2 # PyGOST -- Pure Python GOST cryptographic functions library
3 # Copyright (C) 2015-2017 Sergey Matveev <stargrave@stargrave.org>
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 """GOST 34.12-2015 128-bit block cipher Кузнечик (Kuznechik)
19 :rfc:`7801`. Pay attention that 34.12-2015 also defines 64-bit block
20 cipher Магма (Magma) -- it is **not** implemented here, but in gost28147
23 Several precalculations are performed during this module importing.
26 from pygost.utils import strxor
27 from pygost.utils import xrange # pylint: disable=redefined-builtin
31 148, 32, 133, 16, 194, 192, 1, 251, 1, 192, 194, 16, 133, 32, 148, 1,
34 252, 238, 221, 17, 207, 110, 49, 22, 251, 196, 250, 218, 35, 197, 4, 77,
35 233, 119, 240, 219, 147, 46, 153, 186, 23, 54, 241, 187, 20, 205, 95, 193,
36 249, 24, 101, 90, 226, 92, 239, 33, 129, 28, 60, 66, 139, 1, 142, 79, 5,
37 132, 2, 174, 227, 106, 143, 160, 6, 11, 237, 152, 127, 212, 211, 31, 235,
38 52, 44, 81, 234, 200, 72, 171, 242, 42, 104, 162, 253, 58, 206, 204, 181,
39 112, 14, 86, 8, 12, 118, 18, 191, 114, 19, 71, 156, 183, 93, 135, 21, 161,
40 150, 41, 16, 123, 154, 199, 243, 145, 120, 111, 157, 158, 178, 177, 50, 117,
41 25, 61, 255, 53, 138, 126, 109, 84, 198, 128, 195, 189, 13, 87, 223, 245,
42 36, 169, 62, 168, 67, 201, 215, 121, 214, 246, 124, 34, 185, 3, 224, 15,
43 236, 222, 122, 148, 176, 188, 220, 232, 40, 80, 78, 51, 10, 74, 167, 151,
44 96, 115, 30, 0, 98, 68, 26, 184, 56, 130, 100, 159, 38, 65, 173, 69, 70,
45 146, 39, 94, 85, 47, 140, 163, 165, 125, 105, 213, 149, 59, 7, 88, 179, 64,
46 134, 172, 29, 247, 48, 55, 107, 228, 136, 217, 231, 137, 225, 27, 131, 73,
47 76, 63, 248, 254, 141, 83, 170, 144, 202, 216, 133, 97, 32, 113, 103, 164,
48 45, 43, 9, 91, 203, 155, 37, 208, 190, 229, 108, 82, 89, 166, 116, 210, 230,
49 244, 180, 192, 209, 102, 175, 194, 57, 75, 99, 182,
52 ########################################################################
53 # Precalculate inverted PI value as a performance optimization.
54 # Actually it can be computed only once and saved on the disk.
55 ########################################################################
56 PIinv = bytearray(256)
73 ########################################################################
74 # Precalculate all possible gf(byte, byte) values as a performance
76 # Actually it can be computed only once and saved on the disk.
77 ########################################################################
80 GF = [bytearray(256) for _ in xrange(256)]
87 def L(blk, rounds=16):
88 for _ in range(rounds):
90 for i in range(14, -1, -1):
92 t ^= GF[blk[i]][LC[i]]
102 t ^= GF[blk[i]][LC[i]]
106 ########################################################################
107 # Precalculate values of the C -- it does not depend on key.
108 # Actually it can be computed only once and saved on the disk.
109 ########################################################################
114 for x in range(1, 33):
121 return L([PI[v] for v in blk])
124 class GOST3412Kuz(object):
125 """GOST 34.12-2015 128-bit block cipher Кузнечик (Kuznechik)
127 def __init__(self, key):
129 :param key: encryption/decryption key
130 :type key: bytes, 32 bytes
132 Key scheduling (roundkeys precomputation) is performed here.
134 kr0 = bytearray(key[:16])
135 kr1 = bytearray(key[16:])
139 k = lp(bytearray(strxor(C[8 * i + j], kr0)))
140 kr0, kr1 = [strxor(k, kr1), kr0]
144 def encrypt(self, blk):
147 blk = lp(bytearray(strxor(self.ks[i], blk)))
148 return bytes(strxor(self.ks[9], blk))
150 def decrypt(self, blk):
152 for i in range(9, 0, -1):
153 blk = [PIinv[v] for v in Linv(bytearray(strxor(self.ks[i], blk)))]
154 return bytes(strxor(self.ks[0], blk))