1package Net::DNS::SEC::ECCGOST; 2 3use strict; 4use warnings; 5 6our $VERSION = (qw$Id: ECCGOST.pm 1853 2021-10-11 10:40:59Z willem $)[2]; 7 8 9=head1 NAME 10 11Net::DNS::SEC::ECCGOST - DNSSEC ECC-GOST digital signature algorithm 12 13 14=head1 SYNOPSIS 15 16 require Net::DNS::SEC::ECCGOST; 17 18 $validated = Net::DNS::SEC::ECCGOST->verify( $sigdata, $keyrr, $sigbin ); 19 20 21=head1 DESCRIPTION 22 23Implementation of GOST R 34.10-2001 elliptic curve digital signature 24verification procedure. 25 26=head2 sign 27 28Signature generation is not implemented. 29 30=head2 verify 31 32 $validated = Net::DNS::SEC::ECCGOST->verify( $sigdata, $keyrr, $sigbin ); 33 34Verifies the signature over the binary sigdata using the specified 35public key resource record. 36 37=cut 38 39 40use constant Digest_GOST => defined( eval { require Digest::GOST } ); 41use constant ECCGOST_configured => Digest_GOST && Net::DNS::SEC::libcrypto->can('ECCGOST_verify'); 42 43BEGIN { die 'ECCGOST disabled or application has no "use Net::DNS::SEC"' unless ECCGOST_configured } 44 45my %parameters = ( 12 => [840, 'Digest::GOST::CryptoPro'] ); 46 47sub _index { return keys %parameters } 48 49 50sub sign { 51 die 'Russian Federation standard GOST R 34.10-2001 is obsolete'; 52} 53 54 55sub verify { 56 my ( $class, $sigdata, $keyrr, $sigbin ) = @_; 57 58 my $algorithm = $keyrr->algorithm; 59 my ( $nid, $object ) = @{$parameters{$algorithm} || []}; 60 die 'public key not ECC-GOST' unless $nid; 61 my $hash = $object->new(); 62 $hash->add($sigdata); 63 my $H = reverse $hash->digest; 64 65 return unless $sigbin; 66 67 my ( $y, $x ) = unpack 'a32 a32', reverse $keyrr->keybin; # public key 68 my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST( $x, $y ); 69 70 my ( $s, $r ) = unpack 'a32 a32', $sigbin; # RFC5933, RFC4490 71 return Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey ); 72} 73 74 751; 76 77__END__ 78 79######################################## 80 81=head1 COPYRIGHT 82 83Copyright (c)2014,2018 Dick Franks. 84 85All rights reserved. 86 87 88=head1 LICENSE 89 90Permission to use, copy, modify, and distribute this software and its 91documentation for any purpose and without fee is hereby granted, provided 92that the original copyright notices appear in all copies and that both 93copyright notice and this permission notice appear in supporting 94documentation, and that the name of the author not be used in advertising 95or publicity pertaining to distribution of the software without specific 96prior written permission. 97 98THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 99IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 100FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 101THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 102LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 103FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 104DEALINGS IN THE SOFTWARE. 105 106 107=head1 SEE ALSO 108 109L<Net::DNS>, L<Net::DNS::SEC>, L<Digest::GOST>, 110RFC4357, RFC4490, RFC5832, RFC5933, RFC7091 111 112=cut 113 114