Первоначальный коммит с изменениями для ГОСТ

Author: autotestagent

tls/src/main/java/org/bouncycastle/tls/CipherSuite.java

@@ -457,4 +457,5 @@ public static boolean isSCSV(int cipherSuite)
     public static final int TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC = 0xC100;
     public static final int TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC = 0xC101;
     public static final int TLS_GOSTR341112_256_WITH_28147_CNT_IMIT = 0xC102;
+    public static final int TLS_GOSTR3410_2012_256_WITH_GOSTR3411_2012_256 = 0x0083; // или свой ID
 }

tls/src/main/java/org/bouncycastle/tls/DefaultTlsClient.java

@@ -35,8 +35,16 @@ public DefaultTlsClient(TlsCrypto crypto)
         super(crypto);
     }
 
-    protected int[] getSupportedCipherSuites()
-    {
-        return TlsUtils.getSupportedCipherSuites(getCrypto(), DEFAULT_CIPHER_SUITES);
-    }
+  //  protected int[] getSupportedCipherSuites()
+  //  {
+  //      return TlsUtils.getSupportedCipherSuites(getCrypto(), DEFAULT_CIPHER_SUITES);
+  //  }
+
+    return new int[] {
+        CipherSuite.TLS_GOSTR3410_2012_256_WITH_GOSTR3411_2012_256,
+        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // и т.д.
+    };
+
 }
+
+

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsCrypto.java

@@ -70,6 +70,8 @@
 import org.bouncycastle.tls.crypto.impl.TlsNullCipher;
 import org.bouncycastle.util.Arrays;
 
+import main.java.org.bouncycastle.tls.crypto.impl.bc.BcTlsGost2012Signer;
+
 /**
  * Class for providing cryptographic services for TLS based on implementations in the BC light-weight API.
  * <p>
@@ -112,15 +114,31 @@ public TlsCertificate createCertificate(byte[] encoding)
     public TlsCertificate createCertificate(short type, byte[] encoding)
         throws IOException
     {
-        switch (type)
-        {
+    switch (type)
+    {
         case CertificateType.X509:
+        {
+            X509CertificateHolder certHolder = new X509CertificateHolder(encoding);
+            SubjectPublicKeyInfo spki = certHolder.getSubjectPublicKeyInfo();
+            ASN1ObjectIdentifier algOid = spki.getAlgorithm().getAlgorithm();
+
+            // Добавляем ГОСТ-обработку
+            if (algOid.equals(new ASN1ObjectIdentifier("1.2.643.7.1.1.1.1")))
+            {
+                // Обработка ГОСТ-2012-256 сертификата
+                return new BcTlsCertificate(this, encoding);
+            }
+
+            // По умолчанию
             return new BcTlsCertificate(this, encoding);
+        }
+
         case CertificateType.RawPublicKey:
             return new BcTlsRawKeyCertificate(this, encoding);
+
         default:
             throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
+    }
     }
 
     public TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm)
@@ -131,6 +149,10 @@ public TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAl
         case EncryptionAlgorithm.AES_128_CBC:
         case EncryptionAlgorithm.ARIA_128_CBC:
         case EncryptionAlgorithm.CAMELLIA_128_CBC:
+        case CipherAlgorithm.kuznyechik: // <- добавить свой enum
+            return new BcGOSTTlsCipher(cryptoParams, this, new KuznyechikEngine(), new GOST3413Mac());
+        // ...
+
         case EncryptionAlgorithm.SEED_CBC:
         case EncryptionAlgorithm.SM4_CBC:
             return createCipher_CBC(cryptoParams, encryptionAlgorithm, 16, macAlgorithm);
@@ -428,6 +450,8 @@ public boolean hasSignatureAlgorithm(short signatureAlgorithm)
         // TODO[RFC 9189]
         case SignatureAlgorithm.gostr34102012_256:
         case SignatureAlgorithm.gostr34102012_512:
+        case SignatureAlgorithm.gostR3410_2012_256:
+        return new BcTlsGost2012Signer(this, new ECGOST3410_2012Signer()); // пример
 
         // TODO[RFC 8998]
 //        case SignatureAlgorithm.sm2: