Document the current state of the GOST provider

[openssl-gost/engine.git] / README.prov.md

diff --git a/README.prov.md b/README.prov.md
new file mode 100644 (file)
index 0000000..0749104
--- /dev/null
+++ b/README.prov.md
@@ -0,0 +1,61 @@
+# GOST provider
+
+The GOST provider is currently built in parallell with the GOST
+engine, and is implemented like a wrapper around the engine code.
+
+## Currently implemented
+
+Symmetric ciphers:
+
+-   gost89
+-   gost89-cnt
+-   gost89-cnt-12
+-   gost89-cbc
+-   kuznyechik-ecb
+-   kuznyechik-cbc
+-   kuznyechik-cfb
+-   kuznyechik-ofb
+-   kuznyechik-ctr
+-   magma-cbc
+-   magma-ctr
+-   magma-ctr-acpkm
+-   magma-ctr-acpkm-omac
+-   kuznyechik-ctr-acpkm
+-   kuznyechik-ctr-acpkm-omac
+
+Hashes:
+
+-   id-tc26-gost3411-12-256 (md_gost12_256)
+-   id-tc26-gost3411-12-512 (md_gost12_512)
+-   id-GostR3411-94 (md_gost94)
+
+MACs:
+
+-   gost-mac
+-   gost-mac-12
+-   magma-mac
+-   kuznyechik-mac
+-   kuznyechik-ctr-acpkm-omac
+
+## TODO, not requiring additional OpenSSL support
+
+-   Basic support for GOST keys, i.e. implementations of KEYMGMT
+    (including key generation), DECODER and DECODER.
+
+-   Support for these operations using GOST keys:
+
+    -   ASYM_CIPHER (encryption and decryption using GOST keys)
+    -   SIGNATURE (signing and verifying using GOST keys)
+    
+## TODO, which requires additional OpenSSL support
+
+-   TLSTREE support.  This may require additional changes in libssl.
+    Needs investigation.
+
+-   PKCS7 and CMS support.  This requires OpenSSL PKCS7 and CMS code
+    to change for better interfacing with providers.
+
+## TODO, far future
+
+-   Refactor the code into being just a provider.  This is to be done
+    when engines aren't supported any more.