From: Richard Levitte <richard@levitte.org>
Date: Mon, 11 Oct 2021 13:10:45 +0000 (+0200)
Subject: Document the current state of the GOST provider
X-Git-Tag: v3.0.1~42
X-Git-Url: http://www.wagner.pp.ru/gitweb/?p=openssl-gost%2Fengine.git;a=commitdiff_plain;h=df3ead272bd2019f98d16e6787f5df51556c0603

Document the current state of the GOST provider
---

diff --git a/README.md b/README.md
index d02f13e..0a12815 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,5 @@
 # engine
+
 A reference implementation of the Russian GOST crypto algorithms for OpenSSL
 
 Compatibility: OpenSSL 3.0
@@ -10,3 +11,13 @@ Mailing list: http://www.wagner.pp.ru/list-archives/openssl-gost/
 Some useful links: https://www.altlinux.org/OSS-GOST-Crypto
 
 DO NOT TRY BUILDING MASTER BRANCH AGAINST openssl 1.1.1! Use 1_1_1 branch instead!
+
+# provider
+
+A reference implementation in the same spirit as the engine, specified
+above.
+
+This is currently work in progress, with only a subset of all intended
+functionality implemented: symmetric ciphers, hashes and MACs.
+
+For more information, see [README.prov.md](README.prov.md)
diff --git a/README.prov.md b/README.prov.md
new file mode 100644
index 0000000..0749104
--- /dev/null
+++ b/README.prov.md
@@ -0,0 +1,61 @@
+# GOST provider
+
+The GOST provider is currently built in parallell with the GOST
+engine, and is implemented like a wrapper around the engine code.
+
+## Currently implemented
+
+Symmetric ciphers:
+
+-   gost89
+-   gost89-cnt
+-   gost89-cnt-12
+-   gost89-cbc
+-   kuznyechik-ecb
+-   kuznyechik-cbc
+-   kuznyechik-cfb
+-   kuznyechik-ofb
+-   kuznyechik-ctr
+-   magma-cbc
+-   magma-ctr
+-   magma-ctr-acpkm
+-   magma-ctr-acpkm-omac
+-   kuznyechik-ctr-acpkm
+-   kuznyechik-ctr-acpkm-omac
+
+Hashes:
+
+-   id-tc26-gost3411-12-256 (md_gost12_256)
+-   id-tc26-gost3411-12-512 (md_gost12_512)
+-   id-GostR3411-94 (md_gost94)
+
+MACs:
+
+-   gost-mac
+-   gost-mac-12
+-   magma-mac
+-   kuznyechik-mac
+-   kuznyechik-ctr-acpkm-omac
+
+## TODO, not requiring additional OpenSSL support
+
+-   Basic support for GOST keys, i.e. implementations of KEYMGMT
+    (including key generation), DECODER and DECODER.
+
+-   Support for these operations using GOST keys:
+
+    -   ASYM_CIPHER (encryption and decryption using GOST keys)
+    -   SIGNATURE (signing and verifying using GOST keys)
+    
+## TODO, which requires additional OpenSSL support
+
+-   TLSTREE support.  This may require additional changes in libssl.
+    Needs investigation.
+
+-   PKCS7 and CMS support.  This requires OpenSSL PKCS7 and CMS code
+    to change for better interfacing with providers.
+
+## TODO, far future
+
+-   Refactor the code into being just a provider.  This is to be done
+    when engines aren't supported any more.