X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=pygost%2Fgost28147.py;h=37760b909204f20c36cd5611843ddfdd6c7e05ec;hb=fa193af6abe5fcba3f74514a1900fc958eff8e37;hp=e42de8107f7a7780d5b4c88130a19da57d6cd08d;hpb=dacca17a69ca9a920bf69bc1dc47386bdd6d4def;p=pygost.git

diff --git a/pygost/gost28147.py b/pygost/gost28147.py
index e42de81..37760b9 100644
--- a/pygost/gost28147.py
+++ b/pygost/gost28147.py
@@ -24,8 +24,9 @@ data lengths.
 
 from functools import partial
 
-from pygost.gost3413 import pad1
 from pygost.gost3413 import pad2
+from pygost.gost3413 import pad_size
+from pygost.gost3413 import unpad2
 from pygost.utils import hexdec
 from pygost.utils import strxor
 from pygost.utils import xrange  # pylint: disable=redefined-builtin
@@ -123,16 +124,6 @@ SBOXES = {
         (13, 14, 4, 1, 7, 0, 5, 10, 3, 12, 8, 15, 6, 2, 9, 11),
         (1, 3, 10, 9, 5, 11, 4, 15, 8, 6, 7, 14, 13, 0, 2, 12),
     ),
-    "AppliedCryptography": (
-        (4, 10, 9, 2, 13, 8, 0, 14, 6, 11, 1, 12, 7, 15, 5, 3),
-        (14, 11, 4, 12, 6, 13, 15, 10, 2, 3, 8, 1, 0, 7, 5, 9),
-        (5, 8, 1, 13, 10, 3, 4, 2, 14, 15, 12, 7, 6, 0, 9, 11),
-        (7, 13, 10, 1, 0, 8, 9, 15, 14, 4, 6, 12, 11, 2, 5, 3),
-        (6, 12, 7, 1, 5, 15, 13, 8, 4, 10, 9, 14, 0, 3, 11, 2),
-        (4, 11, 10, 0, 7, 2, 1, 13, 3, 6, 8, 5, 9, 12, 15, 14),
-        (13, 11, 4, 1, 3, 15, 5, 9, 0, 10, 14, 7, 6, 8, 2, 12),
-        (1, 15, 13, 0, 5, 7, 10, 4, 9, 2, 3, 14, 6, 11, 8, 12),
-    ),
     "Gost28147_tc26_ParamZ": (
         (12, 4, 6, 2, 10, 5, 11, 9, 14, 8, 13, 7, 0, 3, 15, 1),
         (6, 8, 2, 3, 9, 10, 5, 12, 1, 14, 4, 7, 11, 13, 0, 15),
@@ -154,6 +145,7 @@ SBOXES = {
         (7, 14, 12, 13, 9, 4, 8, 15, 10, 2, 6, 0, 3, 11, 5, 1),
     ),
 }
+SBOXES["AppliedCryptography"] = SBOXES["GostR3411_94_TestParamSet"]
 
 
 def _K(s, _in):
@@ -347,14 +339,7 @@ def cbc_decrypt(key, data, pad=True, sbox=DEFAULT_SBOX):
             data[i - BLOCKSIZE:i],
         ))
     if pad:
-        last_block = bytearray(plaintext[-1])
-        pad_index = last_block.rfind(b"\x80")
-        if pad_index == -1:
-            raise ValueError("Invalid padding")
-        for c in last_block[pad_index + 1:]:
-            if c != 0:
-                raise ValueError("Invalid padding")
-        plaintext[-1] = bytes(last_block[:pad_index])
+        plaintext[-1] = unpad2(plaintext[-1], BLOCKSIZE)
     return b"".join(plaintext)
 
 
@@ -378,14 +363,12 @@ def cnt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX):
     if not data:
         raise ValueError("No data supplied")
     n2, n1 = encrypt(sbox, key, block2ns(iv))
-    size = len(data)
-    data = pad1(data, BLOCKSIZE)
     gamma = []
-    for _ in xrange(0, len(data), BLOCKSIZE):
+    for _ in xrange(0, len(data) + pad_size(len(data), BLOCKSIZE), BLOCKSIZE):
         n1 = addmod(n1, C2, 2 ** 32)
         n2 = addmod(n2, C1, 2 ** 32 - 1)
         gamma.append(ns2block(encrypt(sbox, key, (n1, n2))))
-    return strxor(b"".join(gamma), data[:size])
+    return strxor(b"".join(gamma), data)
 
 
 MESH_CONST = hexdec("6900722264C904238D3ADB9646E92AC418FEAC9400ED0712C086DCC2EF4CA92B")
@@ -418,10 +401,8 @@ def cfb_encrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
     validate_sbox(sbox)
     if not data:
         raise ValueError("No data supplied")
-    size = len(data)
-    data = pad1(data, BLOCKSIZE)
     ciphertext = [iv]
-    for i in xrange(0, len(data), BLOCKSIZE):
+    for i in xrange(0, len(data) + pad_size(len(data), BLOCKSIZE), BLOCKSIZE):
         if mesh and i >= MESH_MAX_DATA and i % MESH_MAX_DATA == 0:
             key, iv = meshing(key, ciphertext[-1], sbox=sbox)
             ciphertext.append(strxor(
@@ -433,7 +414,7 @@ def cfb_encrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
             data[i:i + BLOCKSIZE],
             ns2block(encrypt(sbox, key, block2ns(ciphertext[-1]))),
         ))
-    return b"".join(ciphertext[1:])[:size]
+    return b"".join(ciphertext[1:])
 
 
 def cfb_decrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
@@ -454,11 +435,9 @@ def cfb_decrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
     validate_sbox(sbox)
     if not data:
         raise ValueError("No data supplied")
-    size = len(data)
-    data = pad1(data, BLOCKSIZE)
     plaintext = []
     data = iv + data
-    for i in xrange(BLOCKSIZE, len(data), BLOCKSIZE):
+    for i in xrange(BLOCKSIZE, len(data) + pad_size(len(data), BLOCKSIZE), BLOCKSIZE):
         if (
                 mesh and
                 (i - BLOCKSIZE) >= MESH_MAX_DATA and
@@ -474,4 +453,4 @@ def cfb_decrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
             data[i:i + BLOCKSIZE],
             ns2block(encrypt(sbox, key, block2ns(data[i - BLOCKSIZE:i]))),
         ))
-    return b"".join(plaintext)[:size]
+    return b"".join(plaintext)