X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=src%2Fcypherpunks.ru%2Fgogost%2Fgost3410%2Fprivate.go;h=045c8185b94458e7ad2c9be153bd37eeb99f04ed;hb=91562b3cf4aad503c493aa7b69abfbb07b46e63a;hp=709e61bb93d0efa713b92586e87e5636d1f7049c;hpb=e41421bfc5a91e6c0ef85144704c293130553242;p=gogost.git diff --git a/src/cypherpunks.ru/gogost/gost3410/private.go b/src/cypherpunks.ru/gogost/gost3410/private.go index 709e61b..045c818 100644 --- a/src/cypherpunks.ru/gogost/gost3410/private.go +++ b/src/cypherpunks.ru/gogost/gost3410/private.go @@ -1,10 +1,9 @@ // GoGOST -- Pure Go GOST cryptographic functions library -// Copyright (C) 2015-2016 Sergey Matveev +// Copyright (C) 2015-2019 Sergey Matveev // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. +// the Free Software Foundation, version 3 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -17,63 +16,62 @@ package gost3410 import ( + "crypto" "errors" "io" "math/big" - - "cypherpunks.ru/gogost/gost28147" - "cypherpunks.ru/gogost/gost341194" ) type PrivateKey struct { - c *Curve - ds int - key *big.Int + C *Curve + Mode Mode + Key *big.Int } -func NewPrivateKey(curve *Curve, ds DigestSize, raw []byte) (*PrivateKey, error) { - key := make([]byte, len(raw)) - copy(key, raw) - reverse(key) +func NewPrivateKey(curve *Curve, mode Mode, raw []byte) (*PrivateKey, error) { + if len(raw) != int(mode) { + return nil, errors.New("Invalid private key length") + } + key := make([]byte, int(mode)) + for i := 0; i < len(key); i++ { + key[i] = raw[len(raw)-i-1] + } k := bytes2big(key) if k.Cmp(zero) == 0 { - return nil, errors.New("zero private key") + return nil, errors.New("Zero private key") } - return &PrivateKey{curve, int(ds), k}, nil + return &PrivateKey{curve, mode, k}, nil } -func GenPrivateKey(curve *Curve, ds DigestSize, rand io.Reader) (*PrivateKey, error) { - raw := make([]byte, int(ds)) +func GenPrivateKey(curve *Curve, mode Mode, rand io.Reader) (*PrivateKey, error) { + raw := make([]byte, int(mode)) if _, err := io.ReadFull(rand, raw); err != nil { return nil, err } - return NewPrivateKey(curve, ds, raw) + return NewPrivateKey(curve, mode, raw) } -func (pk *PrivateKey) Raw() []byte { - raw := pad(pk.key.Bytes(), pk.ds) +func (prv *PrivateKey) Raw() []byte { + raw := pad(prv.Key.Bytes(), int(prv.Mode)) reverse(raw) return raw } -func (pk *PrivateKey) PublicKey() (*PublicKey, error) { - x, y, err := pk.c.Exp(pk.key, pk.c.Bx, pk.c.By) +func (prv *PrivateKey) PublicKey() (*PublicKey, error) { + x, y, err := prv.C.Exp(prv.Key, prv.C.X, prv.C.Y) if err != nil { return nil, err } - return &PublicKey{pk.c, pk.ds, x, y}, nil + return &PublicKey{prv.C, prv.Mode, x, y}, nil } -func (pk *PrivateKey) SignDigest(digest []byte, rand io.Reader) ([]byte, error) { - if len(digest) != pk.ds { - return nil, errors.New("Invalid input digest length") - } +func (prv *PrivateKey) SignDigest(digest []byte, rand io.Reader) ([]byte, error) { e := bytes2big(digest) - e.Mod(e, pk.c.Q) + e.Mod(e, prv.C.Q) if e.Cmp(zero) == 0 { e = big.NewInt(1) } - kRaw := make([]byte, pk.ds) + kRaw := make([]byte, int(prv.Mode)) var err error var k *big.Int var r *big.Int @@ -84,53 +82,39 @@ Retry: return nil, err } k = bytes2big(kRaw) - k.Mod(k, pk.c.Q) + k.Mod(k, prv.C.Q) if k.Cmp(zero) == 0 { goto Retry } - r, _, err = pk.c.Exp(k, pk.c.Bx, pk.c.By) + r, _, err = prv.C.Exp(k, prv.C.X, prv.C.Y) if err != nil { return nil, err } - r.Mod(r, pk.c.Q) + r.Mod(r, prv.C.Q) if r.Cmp(zero) == 0 { goto Retry } - d.Mul(pk.key, r) + d.Mul(prv.Key, r) k.Mul(k, e) s.Add(d, k) - s.Mod(s, pk.c.Q) + s.Mod(s, prv.C.Q) if s.Cmp(zero) == 0 { goto Retry } - return append(pad(s.Bytes(), pk.ds), pad(r.Bytes(), pk.ds)...), nil + return append( + pad(s.Bytes(), int(prv.Mode)), + pad(r.Bytes(), int(prv.Mode))..., + ), nil } -// Make Diffie-Hellman computation. Key Encryption Key calculation. -// UKM is user keying material, also called VKO-factor, 8-bytes long. -// It is based on RFC 4357 VKO GOST R 34.10-2001 with little-endian hash -// output. -func (pk *PrivateKey) KEK(pub *PublicKey, ukm []byte) ([]byte, error) { - if len(ukm) != 8 { - return nil, errors.New("UKM must be 8 bytes long") - } - keyX, keyY, err := pk.c.Exp(pk.key, pub.x, pub.y) - if err != nil { - return nil, err - } - t := make([]byte, DigestSize2001) - copy(t[int(DigestSize2001)-len(ukm):], ukm) - keyX, keyY, err = pk.c.Exp(bytes2big(t), keyX, keyY) +func (prv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) { + return prv.SignDigest(digest, rand) +} + +func (prv *PrivateKey) Public() crypto.PublicKey { + pub, err := prv.PublicKey() if err != nil { - return nil, err + panic(err) } - h := gost341194.New(&gost28147.GostR3411_94_CryptoProParamSet) - copy(t, pad(keyX.Bytes(), int(DigestSize2001))) - reverse(t) - h.Write(t) - copy(t, pad(keyY.Bytes(), int(DigestSize2001))) - reverse(t) - h.Write(t) - t = h.Sum(t[:0]) - return t, nil + return pub }