(xmlsec-gnutls) Added support for GOST 2001 keys, digests, and signat…

…ures. (#692)
lsh123 · Jul 11, 2023 · 83f00f5 · 83f00f5
1 parent 1f858af
commit 83f00f5
Show file tree

Hide file tree

Showing 15 changed files with 490 additions and 36 deletions.
diff --git a/.github/workflows/make-check.yml b/.github/workflows/make-check.yml
@@ -18,9 +18,9 @@ jobs:
       matrix:
         include:
           - config_flags:
-          - config_flags: --enable-size-t=no
-          - config_flags: --enable-md5
-          - config_flags: --enable-static-linking=yes --without-nss --without-gcrypt --without-gnutls
+          - config_flags: --enable-size-t=no --enable-md5
+          - config_flags: --enable-static --enable-static-linking --without-nss --without-gcrypt --without-gnutls
+          - config_flags: --enable-static --enable-static-linking --enable-gost --without-openssl --without-nss --without-gcrypt
     steps:
     - name: install dependencies
       run: |
@@ -56,8 +56,7 @@ jobs:
       matrix:
         include:
           - config_flags:
-          - config_flags: --enable-size-t=no
-          - config_flags: --enable-md5
+          - config_flags: --enable-size-t=no --enable-md5
           - config_flags: --enable-static-linking=yes --without-nss --without-gcrypt --without-gnutls
     steps:
     - name: install dependencies
@@ -96,12 +95,11 @@ jobs:
       matrix:
         include:
           - config_flags:
-          - config_flags: --enable-size-t=no
-          - config_flags: --enable-md5
+          - config_flags: --enable-size-t=no --enable-md5
     steps:
     - name: Set up Homebrew
       id: set-up-homebrew
-      uses: Homebrew/actions/setup-homebrew@master      
+      uses: Homebrew/actions/setup-homebrew@master
     - name: install dependencies
       run: |
           brew update
@@ -155,7 +153,7 @@ jobs:
             config_flags: --enable-unicode=no
           - msystem: MINGW64
             arch: x86_64
-            config_flags: --enable-size-t=no
+            config_flags: --enable-size-t=no --enable-md5
           - msystem: MINGW64
             arch: x86_64
             config_flags: --enable-static --enable-static-linking

diff --git a/docs/index.html b/docs/index.html
@@ -76,6 +76,7 @@ <h1>XML Security Library</h1>
             <li>The xmlsec-mscrypto is moved down in the default crypto library selection list as it is now in maintanance mode
                 (use "--with-default-crypto" option to force the selection).</li>
             <li>Fixed the static libraries build with "--enable-static-linking" option on MinGW.</li>
+            <li>(xmlsec-gnutls) Added support for GOST R 34.11-94 digest and GOST R 34.10-2001 signature algorithms.</li>
 			<li>Several other small fixes (<a href="https://github.com/lsh123/xmlsec/commits/master">more details</a>).</li>
 		</ul>
 	</li>

diff --git a/docs/xmldsig.html b/docs/xmldsig.html
@@ -546,7 +546,7 @@ <h3>XMLSec Cryptographic Libraries features</h3>
                         <td valign="top">Optional</td><!-- Requirements-->
                         <td valign="top" bgcolor="#C1E1C1">Yes <a href="#gost-openssl"><sup>(2)</sup></a></td><!-- OpenSSL-->
                         <td valign="top">No</td><!-- NSS -->
-                        <td valign="top">No</td><!-- GnuTLS -->
+                        <td valign="top">Yes</td><!-- GnuTLS -->
                         <td valign="top">No</td><!-- MSCng -->
                         <td valign="top" bgcolor="#C1E1C1">Yes <a href="#gost-mscrypto"><sup>(3)</sup></a></td><!-- MSCrypto -->
                         <td valign="top">No</td><!-- GCrypt -->
@@ -1026,7 +1026,7 @@ <h3>XMLSec Cryptographic Libraries features</h3>
                         <td valign="top">Optional</td><!-- Requirements-->
                         <td valign="top" bgcolor="#C1E1C1">Yes <a href="#gost-openssl"><sup>(2)</sup></a></td><!-- OpenSSL-->
                         <td valign="top">No</td><!-- NSS -->
-                        <td valign="top">No</td><!-- GnuTLS -->
+                        <td valign="top">Yes</td><!-- GnuTLS -->
                         <td valign="top">No</td><!-- MSCng -->
                         <td valign="top" bgcolor="#C1E1C1">Yes <a href="#gost-mscrypto"><sup>(3)</sup></a></td><!-- MSCrypto -->
                         <td valign="top">No</td><!-- GCrypt -->

diff --git a/include/xmlsec/gnutls/crypto.h b/include/xmlsec/gnutls/crypto.h
@@ -348,6 +348,48 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformEcdsaSha3_512GetKlas
 
 #endif /* XMLSEC_NO_EC */
 
+
+/********************************************************************
+ *
+ * GOST 2001 key and transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_GOST
+
+/**
+ * xmlSecGnuTLSKeyDataGost2001Id:
+ *
+ * The GOST 2001 key klass.
+ */
+#define xmlSecGnuTLSKeyDataGost2001Id   xmlSecGnuTLSKeyDataGost2001GetKlass     ()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecGnuTLSKeyDataGost2001GetKlass     (void);
+XMLSEC_CRYPTO_EXPORT int                xmlSecGnuTLSKeyDataGost2001AdoptKey     (xmlSecKeyDataPtr data,
+                                                                                 gnutls_pubkey_t pubkey,
+                                                                                 gnutls_privkey_t privkey);
+XMLSEC_CRYPTO_EXPORT gnutls_pubkey_t    xmlSecGnuTLSKeyDataGost2001GetPublicKey (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT gnutls_privkey_t   xmlSecGnuTLSKeyDataGost2001GetPrivateKey(xmlSecKeyDataPtr data);
+
+/**
+ * xmlSecGnuTLSTransformGostR3411_94Id:
+ *
+ * The GOSTR3411_94 digest transform klass.
+ */
+#define xmlSecGnuTLSTransformGostR3411_94Id \
+        xmlSecGnuTLSTransformGostR3411_94GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformGostR3411_94GetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformGost2001GostR3411_94Id:
+ *
+ * The GOST2001 GOSTR3411_94 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformGost2001GostR3411_94Id \
+        xmlSecGnuTLSTransformGost2001GostR3411_94GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformGost2001GostR3411_94GetKlass(void);
+
+#endif /* XMLSEC_NO_GOST */
+
+
 /********************************************************************
  *
  * HMAC transforms

diff --git a/include/xmlsec/gnutls/symbols.h b/include/xmlsec/gnutls/symbols.h
@@ -101,6 +101,8 @@ extern "C" {
 #define xmlSecTransformSha3_384Id               xmlSecGnuTLSTransformSha3_384Id
 #define xmlSecTransformSha3_512Id               xmlSecGnuTLSTransformSha3_512Id
 
+#define xmlSecTransformGostR3411_94Id           xmlSecGnuTLSTransformGostR3411_94Id
+#define xmlSecTransformGost2001GostR3411_94Id   xmlSecGnuTLSTransformGost2001GostR3411_94Id
 
 /********************************************************************
  *

diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h
@@ -573,6 +573,15 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdhGetKlass(void);
         xmlSecOpenSSLKeyDataGost2001GetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecOpenSSLKeyDataGost2001GetKlass   (void);
 
+/**
+ * xmlSecOpenSSLTransformGostR3411_94Id:
+ *
+ * The GOSTR3411_94 digest transform klass.
+ */
+#define xmlSecOpenSSLTransformGostR3411_94Id \
+        xmlSecOpenSSLTransformGostR3411_94GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformGostR3411_94GetKlass(void);
+
 /**
  * xmlSecOpenSSLTransformGost2001GostR3411_94Id:
  *
@@ -582,15 +591,6 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecOpenSSLKeyDataGost2001GetKlass   (
         xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass(void);
 
-
-/**
- * xmlSecOpenSSLTransformGostR3411_94Id:
- *
- * The GOSTR3411_94 signature transform klass.
- */
-#define xmlSecOpenSSLTransformGostR3411_94Id \
-        xmlSecOpenSSLTransformGostR3411_94GetKlass()
-XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformGostR3411_94GetKlass(void);
 #endif /* XMLSEC_NO_GOST */
 
 

diff --git a/include/xmlsec/openssl/symbols.h b/include/xmlsec/openssl/symbols.h
@@ -136,8 +136,8 @@ extern "C" {
 #define xmlSecTransformSha3_384Id               xmlSecOpenSSLTransformSha3_384Id
 #define xmlSecTransformSha3_512Id               xmlSecOpenSSLTransformSha3_512Id
 
-#define xmlSecTransformGost2001GostR3411_94Id   xmlSecOpenSSLTransformGost2001GostR3411_94Id
 #define xmlSecTransformGostR3411_94Id           xmlSecOpenSSLTransformGostR3411_94Id
+#define xmlSecTransformGost2001GostR3411_94Id   xmlSecOpenSSLTransformGost2001GostR3411_94Id
 
 
 /********************************************************************