Add declarations for GOST R 34.10 signatures

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

4 files changed, 32 insertions, 7 deletions

diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 5a45e9fa10..f870ecc545 100644
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -345,13 +345,29 @@ static const gnutls_sign_entry_st sign_algorithms[] = {
 	 .pk = GNUTLS_PK_EC,
 	 .hash = GNUTLS_DIG_SHA224,
 	 .aid = TLS_SIGN_AID_UNKNOWN},
-	{.name = "GOST R 34.10-2001",
+	/* GOST R 34.10-2012-512 */
+	{.name = "GOSTR341012-512",
+	 .oid = SIG_GOST_R3410_2012_512_OID,
+	 .id = GNUTLS_SIGN_GOST_512,
+	 .pk = GNUTLS_PK_GOST_12_512,
+	 .hash = GNUTLS_DIG_STREEBOG_512,
+	 .aid = TLS_SIGN_AID_UNKNOWN},
+	/* GOST R 34.10-2012-256 */
+	{.name = "GOSTR341012-256",
+	 .oid = SIG_GOST_R3410_2012_256_OID,
+	 .id = GNUTLS_SIGN_GOST_256,
+	 .pk = GNUTLS_PK_GOST_12_256,
+	 .hash = GNUTLS_DIG_STREEBOG_256,
+	 .aid = TLS_SIGN_AID_UNKNOWN},
+	/* GOST R 34.10-2001 */
+	{.name = "GOSTR341001",
 	 .oid = SIG_GOST_R3410_2001_OID,
-	 .id = 0,
-	 .pk = 0,
-	 .hash = 0,
+	 .id = GNUTLS_SIGN_GOST_94,
+	 .pk = GNUTLS_PK_GOST_01,
+	 .hash = GNUTLS_DIG_GOSTR_94,
 	 .aid = TLS_SIGN_AID_UNKNOWN},
-	{.name = "GOST R 34.10-94",
+	/* GOST R 34.10-94 */
+	{.name = "GOSTR341094",
 	 .oid = SIG_GOST_R3410_94_OID,
 	 .id = 0,
 	 .pk = 0,
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index a1e3aaf0cc..66043925e1 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -847,6 +847,9 @@ const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm);
  * @GNUTLS_SIGN_RSA_PSS_SHA384: Digital signature algorithm RSA with SHA-384, with PSS padding (RSA-PSS certificate).
  * @GNUTLS_SIGN_RSA_PSS_SHA512: Digital signature algorithm RSA with SHA-512, with PSS padding (RSA-PSS certificate).
  * @GNUTLS_SIGN_EDDSA_ED25519: Digital signature algorithm EdDSA with Ed25519 curve.
+ * @GNUTLS_SIGN_GOST_94: Digital signature algorithm GOST R 34.10-2001 with GOST R 34.11-94
+ * @GNUTLS_SIGN_GOST_256: Digital signature algorithm GOST R 34.10-2001 with GOST R 34.11-2012 256 bit
+ * @GNUTLS_SIGN_GOST_512: Digital signature algorithm GOST R 34.10-2001 with GOST R 34.11-2012 512 bit
  *
  * Enumeration of different digital signature algorithms.
  */
@@ -899,7 +902,11 @@ typedef enum {
 	GNUTLS_SIGN_RSA_PSS_RSAE_SHA256 = 40,
 	GNUTLS_SIGN_RSA_PSS_RSAE_SHA384 = 41,
 	GNUTLS_SIGN_RSA_PSS_RSAE_SHA512 = 42,
-	GNUTLS_SIGN_MAX = GNUTLS_SIGN_RSA_PSS_RSAE_SHA512
+
+	GNUTLS_SIGN_GOST_94 = 43,
+	GNUTLS_SIGN_GOST_256 = 44,
+	GNUTLS_SIGN_GOST_512 = 45,
+	GNUTLS_SIGN_MAX = GNUTLS_SIGN_GOST_512
 } gnutls_sign_algorithm_t;
 
 /**
diff --git a/lib/x509/common.h b/lib/x509/common.h
index b7ce879e10..d5c368a7b9 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -78,6 +78,8 @@
 #define SIG_RSA_RMD160_OID "1.3.36.3.3.1.2"
 #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4"
 #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3"
+#define SIG_GOST_R3410_2012_256_OID "1.2.643.7.1.1.3.2"
+#define SIG_GOST_R3410_2012_512_OID "1.2.643.7.1.1.3.3"
 #define ISO_SIG_RSA_SHA1_OID "1.3.14.3.2.29"
 
 #define SIG_DSA_SHA3_224_OID "2.16.840.1.101.3.4.3.5"
diff --git a/tests/cert-tests/data/gost-cert.pem b/tests/cert-tests/data/gost-cert.pem
index 8e6a5203e4..bf280349fd 100644
--- a/tests/cert-tests/data/gost-cert.pem
+++ b/tests/cert-tests/data/gost-cert.pem
@@ -17,7 +17,7 @@ X.509 Certificate Information:
 			43fe227895724f4e3a74f264e4fd0b800c082e03
 		Authority Key Identifier (not critical):
 			9875a3b785c1641b23344d9bfbae0c2a256b44eb
-	Signature Algorithm: 1.2.643.2.2.3
+	Signature Algorithm: GOSTR341001
 	Signature:
 		8f:37:24:fd:be:f0:37:d9:f3:1a:5c:31:5e:33:ef:35
 		61:93:07:03:3d:4d:e8:2c:1b:39:a2:6c:d4:2f:85:35