Here is the draft/preview pull request for GOST cryptography support (see #52) .
This code requires special version of Nettle to function properly. Nevertheless the code is designed no to break if Nettle library doesn't provide support for GOST cryptography primitives.
Features list:
-
PKI: -
certificate import, export, generation -
private key import, export, generation -
certificate request import, export, generation -
verification of signatures in trust chains
-
-
PKCS7: -
verification of signatures -
signing the data
-
-
PKCS12: -
parsing -
generation
-
-
TLS GOST extension support: -
VKO key exchange -
Client certificate-based authentication -
CryptoPro TLS extension (id = 65000)
-
-
TLS GOST ciphersuites -
TLS_GOSTR341001_WITH_28147_CNT_IMIT -
TLS_GOSTR341112_256_WITH_28147_CNT_IMIT -
TLS_GOSTR341001_WITH_NULL_GOSTR3411 -
TLS_GOSTR341112_256_WITH_NULL_GOSTR3411
-
Testsuite:
-
basic GOST certificate/key tests -
selftests: -
ciphers -
hashes -
PK
-
-
run certtool on samples from RFC 4490/CPCMS -
PKCS8/12 examples & generation ? -
expand pkcs7-gen -
PKCS7 sign/verify ( cert-tests/pkcs7) -
TLS/DTLS key exchange checks ( *tls1.*-cert-key-exchange.c) -
OID functionality tests ( oids.c) -
Plain signature/verification tests ( x509sign-verify2.c) -
X.509 chain verification ( chainverify.c) -
record layer operation ( mini-record.c) -
key import/export test ( key-import-export.c) -
interop checking with openssl ( suite/testcompat-main-openssl)
Resolves #52