1package Net::DNS::SEC::ECCGOST;
2
3use strict;
4use warnings;
5
6our $VERSION = (qw$Id: ECCGOST.pm 1853 2021-10-11 10:40:59Z willem $)[2];
7
8
9=head1 NAME
10
11Net::DNS::SEC::ECCGOST - DNSSEC ECC-GOST digital signature algorithm
12
13
14=head1 SYNOPSIS
15
16    require Net::DNS::SEC::ECCGOST;
17
18    $validated = Net::DNS::SEC::ECCGOST->verify( $sigdata, $keyrr, $sigbin );
19
20
21=head1 DESCRIPTION
22
23Implementation of GOST R 34.10-2001 elliptic curve digital signature
24verification procedure.
25
26=head2 sign
27
28Signature generation is not implemented.
29
30=head2 verify
31
32    $validated = Net::DNS::SEC::ECCGOST->verify( $sigdata, $keyrr, $sigbin );
33
34Verifies the signature over the binary sigdata using the specified
35public key resource record.
36
37=cut
38
39
40use constant Digest_GOST	=> defined( eval { require Digest::GOST } );
41use constant ECCGOST_configured => Digest_GOST && Net::DNS::SEC::libcrypto->can('ECCGOST_verify');
42
43BEGIN { die 'ECCGOST disabled or application has no "use Net::DNS::SEC"' unless ECCGOST_configured }
44
45my %parameters = ( 12 => [840, 'Digest::GOST::CryptoPro'] );
46
47sub _index { return keys %parameters }
48
49
50sub sign {
51	die 'Russian Federation standard GOST R 34.10-2001 is obsolete';
52}
53
54
55sub verify {
56	my ( $class, $sigdata, $keyrr, $sigbin ) = @_;
57
58	my $algorithm = $keyrr->algorithm;
59	my ( $nid, $object ) = @{$parameters{$algorithm} || []};
60	die 'public key not ECC-GOST' unless $nid;
61	my $hash = $object->new();
62	$hash->add($sigdata);
63	my $H = reverse $hash->digest;
64
65	return unless $sigbin;
66
67	my ( $y, $x ) = unpack 'a32 a32', reverse $keyrr->keybin;    # public key
68	my $eckey = Net::DNS::SEC::libcrypto::EC_KEY_new_ECCGOST( $x, $y );
69
70	my ( $s, $r ) = unpack 'a32 a32', $sigbin;		# RFC5933, RFC4490
71	return Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey );
72}
73
74
751;
76
77__END__
78
79########################################
80
81=head1 COPYRIGHT
82
83Copyright (c)2014,2018 Dick Franks.
84
85All rights reserved.
86
87
88=head1 LICENSE
89
90Permission to use, copy, modify, and distribute this software and its
91documentation for any purpose and without fee is hereby granted, provided
92that the original copyright notices appear in all copies and that both
93copyright notice and this permission notice appear in supporting
94documentation, and that the name of the author not be used in advertising
95or publicity pertaining to distribution of the software without specific
96prior written permission.
97
98THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
99IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
100FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
101THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
102LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
103FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
104DEALINGS IN THE SOFTWARE.
105
106
107=head1 SEE ALSO
108
109L<Net::DNS>, L<Net::DNS::SEC>, L<Digest::GOST>,
110RFC4357, RFC4490, RFC5832, RFC5933, RFC7091
111
112=cut
113
114