From: Richard Levitte Date: Mon, 11 Oct 2021 13:10:45 +0000 (+0200) Subject: Document the current state of the GOST provider X-Git-Tag: v3.0.1~42 X-Git-Url: http://wagner.pp.ru/gitweb/?a=commitdiff_plain;h=df3ead272bd2019f98d16e6787f5df51556c0603;p=openssl-gost%2Fengine.git Document the current state of the GOST provider --- diff --git a/README.md b/README.md index d02f13e..0a12815 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # engine + A reference implementation of the Russian GOST crypto algorithms for OpenSSL Compatibility: OpenSSL 3.0 @@ -10,3 +11,13 @@ Mailing list: http://www.wagner.pp.ru/list-archives/openssl-gost/ Some useful links: https://www.altlinux.org/OSS-GOST-Crypto DO NOT TRY BUILDING MASTER BRANCH AGAINST openssl 1.1.1! Use 1_1_1 branch instead! + +# provider + +A reference implementation in the same spirit as the engine, specified +above. + +This is currently work in progress, with only a subset of all intended +functionality implemented: symmetric ciphers, hashes and MACs. + +For more information, see [README.prov.md](README.prov.md) diff --git a/README.prov.md b/README.prov.md new file mode 100644 index 0000000..0749104 --- /dev/null +++ b/README.prov.md @@ -0,0 +1,61 @@ +# GOST provider + +The GOST provider is currently built in parallell with the GOST +engine, and is implemented like a wrapper around the engine code. + +## Currently implemented + +Symmetric ciphers: + +- gost89 +- gost89-cnt +- gost89-cnt-12 +- gost89-cbc +- kuznyechik-ecb +- kuznyechik-cbc +- kuznyechik-cfb +- kuznyechik-ofb +- kuznyechik-ctr +- magma-cbc +- magma-ctr +- magma-ctr-acpkm +- magma-ctr-acpkm-omac +- kuznyechik-ctr-acpkm +- kuznyechik-ctr-acpkm-omac + +Hashes: + +- id-tc26-gost3411-12-256 (md_gost12_256) +- id-tc26-gost3411-12-512 (md_gost12_512) +- id-GostR3411-94 (md_gost94) + +MACs: + +- gost-mac +- gost-mac-12 +- magma-mac +- kuznyechik-mac +- kuznyechik-ctr-acpkm-omac + +## TODO, not requiring additional OpenSSL support + +- Basic support for GOST keys, i.e. implementations of KEYMGMT + (including key generation), DECODER and DECODER. + +- Support for these operations using GOST keys: + + - ASYM_CIPHER (encryption and decryption using GOST keys) + - SIGNATURE (signing and verifying using GOST keys) + +## TODO, which requires additional OpenSSL support + +- TLSTREE support. This may require additional changes in libssl. + Needs investigation. + +- PKCS7 and CMS support. This requires OpenSSL PKCS7 and CMS code + to change for better interfacing with providers. + +## TODO, far future + +- Refactor the code into being just a provider. This is to be done + when engines aren't supported any more.