Merge branch 'gost-priorities' into 'master'

Extend GOST priority settings and documentation

See merge request gnutls/gnutls!1160

2 files changed, 28 insertions, 7 deletions

diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 969aa5c86f..75ac509e34 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1422,20 +1422,23 @@ appended with an algorithm will add this algorithm.
 @multitable @columnfractions .20 .70
 @headitem Type @tab Keywords
 @item Ciphers @tab
-Examples are AES-128-GCM, AES-256-GCM, AES-256-CBC; see also
+Examples are AES-128-GCM, AES-256-GCM, AES-256-CBC, GOST28147-TC26Z-CNT; see also
 @ref{tab:ciphers} for more options. Catch all name is CIPHER-ALL which will add
-all the algorithms from NORMAL priority.
+all the algorithms from NORMAL priority. The shortcut for secure GOST
+algorithms is CIPHER-GOST-ALL.
 
 @item Key exchange @tab
 RSA, DHE-RSA, DHE-DSS, SRP, SRP-RSA, SRP-DSS,
-PSK, DHE-PSK, ECDHE-PSK, ECDHE-RSA, ECDHE-ECDSA, ANON-ECDH, ANON-DH. The
+PSK, DHE-PSK, ECDHE-PSK, ECDHE-RSA, ECDHE-ECDSA, VKO-GOST-12, ANON-ECDH, ANON-DH.
 Catch all name is KX-ALL which will add all the algorithms from NORMAL
 priority. Under TLS1.3, the DHE-PSK and ECDHE-PSK strings are equivalent
-and instruct for a Diffie-Hellman key exchange using the enabled groups.
+and instruct for a Diffie-Hellman key exchange using the enabled groups. The
+shortcut for secure GOST algorithms is KX-GOST-ALL.
 
 @item MAC @tab
-MD5, SHA1, SHA256, SHA384, AEAD (used with
-GCM ciphers only). All algorithms from NORMAL priority can be accessed with MAC-ALL.
+MD5, SHA1, SHA256, SHA384, GOST28147-TC26Z-IMIT, AEAD (used with
+GCM ciphers only). All algorithms from NORMAL priority can be accessed with
+MAC-ALL. The shortcut for secure GOST algorithms is MAC-GOST-ALL.
 
 @item Compression algorithms @tab
 COMP-NULL, COMP-DEFLATE. Catch all is COMP-ALL.
@@ -1452,8 +1455,10 @@ SIGN-RSA-SHA1, SIGN-RSA-SHA224,
 SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-DSA-SHA1,
 SIGN-DSA-SHA224, SIGN-DSA-SHA256, SIGN-RSA-MD5, SIGN-ECDSA-SHA1,
 SIGN-ECDSA-SHA224, SIGN-ECDSA-SHA256, SIGN-ECDSA-SHA384, SIGN-ECDSA-SHA512,
-SIGN-RSA-PSS-SHA256, SIGN-RSA-PSS-SHA384, SIGN-RSA-PSS-SHA512.
+SIGN-RSA-PSS-SHA256, SIGN-RSA-PSS-SHA384, SIGN-RSA-PSS-SHA512,
+SIGN-GOSTR341001, SIGN-GOSTR341012-256, SIGN-GOSTR341012-512.
 Catch all which enables all algorithms from NORMAL priority is SIGN-ALL.
+Shortcut which enables secure GOST algorithms is SIGN-GOST-ALL.
 This option is only considered for TLS 1.2 and later.
 
 @item Groups @tab
@@ -1485,6 +1490,11 @@ CTYPE-CLI-RAWPK, CTYPE-SRV-RAWPK can be used to specialize on client or server;
 catch all is CTYPE-CLI-ALL and CTYPE-SRV-ALL. The type 'X509' is aliased to 'X.509'
 for legacy reasons.
 
+@item Generic @tab
+The keyword GOST is a shortcut for secure GOST algorithms (MACs, ciphers,
+KXes, groups and signatures). For example the following string will enable all
+TLS 1.2 GOST ciphersuites: 'NONE:+VERS-TLS1.2:+GOST'.
+
 @end multitable
 @caption{The supported algorithm keywords in priority strings.}
 @end float
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index b95abc6b81..6600fe9890 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -179,6 +179,12 @@ ARCFOUR-128 is a compatible algorithm with RSA's RC4 algorithm, which is conside
 secret. It is a considered to be broken, and is only used for compatibility
 purposed. For this reason it is not enabled by default.
 
+@item GOST28147-TC26Z-CNT @tab
+Legacy (stream) @tab
+TLS 1.2 @tab
+This is a 64-bit block cipher GOST 28147-89 with TC26Z S-Box working in CNT
+mode. It is one of the approved ciphers in Russia. It is not enabled by default.
+
 @item NULL @tab
 Legacy (stream) @tab
 TLS 1.0, TLS 1.1, TLS 1.2 @tab
@@ -211,6 +217,11 @@ An HMAC based on SHA2-256. Outputs 256 bits of data.
 @item MAC-SHA384 @tab
 An HMAC based on SHA2-384. Outputs 384 bits of data.
 
+@item GOST28147-TC26Z-IMIT @tab
+This is a 64-bit block cipher GOST 28147-89 with TC26Z S-Box working in special
+MAC mode called Imitovstavks. It is one of the approved MAC algorithms in
+Russia. Outputs 32 bits of data. It is not enabled by default.
+
 @item MAC-AEAD @tab
 This indicates that an authenticated encryption algorithm, such as
 GCM, is in use.