[Botan-devel] Solved! Botan Patch inside Re: potential problem with 'GOST 3410-2001' parameters, or with my code

bert hubert bert.hubert at netherlabs.nl
Mon Feb 7 03:36:55 EST 2011


On Tue, Feb 01, 2011 at 02:55:38PM -0500, Jack Lloyd wrote:
> Thanks for providing the test vector; once I get everything
> confirmed then I will make the change in mainline so the next
> release will have this fixed.

Great!

> Having one problem though. Can you explain this step? I can't
> replicate the hash value you provide:
> 
>    const byte msg[] = "www.example.net. 3600 IN A 192.0.2.1";
> 
>    HashFunction* h = global_state().algorithm_factory().make_hash_function("GOST-34.11");

What actually gets hashed is not that string, but a DNS native
representation of it, plus the signature's parameters.

What gets hashed is:
00 01 0c 03 00 00 0e 10 70 db d8 80 38 6d 43 80 e9 54 07 65 78 61 6d 70 6c
65 03 6e 65 74 00 03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00 00 01
00 01 00 00 0e 10 00 04 c0 00 02 01

You can spot 'www.example.net' in there in the weird DNS format
'\003www\007example\003net\00'. (03 77 77 77 etc). It also contains the TTL,
the GOST algorithm id, the inception & expiration etc. These come from the
RRSIG record in the RFC.

The message above indeed hashes to
MZ4PMD6Q8fjcUkfz7yrz9onmngpM/yuKS0u3jFct8pA= here.

I hope this ties everything together to your satisfaction!

	Bert



More information about the botan-devel mailing list