Skip to content

WIP: GOST cryptography support

username-removed-112173 requested to merge lumag/gnutls:gost-review into master

Here is the draft/preview pull request for GOST cryptography support (see #52) .

This code requires special version of Nettle to function properly. Nevertheless the code is designed no to break if Nettle library doesn't provide support for GOST cryptography primitives.

Features list:

  • PKI:
    • certificate import, export, generation
    • private key import, export, generation
    • certificate request import, export, generation
    • verification of signatures in trust chains
  • PKCS7:
    • verification of signatures
    • signing the data
  • PKCS12:
    • parsing
    • generation
  • TLS GOST extension support:
    • VKO key exchange
    • Client certificate-based authentication
    • CryptoPro TLS extension (id = 65000)
  • TLS GOST ciphersuites
    • TLS_GOSTR341001_WITH_28147_CNT_IMIT
    • TLS_GOSTR341112_256_WITH_28147_CNT_IMIT
    • TLS_GOSTR341001_WITH_NULL_GOSTR3411
    • TLS_GOSTR341112_256_WITH_NULL_GOSTR3411

Testsuite:

  • basic GOST certificate/key tests
  • selftests:
    • ciphers
    • hashes
    • PK
  • run certtool on samples from RFC 4490/CPCMS
  • PKCS8/12 examples & generation ?
  • expand pkcs7-gen
  • PKCS7 sign/verify (cert-tests/pkcs7)
  • TLS/DTLS key exchange checks ( *tls1.*-cert-key-exchange.c)
  • OID functionality tests (oids.c)
  • Plain signature/verification tests (x509sign-verify2.c)
  • X.509 chain verification (chainverify.c)
  • record layer operation (mini-record.c)
  • key import/export test (key-import-export.c)
  • interop checking with openssl (suite/testcompat-main-openssl)

Resolves #52

Edited by username-removed-105950

Merge request reports