Skip to content

Commit

Permalink
Document the current state of the GOST provider
Browse files Browse the repository at this point in the history
  • Loading branch information
@levitte @beldmit
levitte authored and beldmit committed Oct 11, 2021
1 parent 4952acb commit df3ead2
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 0 deletions.
11 changes: 11 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# engine

A reference implementation of the Russian GOST crypto algorithms for OpenSSL

Compatibility: OpenSSL 3.0
Expand All @@ -10,3 +11,13 @@ Mailing list: http://www.wagner.pp.ru/list-archives/openssl-gost/
Some useful links: https://www.altlinux.org/OSS-GOST-Crypto

DO NOT TRY BUILDING MASTER BRANCH AGAINST openssl 1.1.1! Use 1_1_1 branch instead!

# provider

A reference implementation in the same spirit as the engine, specified
above.

This is currently work in progress, with only a subset of all intended
functionality implemented: symmetric ciphers, hashes and MACs.

For more information, see [README.prov.md](README.prov.md)
61 changes: 61 additions & 0 deletions README.prov.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# GOST provider

The GOST provider is currently built in parallell with the GOST
engine, and is implemented like a wrapper around the engine code.

## Currently implemented

Symmetric ciphers:

- gost89
- gost89-cnt
- gost89-cnt-12
- gost89-cbc
- kuznyechik-ecb
- kuznyechik-cbc
- kuznyechik-cfb
- kuznyechik-ofb
- kuznyechik-ctr
- magma-cbc
- magma-ctr
- magma-ctr-acpkm
- magma-ctr-acpkm-omac
- kuznyechik-ctr-acpkm
- kuznyechik-ctr-acpkm-omac

Hashes:

- id-tc26-gost3411-12-256 (md_gost12_256)
- id-tc26-gost3411-12-512 (md_gost12_512)
- id-GostR3411-94 (md_gost94)

MACs:

- gost-mac
- gost-mac-12
- magma-mac
- kuznyechik-mac
- kuznyechik-ctr-acpkm-omac

## TODO, not requiring additional OpenSSL support

- Basic support for GOST keys, i.e. implementations of KEYMGMT
(including key generation), DECODER and DECODER.

- Support for these operations using GOST keys:

- ASYM_CIPHER (encryption and decryption using GOST keys)
- SIGNATURE (signing and verifying using GOST keys)

## TODO, which requires additional OpenSSL support

- TLSTREE support. This may require additional changes in libssl.
Needs investigation.

- PKCS7 and CMS support. This requires OpenSSL PKCS7 and CMS code
to change for better interfacing with providers.

## TODO, far future

- Refactor the code into being just a provider. This is to be done
when engines aren't supported any more.

0 comments on commit df3ead2

Please sign in to comment.