X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=pygost%2Fgost28147.py;h=a7bd2ee5f96f2a442a4c47068d94d14863c5fadb;hb=21a30721c31912c296e1faced73e2fd0db191be9;hp=6727fe394505864b8131dfb727a5f5bd43a274da;hpb=c5a63fc144c59342e32304e4e86b2bad479a8187;p=pygost.git

diff --git a/pygost/gost28147.py b/pygost/gost28147.py
index 6727fe3..a7bd2ee 100644
--- a/pygost/gost28147.py
+++ b/pygost/gost28147.py
@@ -1,6 +1,6 @@
 # coding: utf-8
 # PyGOST -- Pure Python GOST cryptographic functions library
-# Copyright (C) 2015-2016 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -24,11 +24,12 @@ data lengths.
 
 from functools import partial
 
-from pygost.gost3413 import pad1
 from pygost.gost3413 import pad2
+from pygost.gost3413 import pad_size
+from pygost.gost3413 import unpad2
 from pygost.utils import hexdec
 from pygost.utils import strxor
-from pygost.utils import xrange
+from pygost.utils import xrange  # pylint: disable=redefined-builtin
 
 
 KEYSIZE = 32
@@ -123,16 +124,6 @@ SBOXES = {
         (13, 14, 4, 1, 7, 0, 5, 10, 3, 12, 8, 15, 6, 2, 9, 11),
         (1, 3, 10, 9, 5, 11, 4, 15, 8, 6, 7, 14, 13, 0, 2, 12),
     ),
-    "AppliedCryptography": (
-        (4, 10, 9, 2, 13, 8, 0, 14, 6, 11, 1, 12, 7, 15, 5, 3),
-        (14, 11, 4, 12, 6, 13, 15, 10, 2, 3, 8, 1, 0, 7, 5, 9),
-        (5, 8, 1, 13, 10, 3, 4, 2, 14, 15, 12, 7, 6, 0, 9, 11),
-        (7, 13, 10, 1, 0, 8, 9, 15, 14, 4, 6, 12, 11, 2, 5, 3),
-        (6, 12, 7, 1, 5, 15, 13, 8, 4, 10, 9, 14, 0, 3, 11, 2),
-        (4, 11, 10, 0, 7, 2, 1, 13, 3, 6, 8, 5, 9, 12, 15, 14),
-        (13, 11, 4, 1, 3, 15, 5, 9, 0, 10, 14, 7, 6, 8, 2, 12),
-        (1, 15, 13, 0, 5, 7, 10, 4, 9, 2, 3, 14, 6, 11, 8, 12),
-    ),
     "Gost28147_tc26_ParamZ": (
         (12, 4, 6, 2, 10, 5, 11, 9, 14, 8, 13, 7, 0, 3, 15, 1),
         (6, 8, 2, 3, 9, 10, 5, 12, 1, 14, 4, 7, 11, 13, 0, 15),
@@ -154,6 +145,7 @@ SBOXES = {
         (7, 14, 12, 13, 9, 4, 8, 15, 10, 2, 6, 0, 3, 11, 5, 1),
     ),
 }
+SBOXES["AppliedCryptography"] = SBOXES["GostR3411_94_TestParamSet"]
 
 
 def _K(s, _in):
@@ -161,7 +153,7 @@ def _K(s, _in):
 
     :param s: S-box
     :param _in: 32-bit word
-    :return: substituted 32-bit word
+    :returns: substituted 32-bit word
     """
     return (
         (s[0][(_in >> 0) & 0x0F] << 0) +
@@ -232,7 +224,7 @@ def xcrypt(seq, sbox, key, ns):
     :param bytes key: 256-bit encryption key
     :param ns: N1 and N2 integers
     :type ns: (int, int)
-    :return: resulting N1 and N2
+    :returns: resulting N1 and N2
     :rtype: (int, int)
     """
     s = SBOXES[sbox]
@@ -267,10 +259,10 @@ def ecb(key, data, action, sbox=DEFAULT_SBOX):
     :param bytes key: encryption key
     :param data: plaintext
     :type data: bytes, multiple of BLOCKSIZE
-    :param func action: encrypt/decrypt
+    :param func action: "encrypt"/"decrypt"
     :param sbox: S-box parameters to use
     :type sbox: str, SBOXES'es key
-    :return: ciphertext
+    :returns: ciphertext
     :rtype: bytes
     """
     validate_key(key)
@@ -289,7 +281,7 @@ ecb_encrypt = partial(ecb, action=encrypt)
 ecb_decrypt = partial(ecb, action=decrypt)
 
 
-def cbc_encrypt(key, data, iv=8 * b"\x00", pad=True, sbox=DEFAULT_SBOX):
+def cbc_encrypt(key, data, iv=8 * b"\x00", pad=True, sbox=DEFAULT_SBOX, mesh=False):
     """ CBC encryption mode of operation
 
     :param bytes key: encryption key
@@ -299,7 +291,8 @@ def cbc_encrypt(key, data, iv=8 * b"\x00", pad=True, sbox=DEFAULT_SBOX):
     :type bool pad: perform ISO/IEC 7816-4 padding
     :param sbox: S-box parameters to use
     :type sbox: str, SBOXES'es key
-    :return: ciphertext
+    :param bool mesh: enable key meshing
+    :returns: ciphertext
     :rtype: bytes
 
     34.13-2015 padding method 2 is used.
@@ -315,23 +308,24 @@ def cbc_encrypt(key, data, iv=8 * b"\x00", pad=True, sbox=DEFAULT_SBOX):
         raise ValueError("Data is not blocksize aligned")
     ciphertext = [iv]
     for i in xrange(0, len(data), BLOCKSIZE):
+        if mesh and i >= MESH_MAX_DATA and i % MESH_MAX_DATA == 0:
+            key, _ = meshing(key, iv, sbox=sbox)
         ciphertext.append(ns2block(encrypt(sbox, key, block2ns(
             strxor(ciphertext[-1], data[i:i + BLOCKSIZE])
         ))))
     return b"".join(ciphertext)
 
 
-def cbc_decrypt(key, data, pad=True, sbox=DEFAULT_SBOX):
+def cbc_decrypt(key, data, pad=True, sbox=DEFAULT_SBOX, mesh=False):
     """ CBC decryption mode of operation
 
     :param bytes key: encryption key
     :param bytes data: ciphertext
-    :param iv: initialization vector
-    :type iv: bytes, BLOCKSIZE length
     :type bool pad: perform ISO/IEC 7816-4 unpadding after decryption
     :param sbox: S-box parameters to use
     :type sbox: str, SBOXES'es key
-    :return: plaintext
+    :param bool mesh: enable key meshing
+    :returns: plaintext
     :rtype: bytes
     """
     validate_key(key)
@@ -340,21 +334,21 @@ def cbc_decrypt(key, data, pad=True, sbox=DEFAULT_SBOX):
         raise ValueError("Data is not blocksize aligned")
     if len(data) < 2 * BLOCKSIZE:
         raise ValueError("There is no either data, or IV in ciphertext")
+    iv = data[:BLOCKSIZE]
     plaintext = []
     for i in xrange(BLOCKSIZE, len(data), BLOCKSIZE):
+        if (
+                mesh and
+                (i - BLOCKSIZE) >= MESH_MAX_DATA and
+                (i - BLOCKSIZE) % MESH_MAX_DATA == 0
+        ):
+            key, _ = meshing(key, iv, sbox=sbox)
         plaintext.append(strxor(
             ns2block(decrypt(sbox, key, block2ns(data[i:i + BLOCKSIZE]))),
             data[i - BLOCKSIZE:i],
         ))
     if pad:
-        last_block = bytearray(plaintext[-1])
-        pad_index = last_block.rfind(b"\x80")
-        if pad_index == -1:
-            raise ValueError("Invalid padding")
-        for c in last_block[pad_index + 1:]:
-            if c != 0:
-                raise ValueError("Invalid padding")
-        plaintext[-1] = bytes(last_block[:pad_index])
+        plaintext[-1] = unpad2(plaintext[-1], BLOCKSIZE)
     return b"".join(plaintext)
 
 
@@ -367,7 +361,7 @@ def cnt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX):
     :type iv: bytes, BLOCKSIZE length
     :param sbox: S-box parameters to use
     :type sbox: str, SBOXES'es key
-    :return: ciphertext
+    :returns: ciphertext
     :rtype: bytes
 
     For decryption you use the same function again.
@@ -378,14 +372,12 @@ def cnt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX):
     if not data:
         raise ValueError("No data supplied")
     n2, n1 = encrypt(sbox, key, block2ns(iv))
-    size = len(data)
-    data = pad1(data, BLOCKSIZE)
     gamma = []
-    for _ in xrange(0, len(data), BLOCKSIZE):
+    for _ in xrange(0, len(data) + pad_size(len(data), BLOCKSIZE), BLOCKSIZE):
         n1 = addmod(n1, C2, 2 ** 32)
         n2 = addmod(n2, C1, 2 ** 32 - 1)
         gamma.append(ns2block(encrypt(sbox, key, (n1, n2))))
-    return strxor(b"".join(gamma), data[:size])
+    return strxor(b"".join(gamma), data)
 
 
 MESH_CONST = hexdec("6900722264C904238D3ADB9646E92AC418FEAC9400ED0712C086DCC2EF4CA92B")
@@ -410,7 +402,7 @@ def cfb_encrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
     :param sbox: S-box parameters to use
     :type sbox: str, SBOXES'es key
     :param bool mesh: enable key meshing
-    :return: ciphertext
+    :returns: ciphertext
     :rtype: bytes
     """
     validate_key(key)
@@ -418,10 +410,8 @@ def cfb_encrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
     validate_sbox(sbox)
     if not data:
         raise ValueError("No data supplied")
-    size = len(data)
-    data = pad1(data, BLOCKSIZE)
     ciphertext = [iv]
-    for i in xrange(0, len(data), BLOCKSIZE):
+    for i in xrange(0, len(data) + pad_size(len(data), BLOCKSIZE), BLOCKSIZE):
         if mesh and i >= MESH_MAX_DATA and i % MESH_MAX_DATA == 0:
             key, iv = meshing(key, ciphertext[-1], sbox=sbox)
             ciphertext.append(strxor(
@@ -433,7 +423,7 @@ def cfb_encrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
             data[i:i + BLOCKSIZE],
             ns2block(encrypt(sbox, key, block2ns(ciphertext[-1]))),
         ))
-    return b"".join(ciphertext[1:])[:size]
+    return b"".join(ciphertext[1:])
 
 
 def cfb_decrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
@@ -446,7 +436,7 @@ def cfb_decrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
     :param sbox: S-box parameters to use
     :type sbox: str, SBOXES'es key
     :param bool mesh: enable key meshing
-    :return: ciphertext
+    :returns: ciphertext
     :rtype: bytes
     """
     validate_key(key)
@@ -454,11 +444,9 @@ def cfb_decrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
     validate_sbox(sbox)
     if not data:
         raise ValueError("No data supplied")
-    size = len(data)
-    data = pad1(data, BLOCKSIZE)
     plaintext = []
     data = iv + data
-    for i in xrange(BLOCKSIZE, len(data), BLOCKSIZE):
+    for i in xrange(BLOCKSIZE, len(data) + pad_size(len(data), BLOCKSIZE), BLOCKSIZE):
         if (
                 mesh and
                 (i - BLOCKSIZE) >= MESH_MAX_DATA and
@@ -474,4 +462,4 @@ def cfb_decrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
             data[i:i + BLOCKSIZE],
             ns2block(encrypt(sbox, key, block2ns(data[i - BLOCKSIZE:i]))),
         ))
-    return b"".join(plaintext)[:size]
+    return b"".join(plaintext)