2 # PyGOST -- Pure Python GOST cryptographic functions library
3 # Copyright (C) 2015-2017 Sergey Matveev <stargrave@stargrave.org>
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 """GOST 34.12-2015 64 and 128 bit block ciphers (:rfc:`7801`)
19 Several precalculations are performed during this module importing.
22 from pygost.gost28147 import block2ns as gost28147_block2ns
23 from pygost.gost28147 import decrypt as gost28147_decrypt
24 from pygost.gost28147 import encrypt as gost28147_encrypt
25 from pygost.gost28147 import ns2block as gost28147_ns2block
26 from pygost.utils import strxor
27 from pygost.utils import xrange # pylint: disable=redefined-builtin
31 148, 32, 133, 16, 194, 192, 1, 251, 1, 192, 194, 16, 133, 32, 148, 1,
34 252, 238, 221, 17, 207, 110, 49, 22, 251, 196, 250, 218, 35, 197, 4, 77,
35 233, 119, 240, 219, 147, 46, 153, 186, 23, 54, 241, 187, 20, 205, 95, 193,
36 249, 24, 101, 90, 226, 92, 239, 33, 129, 28, 60, 66, 139, 1, 142, 79, 5,
37 132, 2, 174, 227, 106, 143, 160, 6, 11, 237, 152, 127, 212, 211, 31, 235,
38 52, 44, 81, 234, 200, 72, 171, 242, 42, 104, 162, 253, 58, 206, 204, 181,
39 112, 14, 86, 8, 12, 118, 18, 191, 114, 19, 71, 156, 183, 93, 135, 21, 161,
40 150, 41, 16, 123, 154, 199, 243, 145, 120, 111, 157, 158, 178, 177, 50, 117,
41 25, 61, 255, 53, 138, 126, 109, 84, 198, 128, 195, 189, 13, 87, 223, 245,
42 36, 169, 62, 168, 67, 201, 215, 121, 214, 246, 124, 34, 185, 3, 224, 15,
43 236, 222, 122, 148, 176, 188, 220, 232, 40, 80, 78, 51, 10, 74, 167, 151,
44 96, 115, 30, 0, 98, 68, 26, 184, 56, 130, 100, 159, 38, 65, 173, 69, 70,
45 146, 39, 94, 85, 47, 140, 163, 165, 125, 105, 213, 149, 59, 7, 88, 179, 64,
46 134, 172, 29, 247, 48, 55, 107, 228, 136, 217, 231, 137, 225, 27, 131, 73,
47 76, 63, 248, 254, 141, 83, 170, 144, 202, 216, 133, 97, 32, 113, 103, 164,
48 45, 43, 9, 91, 203, 155, 37, 208, 190, 229, 108, 82, 89, 166, 116, 210, 230,
49 244, 180, 192, 209, 102, 175, 194, 57, 75, 99, 182,
52 ########################################################################
53 # Precalculate inverted PI value as a performance optimization.
54 # Actually it can be computed only once and saved on the disk.
55 ########################################################################
56 PIinv = bytearray(256)
73 ########################################################################
74 # Precalculate all possible gf(byte, byte) values as a performance
76 # Actually it can be computed only once and saved on the disk.
77 ########################################################################
80 GF = [bytearray(256) for _ in xrange(256)]
87 def L(blk, rounds=16):
88 for _ in range(rounds):
90 for i in range(14, -1, -1):
92 t ^= GF[blk[i]][LC[i]]
102 t ^= GF[blk[i]][LC[i]]
106 ########################################################################
107 # Precalculate values of the C -- it does not depend on key.
108 # Actually it can be computed only once and saved on the disk.
109 ########################################################################
114 for x in range(1, 33):
121 return L([PI[v] for v in blk])
124 class GOST3412Kuznechik(object):
125 """GOST 34.12-2015 128-bit block cipher Кузнечик (Kuznechik)
127 def __init__(self, key):
129 :param key: encryption/decryption key
130 :type key: bytes, 32 bytes
132 Key scheduling (roundkeys precomputation) is performed here.
134 kr0 = bytearray(key[:16])
135 kr1 = bytearray(key[16:])
139 k = lp(bytearray(strxor(C[8 * i + j], kr0)))
140 kr0, kr1 = [strxor(k, kr1), kr0]
144 def encrypt(self, blk):
147 blk = lp(bytearray(strxor(self.ks[i], blk)))
148 return bytes(strxor(self.ks[9], blk))
150 def decrypt(self, blk):
152 for i in range(9, 0, -1):
153 blk = [PIinv[v] for v in Linv(bytearray(strxor(self.ks[i], blk)))]
154 return bytes(strxor(self.ks[0], blk))
157 class GOST3412Magma(object):
158 """GOST 34.12-2015 64-bit block cipher Магма (Magma)
160 def __init__(self, key):
162 :param key: encryption/decryption key
163 :type key: bytes, 32 bytes
165 # Backward compatibility key preparation for 28147-89 key schedule
166 self.key = b"".join(key[i * 4:i * 4 + 4][::-1] for i in range(8))
167 self.sbox = "Gost28147_tc26_ParamZ"
169 def encrypt(self, blk):
170 return gost28147_ns2block(gost28147_encrypt(
173 gost28147_block2ns(blk[::-1]),
176 def decrypt(self, blk):
177 return gost28147_ns2block(gost28147_decrypt(
180 gost28147_block2ns(blk[::-1]),