XMLDSIG Working Group                      Grigorij Chudov, CRYPTO-PRO
Internet Draft                            Serguei Leontiev, CRYPTO-PRO
Expires October 7, 2004                                  April 7, 2004
Intended Category: Informational

          Using algorithms GOST R 34.10-2001, GOST R 34.10-94
             and GOST R 34.11-94 for XML Digital Signatures

               <draft-chudov-cryptopro-cpxmldsig-00.txt>

Status of this Memo

   This document is an Internet-Draft and is subject to all provisions
   of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or made obsolete by other documents at
   any time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

Abstract


   This document specifies how to use Russian national cryptographic
   standards GOST R 34.10-2001, GOST R 34.10-94 and GOST R 34.11-94
   digital signatures and public keys  with XML Signatures [XMLDSIG].
   The mechanism specified provides integrity, message authentication,
   and/or signer authentication services for data of any type, whether
   located within the XML that includes the signature or included by
   reference.

Table of Contents

   1     Introduction. . . . . . . . . . . . . . . . . . . . . . .  2
   2     GOST R 34.10-94/2001. . . . . . . . . . . . . . . . . . .  3
   3     Specifying GOST within XMLDSIG. . . . . . . . . . . . . .  3
   3.1   Version, Namespaces and Identifiers . . . . . . . . . . .  3



Chudov, Leontiev              Informational                     [Page 1]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


   3.2   XML Schema Preamble and DTD Replacement . . . . . . . . .  3
   3.2.1 XML Schema Preamble . . . . . . . . . . . . . . . . . . .  3
   3.2.2 DTD Replacement . . . . . . . . . . . . . . . . . . . . .  3
   3.3   SignatureMethod Algorithms. . . . . . . . . . . . . . . .  3
   3.3.1 Public Key Signature Algorithms . . . . . . . . . . . . .  3
   3.3.2 Message Authentication Code Algorithms. . . . . . . . . .  3
   3.4   DigestMethod Algorithms . . . . . . . . . . . . . . . . .  4
   3.5   GOST Key Values . . . . . . . . . . . . . . . . . . . . .  4
   3.5.1 Key Value Root Element. . . . . . . . . . . . . . . . . .  4
   3.5.2 GOST Parameters . . . . . . . . . . . . . . . . . . . . .  4
   4     Security Considerations . . . . . . . . . . . . . . . . .  8
   Appendix A: Aggregate XML Schema. . . . . . . . . . . . . . . .  9
   Appendix B: Aggregate DTD . . . . . . . . . . . . . . . . . . .  9
   References. . . . . . . . . . . . . . . . . . . . . . . . . . . 10
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 12
   Author's Addresses. . . . . . . . . . . . . . . . . . . . . . . 12
   Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 14

1  Introduction

   This document specifies how to use GOST R 34.10-2001, GOST R 34.10-94
   and GOST R 34.11-94 digital signatures and public keys with XML
   Signatures [XMLDSIG]. Therein only two digital signature methods are
   defined: RSA signatures and DSA (DSS) signatures, one message digest
   method: SHA-1 and one message authentification method: HMAC-SHA1.
   This document introduces GOST R 34.10-94/2001 signatures as
   additional methods.

   This document uses both XML Schemas [XML-schema] (normative) and DTDs
   [XML] (informational) for specifying the corresponding XML
   structures.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
   NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
   this document are to be interpreted as described in [RFC 2119].

2  GOST R 34.10-94/2001

   Algorithms GOST R 34.10-94, GOST R 34.10-2001 and GOST R 34.11-94
   have been developed by Russian Federal Agency of Governmental
   Communication and Information (FAGCI) and "All-Russian Scientific and
   Research Institute of Standardization". They are described in
   [GOSTR341094], [GOSTR34102001] and [GOSTR341194].  Recomended
   parameters for those algorithms are described in [CPALGS].

   The only hash function used with GOST R 34.10-94/2001 is GOST R
   34.11-94.




Chudov, Leontiev              Informational                     [Page 2]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


3  Specifying GOST within XMLDSIG

   This section specifies the details of how to use GOST algorithms with
   XML Signature Syntax and Processing [XMLDSIG]. It relies heavily on
   the syntax and namespace defined in [XMLDSIG].

3.1  Version, Namespaces and Identifiers

   This specification makes no provision for an explicit version number
   in the syntax. If a future version is needed, it will use a different
   namespace.

   The XML namespace [XML-ns] URI that MUST be used by implementations
   of this (dated) specification is:
     http://www.w3.org/2001/04/xmldsig-more#

   Elements in the namespace of the [XMLDSIG] specification are marked
   as such by using the namespace prefix "dsig" in the remaining
   sections of this document.

3.2 XML Schema Preamble and DTD Replacement

   3.2.1 XML Schema Preamble

   The subsequent preamble is to be used with the XML Schema definitions
   given in the remaining sections of this document.

     <?xml version="1.0" encoding="UTF-8"?>
     <xs:schema
       targetNamespace="http://www.w3.org/2001/04/xmldsig-more#"
       xmlns:gost="http://www.w3.org/2001/04/xmldsig-more#"
       xmlns:xs="http://www.w3.org/2001/XMLSchema"
       elementFormDefault="qualified" attributeFormDefault="unqualified"
       version="0.2">

3.2.2 DTD Replacement

   In order to include GOST in XML-signature syntax, the following
   definition of the entity Key.ANY SHOULD replace the one in [XMLDSIG]:

     <!ENTITY % KeyValue.ANY '| gost:GOSTKeyValue'>

3.3  SignatureMethod Algorithms

3.3.1  Public Key Signature Algorithms

   The input to the GOST R 34.10-94/2001 algorithms is the canonicalized
   representation of the dsig:SignedInfo element as specified in Section



Chudov, Leontiev              Informational                     [Page 3]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


   3 of [XMLDSIG].

   The output consists of a pair of integers usually referred by the
   pair (r, s). The signature value (text value of element
   dsig:SignatureValue - see section 4.2 of [XMLDSIG]) consists of the
   base64 encoding of the concatenation of two octet-streams that
   respectively result from the octet-encoding of the values r and s.
   This concatenation is described in section 2.2 of [CPPK].

   The identifier for the GOST R 34.10-94 signature algorithm is:
     http://www.w3.org/2001/04/xmldsig-more#gostr341094-gostr3411

   The identifier for the GOST R 34.10-2001 signature algorithm is:
     http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411

3.3.2  Message Authentication Code Algorithms

   GOST R 34.11-94 can also be used in HMAC as described in section
   2.2.1 of [XMLURI] for HMAC-MD5.

   Identifier:
     http://www.w3.org/2001/04/xmldsig-more#hmac-gostr3411

3.4 DigestMethod Algorithms

   The identifier for the GOST R 34.11-94 digest algorithm is:
     http://www.w3.org/2001/04/xmldsig-more#gostr3411

   GOST R 34.11-94 digest is a 256-bit string. The content of the
   DigestValue element shall be the base64 encoding of this bit string
   viewed as a 32-octet octet stream.

3.5 GOST Key Values

   The syntax used for GOST key values closely follows the ASN.1 syntax
   defined in [CPPK].

3.5.1 Key Value Root Element

   Elements GOST3410-94-KeyValue and GOST3410-2001-KeyValue are used for
   encoding GOST public keys. For use with XMLDSIG simply use these
   elements inside dsig:KeyValue, such as the predefined elements
   dsig:RSAKeyValue or dsig:DSAKeyValue.

   The elements consist of an optional subelement Parameters and the
   mandatory subelement PublicKey. If Parameters are missing in an
   instance, this means that the application knows about them from other
   means (implicitly).



Chudov, Leontiev              Informational                     [Page 4]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


    Schema Definition:

    <xs:element name="GOST3410-94-KeyValue"
                type="gost:GOST3410-94-KeyValueType"/>
    <xs:element name="GOST3410-2001-KeyValue"
                type="gost:GOST3410-2001-KeyValueType"/>

    <xs:complexType name="GOST3410-94-KeyValueType">
      <xs:sequence>
        <xs:element name="GostR3410_94_PublicKeyParameters"
                    type="gost:GostR3410_94_PublicKeyParametersType"
                    minOccurs="0"/>
        <xs:element name="PublicKey" type="dsig:CryptoBinary"/>
      </xs:sequence>
    </xs:complexType>
    <xs:complexType name="GOST3410-2001-KeyValueType">
      <xs:sequence>
        <xs:element name="GostR3410_2001_PublicKeyParameters"
                    type="gost:GostR3410_2001_PublicKeyParametersType"
                    minOccurs="0"/>
        <xs:element name="PublicKey" type="dsig:CryptoBinary"/>
      </xs:sequence>
    </xs:complexType>

    DTD Definition:

    <!ELEMENT GOST3410-94-KeyValue (
                   GostR3410_94_PublicKeyParameters?, PublicKey) >
    <!ELEMENT GOST3410-2001-KeyValue (
                   GostR3410_2001_PublicKeyParameters?, PublicKey) >
    <!ELEMENT PublicKey (#PCDATA) >

3.5.2 GOST Parameters

   Gost paramaters contain three OIDs: publicKeyParamSet, digestParamSet
   and optional encryptionParamSet. Parameter values, corresponding to
   these OIDs, can be found in [CPALGS].

    Schema Definition:

    <xs:element name="GostR3410_94_PublicKeyParameters"
                type="GostR3410_94_PublicKeyParametersType"/>
    <xs:element name="GostR3410_2001_PublicKeyParameters"
                type="GostR3410_2001_PublicKeyParametersType"/>
    <xs:complexType name="GostR3410_94_PublicKeyParametersType">
       <xs:sequence>
          <xs:element name="publicKeyParamSet"
                      type="gost:OBJECT-IDENTIFIER"/>



Chudov, Leontiev              Informational                     [Page 5]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


          <xs:element name="digestParamSet"
                      type="gost:OBJECT-IDENTIFIER"/>
          <xs:element name="encryptionParamSet"
                      type="gost:OBJECT-IDENTIFIER"
                      minOccurs="0"/>
       </xs:sequence>
    </xs:complexType>
    <xs:complexType name="GostR3410_2001_PublicKeyParametersType">
       <xs:sequence>
          <xs:element name="publicKeyParamSet"
                      type="gost:OBJECT-IDENTIFIER"/>
          <xs:element name="digestParamSet"
                      type="gost:OBJECT-IDENTIFIER"/>
          <xs:element name="encryptionParamSet"
                      type="gost:OBJECT-IDENTIFIER"
                      minOccurs="0"/>
       </xs:sequence>
    </xs:complexType>

    <xs:simpleType name="OBJECT-IDENTIFIER">
       <xs:restriction base="xs:token">
          <xs:pattern value="[0-2](.[1-3]?[0-9]?(.+)*)?"/>
       </xs:restriction>
    </xs:simpleType>

    DTD Definition:

    <!ELEMENT GostR3410_94_PublicKeyParameters (
                   publicKeyParamSet, digestParamSet,
                   encryptionParamSet?) >
    <!ELEMENT GostR3410_2001_PublicKeyParameters (
                   publicKeyParamSet, digestParamSet,
                   encryptionParamSet?) >
    <!ELEMENT publicKeyParamSet (#PCDATA) >
    <!ELEMENT digestParamSet (#PCDATA) >
    <!ELEMENT encryptionParamSet (#PCDATA) >


4  Security Considerations

   It is RECCOMENDED, that applications verify signature values and
   subject public keys to conform to [GOSTR34102001], [GOSTR341094]
   standards prior to their use.

   For security discussion concerning use of algorithm parameters, see
   section Security Considerations from [CPALGS].

Appendix A: Aggregate XML Schema



Chudov, Leontiev              Informational                     [Page 6]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


    <?xml version="1.0" encoding="UTF-8"?>
    <xs:schema
      targetNamespace="http://www.w3.org/2001/04/xmldsig-more#"
      xmlns:gost="http://www.w3.org/2001/04/xmldsig-more#"
      xmlns:xs="http://www.w3.org/2001/XMLSchema"
      elementFormDefault="qualified" attributeFormDefault="unqualified"
      version="0.2">

    <xs:complexType name="GOST3410-94-KeyValueType">
      <xs:sequence>
        <xs:element name="GostR3410_94_PublicKeyParameters"
                    type="gost:GostR3410_94_PublicKeyParametersType"
                    minOccurs="0"/>
        <xs:element name="PublicKey" type="dsig:CryptoBinary"/>
      </xs:sequence>
    </xs:complexType>
    <xs:complexType name="GOST3410-2001-KeyValueType">
      <xs:sequence>
        <xs:element name="GostR3410_2001_PublicKeyParameters"
                    type="gost:GostR3410_2001_PublicKeyParametersType"
                    minOccurs="0"/>
        <xs:element name="PublicKey" type="dsig:CryptoBinary"/>
      </xs:sequence>
    </xs:complexType>

    <xs:complexType name="GostR3410_94_PublicKeyParametersType">
       <xs:sequence>
          <xs:element name="publicKeyParamSet"
                      type="gost:OBJECT-IDENTIFIER"/>
          <xs:element name="digestParamSet"
                      type="gost:OBJECT-IDENTIFIER"/>
          <xs:element name="encryptionParamSet"
                      type="gost:OBJECT-IDENTIFIER"
                      minOccurs="0"/>
       </xs:sequence>
    </xs:complexType>
    <xs:complexType name="GostR3410_2001_PublicKeyParametersType">
       <xs:sequence>
          <xs:element name="publicKeyParamSet"
                      type="gost:OBJECT-IDENTIFIER"/>
          <xs:element name="digestParamSet"
                      type="gost:OBJECT-IDENTIFIER"/>
          <xs:element name="encryptionParamSet"
                      type="gost:OBJECT-IDENTIFIER"
                      minOccurs="0"/>
       </xs:sequence>
    </xs:complexType>




Chudov, Leontiev              Informational                     [Page 7]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


    <xs:simpleType name="OBJECT-IDENTIFIER">
       <xs:restriction base="xs:token">
          <xs:pattern value="[0-2](.[1-3]?[0-9]?(.+)*)?"/>
       </xs:restriction>
    </xs:simpleType>

Appendix B: Aggregate DTD

    <!ELEMENT GOST3410-94-KeyValue (
                   GostR3410_94_PublicKeyParameters?, PublicKey) >
    <!ELEMENT GOST3410-2001-KeyValue (
                   GostR3410_2001_PublicKeyParameters?, PublicKey) >
    <!ELEMENT PublicKey (#PCDATA) >
    <!ELEMENT GostR3410_94_PublicKeyParameters (
                   publicKeyParamSet, digestParamSet,
                   encryptionParamSet?) >
    <!ELEMENT GostR3410_2001_PublicKeyParameters (
                   publicKeyParamSet, digestParamSet,
                   encryptionParamSet?) >
    <!ELEMENT publicKeyParamSet (#PCDATA) >
    <!ELEMENT digestParamSet (#PCDATA) >
    <!ELEMENT encryptionParamSet (#PCDATA) >

References


   [GOSTR341094]   "Information technology. Cryptographic Data Security.
                   Produce and check procedures of Electronic Digital
                   Signatures based on Asymmetric Cryptographic Algo-
                   rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of
                   Russian Federation, Government Committee of the Rus-
                   sia for Standards, 1994. (In Russian);


   [GOSTR34102001] "Information technology. Cryptographic Data Secu-
                   rity.Signature and verification processes of [elec-
                   tronic] digital signature.", GOST R 34.10-2001, Gosu-
                   darstvennyi Standard of Russian Federation, Govern-
                   ment Committee of the Russia for Standards, 2001. (In
                   Russian);


   [GOSTR341194]   "Information technology. Cryptographic Data Security.
                   Hashing function.", GOST R 34.10-94, Gosudarstvennyi
                   Standard of Russian Federation, Government Committee
                   of the Russia for Standards, 1994. (In Russian);





Chudov, Leontiev              Informational                     [Page 8]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


   [RFC 2119]      Bradner, S., "Key Words for Use in RFCs to Indicate
                   Requirement Levels", BCP 14, RFC 2119, March 1997.


   [XMLDSIG]       Eastlake, D., Reagle, J., and Solo, D., XML-Signature
                   Syntax and Processing. W3C Recommendation, February
                   2002.  http://www.w3.org/TR/2002/REC-xmldsig-
                   core-20020212/


   [XML-schema]    Beech, D., Maloney, M., Mendelsohn, N., and Thompson,
                   H., XML Schema Part 1: Structures, W3C Recommenda-
                   tion, May 2001.  http://www.w3.org/TR/2001/REC-
                   xmlschema-1-20010502/ Biron, P., and Malhotra, A., ML
                   Schema Part 2: Datatypes, W3C Recommendation, May
                   2001.  http://www.w3.org/TR/2001/REC-
                   xmlschema-2-20010502/


   [XMLURI]        Donald E. Eastlake 3rd "Additional XML Security
                   URIs", draft-eastlake-xmldsig-uri-05.txt


   [CPALGS]        V. Popov, I. Kurepkin, S. Leontiev "Additional cryp-
                   tographic algorithms for use with GOST 28147-89, GOST
                   R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
                   algorithms.", draft-popov-cryptopro-cpalgs-01.txt


   [CPPK]          S. Leontiev, D. Shefanovskij, "Algorithms and Identi-
                   fiers for the Internet X.509 Public Key Infrastruc-
                   ture Certificates and Certificate Revocation List
                   (CRL), corresponding to the algorithms GOST R
                   34.10-94, GOST R 34.10-2001, GOST R 34.11-94", draft-
                   ietf-pkix-gost-cppk-01.txt


Acknowledgments

   This document was created in accordance with "Russian Cryptographic
   Software Compatibility Agreement", signed by FGUE STC "Atlas",
   CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI),
   Cryptocom, R-Alpha.  The aim of this agreement is to achieve mutual
   compatibility of the products and solutions.

   The authors wish to thank:

      Microsoft Corporation Russia for provided information about



Chudov, Leontiev              Informational                     [Page 9]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


      company products and solutions, and also for technical consulting
      in PKI.

      RSA Security Russia and Demos Co Ltd for active colaboration and
      critical help in creation of this document.

      NIP Informzachita for compatibility testing of the proposed data
      formats while incorporating them into company products.

      Citrix Inc for help in compatibility testing Citrix products for
      Microsoft Windows.

      Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and
      Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative,
      creating this document.

   This document is based on a contribution of CRYPTO-PRO company.  Any
   substantial use of the text from this document must acknowledge
   CRYPTO-PRO.  CRYPTO-PRO requests that all material mentioning or
   referencing this document identify this as "CRYPTO-PRO CPTLS".

Author's Addresses

   Serguei Leontiev
   CRYPTO-PRO
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: lse@cryptopro.ru

   Grigorij Chudov
   CRYPTO-PRO
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: chudov@cryptopro.ru

Full Copyright Statement

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of



Chudov, Leontiev              Informational                    [Page 10]


Internet-Draft    Using GOST for XML Digital Signatures       April 2004


   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.





































Chudov, Leontiev              Informational                    [Page 11]