71 F4 6F CF 50
FF 2A D9 7F 95 1F DA 9F 2A 2E B6 54 6F 39 68 9B
D3
INTEGER
00 B4 C4 EE 28 CE BC 6C 2C 8A C1 29 52 CF 37 F1
6A C7 EF B6 A9 F6 9F 4B 57 FF DA 2E 4F 0D E5 AD
E0 38 CB C2 FF F7 19 D2 C1 8D E0 28 4B 8B FE F3
B5 2B 8C C7 A5 F5 BF 0A 3C 8D 23 19 A5 31 25 57
E1
INTEGER
01
INTEGER
00 9E 4F 5D 8C 01 7D 8D 9F 13 A5 CF 3C DF 5B FE
4D AB 40 2D 54 19 8E 31 EB DE 28 A0 62 10 50 43
9C A6 B3 9E 0A 51 5C 06 B3 04 E2 CE 43 E7 9E 36
9E 91 A0 CF C2 BC 2A 22 B4 CA 30 2D BB 33 EE 75
50
SEQUENCE
{
OBJECT IDENTIFIER
id-tc26-gost-3410-2012-512-paramSetC
SEQUENCE
{
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FD
C7
INTEGER
00 DC 92 03 E5 14 A7 21 87 54 85 A5 29 D2 C7 22
FB 18 7B C8 98 0E B8 66 64 4D E4 1C 68 E1 43 06
45 46 E8 61 C0 E2 C9 ED D9 2A DE 71 F4 6F CF 50
FF 2A D9 7F 95 1F DA 9F 2A 2E B6 54 6F 39 68 9B
D3
INTEGER
00 B4 C4 EE 28 CE BC 6C 2C 8A C1 29 52 CF 37 F1
6A C7 EF B6 A9 F6 9F 4B 57 FF DA 2E 4F 0D E5 AD
E0 38 CB C2 FF F7 19 D2 C1 8D E0 28 4B 8B FE F3
B5 2B 8C C7 A5 F5 BF 0A 3C 8D 23 19 A5 31 25 57
E1
INTEGER
01
INTEGER
00 9E 4F 5D 8C 01 7D 8D 9F 13 A5 CF 3C DF 5B FE
4D AB 40 2D 54 19 8E 31 EB DE 28 A0 62 10 50 43
9C A6 B3 9E 0A 51 5C 06 B3 04 E2 CE 43 E7 9E 36
9E 91 A0 CF C2 BC 2A 22 B4 CA 30 2D BB 33 EE 75
50
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF 26 33 6E 91 94 1A AC 01 30 CE A7 FD 45 1D 40
B3 23 B6 A7 9E 9D A6 84 9A 51 88 F3 BD 1F C0 8F
B4
INTEGER
3F FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
C9 8C DB A4 65 06 AB 00 4C 33 A9 FF 51 47 50 2C
C8 ED A9 E7 A7 69 A1 26 94 62 3C EF 47 F0 23 ED
INTEGER
00 E2 E3 1E DF C2 3D E7 BD EB E2 41 CE 59 3E F5
DE 22 95 B7 A9 CB AE F0 21 D3 85 F7 07 4C EA 04
3A A2 72 72 A7 AE 60 2B F2 A7 B9 03 3D B9 ED 36
10 C6 FB 85 48 7E AE 97 AA C5 BC 79 28 C1 95 01
48
INTEGER
00 F5 CE 40 D9 5B 5E B8 99 AB BC CF F5 91 1C B8
57 79 39 80 4D 65 27 37 8B 8C 10 8C 3D 20 90 FF
9B E1 8E 2D 33 E3 02 1E D2 EF 32 D8 58 22 42 3B
63 04 F7 26 AA 85 4B AE 07 D0 39 6E 9A 9A DD C4
0F
INTEGER
12
INTEGER
46 9A F7 9D 1F B1 F5 E1 6B 99 59 2B 77 A0 1E 2A
0F DF B0 D0 17 94 36 8D 9A 56 11 7F 7B 38 66 95
22 DD 4B 65 0C F7 89 EE BF 06 8C 5D 13 97 32 F0
90 56 22 C0 4B 2B AA E7 60 03 03 EE 73 00 1A 3D
}
}
INTEGER
00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF 26 33 6E 91 94 1A AC 01 30 CE A7 FD 45 1D 40
B3 23 B6 A7 9E 9D A6 84 9A 51 88 F3 BD 1F C0 8F
B4
INTEGER
3F FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
C9 8C DB A4 65 06 AB 00 4C 33 A9 FF 51 47 50 2C
C8 ED A9 E7 A7 69 A1 26 94 62 3C EF 47 F0 23 ED
INTEGER
00 E2 E3 1E DF C2 3D E7 BD EB E2 41 CE 59 3E F5
DE 22 95 B7 A9 CB AE F0 21 D3 85 F7 07 4C EA 04
3A A2 72 72 A7 AE 60 2B F2 A7 B9 03 3D B9 ED 36
10 C6 FB 85 48 7E AE 97 AA C5 BC 79 28 C1 95 01
48
INTEGER
00 F5 CE 40 D9 5B 5E B8 99 AB BC CF F5 91 1C B8
57 79 39 80 4D 65 27 37 8B 8C 10 8C 3D 20 90 FF
9B E1 8E 2D 33 E3 02 1E D2 EF 32 D8 58 22 42 3B
63 04 F7 26 AA 85 4B AE 07 D0 39 6E 9A 9A DD C4
0F
INTEGER
12
INTEGER
46 9A F7 9D 1F B1 F5 E1 6B 99 59 2B 77 A0 1E 2A
0F DF B0 D0 17 94 36 8D 9A 56 11 7F 7B 38 66 95
22 DD 4B 65 0C F7 89 EE BF 06 8C 5D 13 97 32 F0
90 56 22 C0 4B 2B AA E7 60 03 03 EE 73 00 1A 3D
}
}
1) HMAC_GOSTR3411_2012_256
1) HMAC_GOSTR3411_2012_256
Key K:
K键:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
00 01 02 03 04 05 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 16 17 19 1a 1b 1d 1d 1d 1f
T:
T:
01 26 bd b8 78 00 af 21 43 41 45 65 63 78 01 00
01 26 bd b8 78 00 af 21 43 41 45 65 63 78 01 00
HMAC_GOSTR3411_2012_256 (K, T) value:
HMAC_GOSTR3411_2012_256(K,T)值:
a1 aa 5f 7d e4 02 d7 b3 d3 23 f2 99 1c 8d 45 34 01 31 37 01 0a 83 75 4f d0 af 6d 7c d4 92 2e d9
a1 aa 5f 7d e4 02 d7 b3 d3 23 f2 99 1c 8d 45 34 01 31 37 01 0a 83 75 4f d0 af 6d 7c d4 92 2e d9
2) HMAC_GOSTR3411_2012_512
2) HMAC_GOSTR3411_2012_512
Key K:
K键:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
00 01 02 03 04 05 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 16 17 19 1a 1b 1d 1d 1d 1f
T:
T:
01 26 bd b8 78 00 af 21 43 41 45 65 63 78 01 00
01 26 bd b8 78 00 af 21 43 41 45 65 63 78 01 00
HMAC_GOSTR3411_2012_512 (K, T) value:
HMAC_GOSTR3411_2012_512(K,T)值:
a5 9b ab 22 ec ae 19 c6 5f bd e6 e5 f4 e9 f5 d8 54 9d 31 f0 37 f9 df 9b 90 55 00 e1 71 92 3a 77 3d 5f 15 30 f2 ed 7e 96 4c b2 ee dc 29 e9 ad 2f 3a fe 93 b2 81 4f 79 f5 00 0f fc 03 66 c2 51 e6
a5 9b ab 22 ec ae 19 c6 5f bd e5 f4 e9 f5 d8 54 9d 31 f0 37 f9 df 9b 90 55 00 e1 71 92 3a 77 3d 5f 15 30 f2 ed 7e 96 4c b2 ee dc 29 e9 ad 2f 3a fe 93 b2 81 4f 79 f5 00 fc 03 66 c2 51 e6
3) PRF_TLS_GOSTR3411_2012_256
3) PRF_TLS_GOSTR3411_2012_256
Key K:
K键:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
00 01 02 03 04 05 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 16 17 19 1a 1b 1d 1d 1d 1f
Seed:
种子:
18 47 1d 62 2d c6 55 c4 d2 d2 26 96 91 ca 4a 56 0b 50 ab a6 63 55 3a f2 41 f1 ad a8 82 c9 f2 9a
18 47 1d 62 2d c6 55 c4 d2 26 96 91 ca 4a 56 0b 50 ab a6 63 55 3a f2 41 f1 ad a8 82 c9 f2 9a
Label:
标签:
11 22 33 44 55
11 22 33 44 55
Output T1:
输出T1:
ff 09 66 4a 44 74 58 65 94 4f 83 9e bb 48 96 5f 15 44 ff 1c c8 e8 f1 6f 24 7e e5 f8 a9 eb e9 7f
ff 09 66 4a 44 74 58 65 94 4f 83 9e bb 48 96 5f 15 44 ff 1c c8 e8 f1 6f 24 7e e5 f8 a9 eb e9 7f
Output T2:
输出T2:
c4 e3 c7 90 0e 46 ca d3 db 6a 01 64 30 63 04 0e c6 7f c0 fd 5c d9 f9 04 65 23 52 37 bd ff 2c 02
c4 e3 c7 90 0e 46 ca d3 db 6a 01 64 30 63 04 0e c6 7f c0 fd 5c d9 f9 04 65 23 52 37 bd ff 2c 02
4) PRF_TLS_GOSTR3411_2012_512
4) PRF_TLS_GOSTR3411_2012_512
Key K:
K键:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
00 01 02 03 04 05 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 16 17 19 1a 1b 1d 1d 1d 1f
Seed:
种子:
18 47 1d 62 2d c6 55 c4 d2 d2 26 96 91 ca 4a 56 0b 50 ab a6 63 55 3a f2 41 f1 ad a8 82 c9 f2 9a
18 47 1d 62 2d c6 55 c4 d2 26 96 91 ca 4a 56 0b 50 ab a6 63 55 3a f2 41 f1 ad a8 82 c9 f2 9a
Label:
标签:
11 22 33 44 55
11 22 33 44 55
Output T1:
输出T1:
f3 51 87 a3 dc 96 55 11 3a 0e 84 d0 6f d7 52 6c 5f c1 fb de c1 a0 e4 67 3d d6 d7 9d 0b 92 0e 65 ad 1b c4 7b b0 83 b3 85 1c b7 cd 8e 7e 6a 91 1a 62 6c f0 2b 29 e9 e4 a5 8e d7 66 a4 49 a7 29 6d
f3 51 87 a3 dc 96 55 11 3a 0e 84 d0 6f d7 52 6c 5f c1 fb de c1 a0 e4 67 3d d6 d7 9d 0b 92 0e 65 ad 1b c4 7b b0 83 b3 85 1c b7 cd 8e 7e 6a 91 1a 62 6c f0 2b 29 e9 e4 a5 8e d7 66 a4 49 a7 6d
Output T2:
输出T2:
e6 1a 7a 26 c4 d1 ca ee cf d8 0c ca 65 c7 1f 0f 88 c1 f8 22 c0 e8 c0 ad 94 9d 03 fe e1 39 57 9f 72 ba 0c 3d 32 c5 f9 54 f1 cc cd 54 08 1f c7 44 02 78 cb a1 fe 7b 7a 17 a9 86 fd ff 5b d1 5d 1f
e6 1a 7a 26 c4 d1 ca ee cf d8 0c ca 65 c7 1f 88 c1 f8 22 c0 e8 c0 ad 94 9d 03 fe e1 39 57 9f 72 ba 0c 3d 32 c5 f9 54 f1 cc cd 54 08 1f c7 44 02 78 cb a1 fe 7b 17 a9 86 fd ff 5b d1 5d 1f
5) PRF_IPSEC_PRFPLUS_GOSTR3411_2012_256
5) PRF_IPSEC_PRFPLUS_GOSTR3411_2012_256
Key K:
K键:
c9 a9 a7 73 20 e2 cc 55 9e d7 2d ce 6f 47 e2 19 2c ce a9 5f a6 48 67 05 82 c0 54 c0 ef 36 c2 21
c9 a9 a7 73 20 e2 cc 55 9e d7 2d ce 6f 47 e2 19 2c ce a9 5f a6 48 67 05 82 c0 54 c0 ef 36 c2 21
Data S:
资料来源:
01 26 bd b8 78 00 1d 80 60 3c 85 44 c7 27 01 00
01 26 bd b8 78 00 1d 80 60 3c 85 44 c7 27 01 00
Output T1:
输出T1:
2d e5 ee 84 e1 3d 7b e5 36 16 67 39 13 37 0a b0 54 c0 74 b7 9b 69 a8 a8 46 82 a9 f0 4f ec d5 87
2d e5 ee 84 e1 3d 7b e5 36 16 67 39 13 37 0a b0 54 c0 74 b7 9b 69 a8 a8 46 82 a9 f0 4f ec d5 87
Output T2:
输出T2:
29 f6 0d da 45 7b f2 19 aa 2e f9 5d 7a 59 be 95 4d e0 08 f4 a5 0d 50 4d bd b6 90 be 68 06 01 53
29 f6 0d da 45 7b f2 19 aa 2e f9 5d 7a 59 be 95 4d e0 08 f4 a5 0d 50 4d bd b6 90 be 68 06 01 53
6) PRF_IPSEC_PRFPLUS_GOSTR3411_2012_512
6) PRF_IPSEC_PRFPLUS_GOSTR3411_2012_512
Key K:
K键:
c9 a9 a7 73 20 e2 cc 55 9e d7 2d ce 6f 47 e2 19 2c ce a9 5f a6 48 67 05 82 c0 54 c0 ef 36 c2 21
c9 a9 a7 73 20 e2 cc 55 9e d7 2d ce 6f 47 e2 19 2c ce a9 5f a6 48 67 05 82 c0 54 c0 ef 36 c2 21
Data S:
资料来源:
01 26 bd b8 78 00 1d 80 60 3c 85 44 c7 27 01 00
01 26 bd b8 78 00 1d 80 60 3c 85 44 c7 27 01 00
Output T1:
输出T1:
5d a6 71 43 a5 f1 2a 6d 6e 47 42 59 6f 39 24 3f cc 61 57 45 91 5b 32 59 10 06 ff 78 a2 08 63 d5 f8 8e 4a fc 17 fb be 70 b9 50 95 73 db 00 5e 96 26 36 98 46 cb 86 19 99 71 6c 16 5d d0 6a 15 85
5d a6 71 43 a5 f1 2a 6d 6e 47 42 59 6f 39 24 3f cc 61 57 45 91 5b 32 59 10 06 ff 78 a2 08 63 d5 f8 8e 4a fc 17 fb 70 b9 50 95 73 db 00 5e 96 26 36 98 46 cb 86 19 99 71 6c 16 5d d0 6a 15 85
Output T2:
输出T2:
48 34 49 5a 43 74 6c b5 3f 0a ba 3b c4 6e bc f8 77 3c a6 4a d3 43 c1 22 ee 2a 57 75 57 03 81 57 ee 9c 38 8d 96 ef 71 d5 8b e5 c1 ef a1 af a9 5e be 83 e3 9d 00 e1 9a 5d 03 dc d6 0a 01 bc a8 e3
48 34 49 5a 43 74 6c b5 3f 0a ba 3b c4 6e bc f8 77 3c a6 4a d3 43 c1 22 ee 2a 57 75 57 03 81 ee 9c 38 8d 96 ef 71 d5 8b e5 c1 ef a1 af a9 5e是83 e3 9d 00 e1 9a 5d 03 dc d6 0a 01 bc a8 e3
7) VKO_GOSTR3410_2012_256 with 256-bit output on the GOST R 34.10-2012 512-bit keys with id-tc26-gost-3410-12-512-paramSetA
7) VKO_GOSTR3410_2012_256,在GOST R 34.10-2012 512位密钥上具有256位输出,id-tc26-GOST-3410-12-512-paramSetA
UKM value:
UKM值:
1d 80 60 3c 85 44 c7 27
1d 80 60 3c 85 44 c7 27
Private key x of A:
A的私钥x:
c9 90 ec d9 72 fc e8 4e c4 db 02 27 78 f5 0f ca c7 26 f4 67 08 38 4b 8d 45 83 04 96 2d 71 47 f8 c2 db 41 ce f2 2c 90 b1 02 f2 96 84 04 f9 b9 be 6d 47 c7 96 92 d8 18 26 b3 2b 8d ac a4 3c b6 67
c9 90 ec d9 72 fc e8 4e c4 db 02 27 78 f5 0f ca c7 26 f4 67 08 38 4b 8d 45 83 04 96 2d 71 47 f8 c2 db 41 ce f2 2c 90 b1 02 f2 96 84 04 f9 b9是6d 47 c7 96 92 d8 18 26 b3 2b 8d ac a4 3c b6 67
Public key x*P of A (curve point (X, Y)):
A(曲线点(x,Y))的公钥x*P:
aa b0 ed a4 ab ff 21 20 8d 18 79 9f b9 a8 55 66 54 ba 78 30 70 eb a1 0c b9 ab b2 53 ec 56 dc f5 d3 cc ba 61 92 e4 64 e6 e5 bc b6 de a1 37 79 2f 24 31 f6 c8 97 eb 1b 3c 0c c1 43 27 b1 ad c0 a7 91 46 13 a3 07 4e 36 3a ed b2 04 d3 8d 35 63 97 1b d8 75 8e 87 8c 9d b1 14 03 72 1b 48 00 2d 38 46 1f 92 47 2d 40 ea 92 f9 95 8c 0f fa 4c 93 75 64 01 b9 7f 89 fd be 0b 5e 46 e4 a4 63 1c db 5a
aa b0 ed a4 ab ff 21 20 8d 18 79 9f b9 a8 55 66 54 ba 78 30 70 eb a1 0c b9 ab 53 ec 56 dc f5 d3 cc ba 61 92 e4 64 e6 bc b6 de a1 37 79 2f 24 31 f6 c8 97 eb 1b 3c 0c c1 43 27 b1 ad c0 a7 91 13 a3 07 4e 36 3a ed b2 04 d3 35 97 1b d8 75 8e 87 C 9d b1 14 03 72 1b 48 00 2d 38 46 1f 92 2d 40 40 ea 92 f9 95 8c 0f fa 93 01 b989 fd be 0b 5e 46 e4 a4 63 1c db 5a
Private key y of part B:
B部分的私钥y:
48 c8 59 f7 b6 f1 15 85 88 7c c0 5e c6 ef 13 90 cf ea 73 9b 1a 18 c0 d4 66 22 93 ef 63 b7 9e 3b 80 14 07 0b 44 91 85 90 b4 b9 96 ac fe a4 ed fb bb cc cc 8c 06 ed d8 bf 5b da 92 a5 13 92 d0 db
48 c8 59 f7 b6 f1 15 85 88 7c c0 5e c6 ef 13 90 cf ea 73 9b 1a 18 c0 d4 66 22 93 ef 63 b7 9e 3b 80 14 07 0b 44 91 85 90 b4 b9 96 ac fe a4 ed fb cc 8c 06 ed d8 bf 5b da 92 a5 13 92 d0 db
Public key y*P of B (curve point (X, Y)):
B的公钥y*P(曲线点(X,y)):
19 2f e1 83 b9 71 3a 07 72 53 c7 2c 87 35 de 2e a4 2a 3d bc 66 ea 31 78 38 b6 5f a3 25 23 cd 5e fc a9 74 ed a7 c8 63 f4 95 4d 11 47 f1 f2 b2 5c 39 5f ce 1c 12 91 75 e8 76 d1 32 e9 4e d5 a6 51 04 88 3b 41 4c 9b 59 2e c4 dc 84 82 6f 07 d0 b6 d9 00 6d da 17 6c e4 8c 39 1e 3f 97 d1 02 e0 3b b5 98 bf 13 2a 22 8a 45 f7 20 1a ba 08 fc 52 4a 2d 77 e4 3a 36 2a b0 22 ad 40 28 f7 5b de 3b 79
19 2f e1 83 b9 71 3a 07 72 53 c7 2c 87 35 de 2e a4 2a 3d bc 66 ea 31 78 38 b6 5f a3 25 cd 5e fc a9 74 ed a7 c8 63 f4 95 4d 11 47 f1 f2 b2 5c 39 5f ce 1c 12 91 75 e8 76 d1 32 e9 4e d5 a6 51 04 88 3b 41 4c 59 2e c4 dc 84 82 6f 07 d0 b6 d9 00 6d da 17 6c e4 8c 39 1e 3f 97 d1 02 e0 3b 98 bf 13 22 22 22 20 ba 08 4a fc 4a36 2a b0 22 ad 40 28 f7 5b de 3b 79
KEK_VKO value:
KEK_VKO值:
c9 a9 a7 73 20 e2 cc 55 9e d7 2d ce 6f 47 e2 19 2c ce a9 5f a6 48 67 05 82 c0 54 c0 ef 36 c2 21
c9 a9 a7 73 20 e2 cc 55 9e d7 2d ce 6f 47 e2 19 2c ce a9 5f a6 48 67 05 82 c0 54 c0 ef 36 c2 21
8) VKO_GOSTR3410_2012_512 with 512-bit output on the GOST R 34.10-2012 512-bit keys with id-tc26-gost-3410-12-512-paramSetA
8) VKO_GOSTR3410_2012_512,在GOST R 34.10-2012上具有512位输出512位密钥,id-tc26-GOST-3410-12-512-paramSetA
UKM value:
UKM值:
1d 80 60 3c 85 44 c7 27
1d 80 60 3c 85 44 c7 27
Private key x of A:
A的私钥x:
c9 90 ec d9 72 fc e8 4e c4 db 02 27 78 f5 0f ca c7 26 f4 67 08 38 4b 8d 45 83 04 96 2d 71 47 f8 c2 db 41 ce f2 2c 90 b1 02 f2 96 84 04 f9 b9 be 6d 47 c7 96 92 d8 18 26 b3 2b 8d ac a4 3c b6 67
c9 90 ec d9 72 fc e8 4e c4 db 02 27 78 f5 0f ca c7 26 f4 67 08 38 4b 8d 45 83 04 96 2d 71 47 f8 c2 db 41 ce f2 2c 90 b1 02 f2 96 84 04 f9 b9是6d 47 c7 96 92 d8 18 26 b3 2b 8d ac a4 3c b6 67
Public key x*P of A (curve point (X, Y)):
A(曲线点(x,Y))的公钥x*P:
aa b0 ed a4 ab ff 21 20 8d 18 79 9f b9 a8 55 66 54 ba 78 30 70 eb a1 0c b9 ab b2 53 ec 56 dc f5 d3 cc ba 61 92 e4 64 e6 e5 bc b6 de a1 37 79 2f 24 31 f6 c8 97 eb 1b 3c 0c c1 43 27 b1 ad c0 a7 91 46 13 a3 07 4e 36 3a ed b2 04 d3 8d 35 63 97 1b d8 75 8e 87 8c 9d b1 14 03 72 1b 48 00 2d 38 46 1f 92 47 2d 40 ea 92 f9 95 8c 0f fa 4c 93 75 64 01 b9 7f 89 fd be 0b 5e 46 e4 a4 63 1c db 5a
aa b0 ed a4 ab ff 21 20 8d 18 79 9f b9 a8 55 66 54 ba 78 30 70 eb a1 0c b9 ab 53 ec 56 dc f5 d3 cc ba 61 92 e4 64 e6 bc b6 de a1 37 79 2f 24 31 f6 c8 97 eb 1b 3c 0c c1 43 27 b1 ad c0 a7 91 13 a3 07 4e 36 3a ed b2 04 d3 35 97 1b d8 75 8e 87 C 9d b1 14 03 72 1b 48 00 2d 38 46 1f 92 2d 40 40 ea 92 f9 95 8c 0f fa 93 01 b989 fd be 0b 5e 46 e4 a4 63 1c db 5a
Private key y of B:
B的私钥y:
48 c8 59 f7 b6 f1 15 85 88 7c c0 5e c6 ef 13 90 cf ea 73 9b 1a 18 c0 d4 66 22 93 ef 63 b7 9e 3b 80 14 07 0b 44 91 85 90 b4 b9 96 ac fe a4 ed fb bb cc cc 8c 06 ed d8 bf 5b da 92 a5 13 92 d0 db
48 c8 59 f7 b6 f1 15 85 88 7c c0 5e c6 ef 13 90 cf ea 73 9b 1a 18 c0 d4 66 22 93 ef 63 b7 9e 3b 80 14 07 0b 44 91 85 90 b4 b9 96 ac fe a4 ed fb cc 8c 06 ed d8 bf 5b da 92 a5 13 92 d0 db
Public key y*P of B (curve point (X, Y)):
B的公钥y*P(曲线点(X,y)):
19 2f e1 83 b9 71 3a 07 72 53 c7 2c 87 35 de 2e a4 2a 3d bc 66 ea 31 78 38 b6 5f a3 25 23 cd 5e fc a9 74 ed a7 c8 63 f4 95 4d 11 47 f1 f2 b2 5c 39 5f ce 1c 12 91 75 e8 76 d1 32 e9 4e d5 a6 51 04 88 3b 41 4c 9b 59 2e c4 dc 84 82 6f 07 d0 b6 d9 00 6d da 17 6c e4 8c 39 1e 3f 97 d1 02 e0 3b b5 98 bf 13 2a 22 8a 45 f7 20 1a ba 08 fc 52 4a 2d 77 e4 3a 36 2a b0 22 ad 40 28 f7 5b de 3b 79
19 2f e1 83 b9 71 3a 07 72 53 c7 2c 87 35 de 2e a4 2a 3d bc 66 ea 31 78 38 b6 5f a3 25 cd 5e fc a9 74 ed a7 c8 63 f4 95 4d 11 47 f1 f2 b2 5c 39 5f ce 1c 12 91 75 e8 76 d1 32 e9 4e d5 a6 51 04 88 3b 41 4c 59 2e c4 dc 84 82 6f 07 d0 b6 d9 00 6d da 17 6c e4 8c 39 1e 3f 97 d1 02 e0 3b 98 bf 13 22 22 22 20 ba 08 4a fc 4a36 2a b0 22 ad 40 28 f7 5b de 3b 79
KEK_VKO value:
KEK_VKO值:
79 f0 02 a9 69 40 ce 7b de 32 59 a5 2e 01 52 97 ad aa d8 45 97 a0 d2 05 b5 0e 3e 17 19 f9 7b fa 7e e1 d2 66 1f a9 97 9a 5a a2 35 b5 58 a7 e6 d9 f8 8f 98 2d d6 3f c3 5a 8e c0 dd 5e 24 2d 3b df
79 f0 02 a9 69 40 ce 7b de 32 59 a5 2e 01 52 97 ad aa d8 45 97 a0 d2 05 b5 0e 3e 17 19 f9 7b fa 7e e1 d2 66 1f a9 97 5a a2 35 b5 58 a7 e6 d9 f8 8f 98 2d d6 3f c3 5a 8e c0 dd 5e 24 2d 3b df
9) Key derivation function KDF_GOSTR3411_2012_256
9) 密钥派生函数KDF_GOSTR3411_2012_256
K_in key:
K_in键:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
00 01 02 03 04 05 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 16 17 19 1a 1b 1d 1d 1d 1f
Label:
标签:
26 bd b8 78
26 bd b8 78
Seed:
种子:
af 21 43 41 45 65 63 78
af 21 43 41 45 65 63 78
KDF(K_in, label, seed) value:
KDF(K_in、标签、种子)值:
a1 aa 5f 7d e4 02 d7 b3 d3 23 f2 99 1c 8d 45 34 01 31 37 01 0a 83 75 4f d0 af 6d 7c d4 92 2e d9
a1 aa 5f 7d e4 02 d7 b3 d3 23 f2 99 1c 8d 45 34 01 31 37 01 0a 83 75 4f d0 af 6d 7c d4 92 2e d9
10) Key derivation function KDF_TREE_GOSTR3411_2012_256
10) 密钥派生函数KDF_TREE_GOSTR3411_2012_256
Output size of L:
L的输出大小:
512
512
K_in key:
K_in键:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
00 01 02 03 04 05 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 16 17 19 1a 1b 1d 1d 1d 1f
Label:
标签:
26 bd b8 78
26 bd b8 78
Seed:
种子:
af 21 43 41 45 65 63 78
af 21 43 41 45 65 63 78
K1:
K1:
22 b6 83 78 45 c6 be f6 5e a7 16 72 b2 65 83 10 86 d3 c7 6a eb e6 da e9 1c ad 51 d8 3f 79 d1 6b
22 b6 83 78 45 c6 be f6 5e a7 16 72 b2 65 83 10 86 d3 c7 6a eb e6 da e9 1c ad 51 d8 3f 79 d1 6b
K2:
K2:
07 4c 93 30 59 9d 7f 8d 71 2f ca 54 39 2f 4d dd e9 37 51 20 6b 35 84 c8 f4 3f 9e 6d c5 15 31 f9
07 4c 93 30 59 9d 7f 8d 71 2f ca 54 39 2f 4d dd e9 37 51 20 6b 35 84 c8 f4 3f 9e 6d c5 15 31 f9
R:
R:
1
1.
11) Key wrap and unwrap with the szOID_Gost28147_89_TC26_Z_ParamSet parameters
11) 使用szOID_Gost28147_89_TC26_Z_参数集参数进行密钥包裹和展开
Key K_e:
关键知识:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
00 01 02 03 04 05 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 16 17 19 1a 1b 1d 1d 1d 1f
Key K:
K键:
20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f
20 21 22 23 24 25 26 27 29 2b 2c 2d 2e 2f 30 31 32 34 35 36 38 39 3a 3c 3d 3e 3f
Seed:
种子:
af 21 43 41 45 65 63 78
af 21 43 41 45 65 63 78
Label:
标签:
26 bd b8 78
26 bd b8 78
KEK_e(seed) = KDF_GOSTR3411_2012_256(K_e, label, seed):
KEK_e(种子)=KDF_GOSTR3411_2012_256(K_e,标签,种子):
a1 aa 5f 7d e4 02 d7 b3 d3 23 f2 99 1c 8d 45 34 01 31 37 01 0a 83 75 4f d0 af 6d 7c d4 92 2e d9
a1 aa 5f 7d e4 02 d7 b3 d3 23 f2 99 1c 8d 45 34 01 31 37 01 0a 83 75 4f d0 af 6d 7c d4 92 2e d9
CEK_MAC:
CEK_MAC:
be 33 f0 52
be 33 f0 52
CEK_ENC:
CEK_ENC:
d1 55 47 f8 ee 85 12 1b c8 7d 4b 10 27 d2 60 27 ec c0 71 bb a6 e7 2f 3f ec 6f 62 0f 56 83 4c 5a
d1 55 47 f8 ee 85 12 1b c8 7d 4b 10 27 d2 60 27 ec c0 71 bb a6 e7 2f 3f ec 6f 62 0f 56 83 4c 5a
The parameter set has the following object identifier:
参数集具有以下对象标识符:
id-tc26-gost-28147-param-Z::= {iso(1) member-body(2) ru(643)
rosstandart(7) tc26(1) constants(2) cipher-constants(5)
gost-28147-constants(1) param-Z(1)}
id-tc26-gost-28147-param-Z::= {iso(1) member-body(2) ru(643)
rosstandart(7) tc26(1) constants(2) cipher-constants(5)
gost-28147-constants(1) param-Z(1)}
The parameter set is defined below:
参数集定义如下:
x K1(x) K2(x) K3(x) K4(x) K5(x) K6(x) K7(x) K8(x)
------------------------------------------------------------
0 | c 6 b c 7 5 8 1
1 | 4 8 3 8 f d e 7
2 | 6 2 5 2 5 f 2 e
3 | 2 3 8 1 a 6 5 d
4 | a 9 2 d 8 9 6 0
5 | 5 a f 4 1 2 9 5
6 | b 5 a f 6 c 1 8
7 | 9 c d 6 d a c 3
8 | e 1 e 7 0 b f 4
9 | 8 e 1 0 9 7 4 f
a | d 4 7 a 3 8 b a
b | 7 7 4 5 e 1 0 6
c | 0 b c 3 b 4 d 9
d | 3 d 9 e 4 3 a c
e | f 0 6 9 2 e 3 b
f | 1 f 0 b c 0 7 2
x K1(x) K2(x) K3(x) K4(x) K5(x) K6(x) K7(x) K8(x)
------------------------------------------------------------
0 | c 6 b c 7 5 8 1
1 | 4 8 3 8 f d e 7
2 | 6 2 5 2 5 f 2 e
3 | 2 3 8 1 a 6 5 d
4 | a 9 2 d 8 9 6 0
5 | 5 a f 4 1 2 9 5
6 | b 5 a f 6 c 1 8
7 | 9 c d 6 d a c 3
8 | e 1 e 7 0 b f 4
9 | 8 e 1 0 9 7 4 f
a | d 4 7 a 3 8 b a
b | 7 7 4 5 e 1 0 6
c | 0 b c 3 b 4 d 9
d | 3 d 9 e 4 3 a c
e | f 0 6 9 2 e 3 b
f | 1 f 0 b c 0 7 2
Acknowledgments
致谢
We thank Valery Smyslov, Igor Ustinov, Basil Dolmatov, Russ Housley, Dmitry Khovratovich, Oleksandr Kazymyrov, Ekaterina Smyshlyaeva, Vasily Nikolaev, and Lolita Sonina for their careful readings and useful comments.
我们感谢瓦莱里·斯米斯洛夫、伊戈尔·乌斯季诺夫、巴兹尔·多尔马托夫、罗斯·霍斯利、德米特里·霍夫拉托维奇、奥列克桑德·卡齐莫罗夫、叶卡捷琳娜·斯米什列耶娃、瓦西里·尼古拉耶夫和洛丽塔·索尼娜的仔细阅读和有益评论。
Authors' Addresses
作者地址
Stanislav Smyshlyaev (editor) CRYPTO-PRO 18, Suschevsky val Moscow 127018 Russian Federation
Stanislav Smyshlyaev(编辑)CRYPTO-PRO 18,莫斯科苏切夫斯基127018俄罗斯联邦
Phone: +7 (495) 995-48-20
Email: svs@cryptopro.ru
Phone: +7 (495) 995-48-20
Email: svs@cryptopro.ru
Evgeny Alekseev CRYPTO-PRO 18, Suschevsky val Moscow 127018 Russian Federation
叶夫根尼·阿列克谢耶夫加密-PRO 18,莫斯科苏契夫斯基127018俄罗斯联邦
Phone: +7 (495) 995-48-20
Email: alekseev@cryptopro.ru
Phone: +7 (495) 995-48-20
Email: alekseev@cryptopro.ru
Igor Oshkin CRYPTO-PRO 18, Suschevsky val Moscow 127018 Russian Federation
Igor Oshkin CRYPTO-PRO 18,莫斯科苏契夫斯基127018俄罗斯联邦
Phone: +7 (495) 995-48-20
Email: oshkin@cryptopro.ru
Phone: +7 (495) 995-48-20
Email: oshkin@cryptopro.ru
Vladimir Popov CRYPTO-PRO 18, Suschevsky val Moscow 127018 Russian Federation
弗拉基米尔·波波夫CRYPTO-PRO 18,莫斯科苏契夫斯基127018俄罗斯联邦
Phone: +7 (495) 995-48-20
Email: vpopov@cryptopro.ru
Phone: +7 (495) 995-48-20
Email: vpopov@cryptopro.ru
Serguei Leontiev CRYPTO-PRO 18, Suschevsky val Moscow 127018 Russian Federation
Serguei Leontiev CRYPTO-PRO 18,莫斯科苏切夫斯基邮编127018俄罗斯联邦
Phone: +7 (495) 995-48-20
Email: lse@cryptopro.ru
Phone: +7 (495) 995-48-20
Email: lse@cryptopro.ru
Vladimir Podobaev FACTOR-TS 11A, 1st Magistralny proezd Moscow 123290 Russian Federation
弗拉基米尔·波多巴耶夫系数-TS 11A,莫斯科第一治安法院,邮编:123290俄罗斯联邦
Phone: +7 (495) 644-31-30
Email: v_podobaev@factor-ts.ru
Phone: +7 (495) 644-31-30
Email: v_podobaev@factor-ts.ru
Dmitry Belyavsky TCI 8, Zoologicheskaya st Moscow 117218 Russian Federation
Dmitry Belyavsky TCI 8,俄罗斯联邦莫斯科动物园街117218号
Phone: +7 (499) 254-24-50
Email: beldmit@gmail.com
Phone: +7 (499) 254-24-50
Email: beldmit@gmail.com