* MGM AEAD mode for 64 and 128 bit ciphers (Р 1323565.1.026–2019)
* CTR-ACPKM, OMAC-ACPKM-Master modes of operation (Р 1323565.1.017-2018)
* KExp15/KImp15 key export/import functions (Р 1323565.1.017-2018)
+* KDF_GOSTR3411_2012_256, KDF_TREE_GOSTR3411_2012_256 (Р 50.1.113-2016)
+* KEG export key generation function (Р 1323565.1.020-2018)
* PEP247-compatible hash/MAC functions
Known problems: low performance and non time-constant calculations.
@item CTR-ACPKM mode of operation
@item OMAC-ACPKM-Master moder of operation
@item KExp15/KImp15 key export/import functions
+ @item KDF_GOSTR3411_2012_256, KDF_TREE_GOSTR3411_2012_256
+ @item KEG export key generation function
@end itemize
@anchor{Release 4.8}
--- /dev/null
+# coding: utf-8
+# PyGOST -- Pure Python GOST cryptographic functions library
+# Copyright (C) 2015-2020 Sergey Matveev <stargrave@stargrave.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""Key derivation functions, Р 50.1.113-2016, Р 1323565.1.020-2018
+"""
+
+import hmac
+
+from pygost.gost3410_vko import kek_34102012256
+from pygost.gost3410_vko import kek_34102012512
+from pygost.gost34112012256 import GOST34112012256
+from pygost.utils import bytes2long
+from pygost.utils import long2bytes
+
+
+def kdf_gostr3411_2012_256(key, label, seed):
+ """KDF_GOSTR3411_2012_256
+
+ :param bytes key: initial key
+ :param bytes label: label
+ :param bytes seed: seed
+ :returns: 32 bytes
+ """
+ return hmac.new(
+ key=key,
+ msg=b"".join((b"\x01", label, b"\x00", seed, b"\x01\x00")),
+ digestmod=GOST34112012256,
+ ).digest()
+
+
+def kdf_tree_gostr3411_2012_256(key, label, seed, keys, i_len=1):
+ """KDF_TREE_GOSTR3411_2012_256
+
+ :param bytes key: initial key
+ :param bytes label: label
+ :param bytes seed: seed
+ :param int keys: number of generated keys
+ :param int i_len: length of iterations value (called "R")
+ :returns: list of 256-bit keys
+ """
+ keymat = []
+ _len = long2bytes(keys * 32 * 8, size=1)
+ for i in range(keys):
+ keymat.append(hmac.new(
+ key=key,
+ msg=b"".join((long2bytes(i + 1, size=i_len), label, b"\x00", seed, _len)),
+ digestmod=GOST34112012256,
+ ).digest())
+ return keymat
+
+
+def keg(curve, prv, pub, h, mode=2001):
+ """Export key generation (Р 1323565.1.020-2018)
+
+ :param GOST3410Curve curve: curve to use
+ :param long prv: private key
+ :param pub: public key
+ :type pub: (long, long)
+ :param bytes h: "h"-value, 32 bytes
+ """
+ if len(h) != 32:
+ raise ValueError("h must be 32 bytes long")
+ ukm = bytes2long(h[:16])
+ if ukm == 0:
+ ukm = 1
+ if mode == 2012:
+ return kek_34102012512(curve, prv, pub, ukm)
+ k_exp = kek_34102012256(curve, prv, pub, ukm, mode=2001)
+ return b"".join(kdf_tree_gostr3411_2012_256(k_exp, b"kdf tree", h[16:24], 2))
--- /dev/null
+from typing import Sequence
+
+from pygost.gost3410 import GOST3410Curve
+
+
+PublicKey = Tuple[int, int]
+
+
+def kdf_gostr3411_2012_256(key: bytes, label: bytes, seed: bytes) -> bytes: ...
+
+
+def kdf_tree_gostr3411_2012_256(
+ key: bytes,
+ label: bytes,
+ seed: bytes,
+ keys: int,
+ i_len=1,
+) -> Sequence[bytes]: ...
+
+
+def keg(curve: GOST3410Curve, prv: int, pub: PublicKey, h: bytes, mode=2001) -> bytes: ...
gost3412
gost3413
mgm
+kdf
x509
cms
pfx
--- /dev/null
+# coding: utf-8
+# PyGOST -- Pure Python GOST cryptographic functions library
+# Copyright (C) 2015-2020 Sergey Matveev <stargrave@stargrave.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from unittest import TestCase
+
+from pygost.kdf import kdf_gostr3411_2012_256
+from pygost.kdf import kdf_tree_gostr3411_2012_256
+from pygost.utils import hexdec
+
+
+class TestKDFGOSTR34112012256(TestCase):
+ def runTest(self):
+ self.assertEqual(
+ kdf_gostr3411_2012_256(
+ hexdec("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"),
+ hexdec("26bdb878"),
+ hexdec("af21434145656378"),
+ ),
+ hexdec("a1aa5f7de402d7b3d323f2991c8d4534013137010a83754fd0af6d7cd4922ed9"),
+ )
+
+
+class TestKDFTREEGOSTR34112012256(TestCase):
+ def runTest(self):
+ self.assertSequenceEqual(
+ kdf_tree_gostr3411_2012_256(
+ hexdec("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"),
+ hexdec("26bdb878"),
+ hexdec("af21434145656378"),
+ 1,
+ ),
+ (hexdec("a1aa5f7de402d7b3d323f2991c8d4534013137010a83754fd0af6d7cd4922ed9"),),
+ )
+ self.assertSequenceEqual(
+ kdf_tree_gostr3411_2012_256(
+ hexdec("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"),
+ hexdec("26bdb878"),
+ hexdec("af21434145656378"),
+ 2,
+ ),
+ (
+ hexdec("22b6837845c6bef65ea71672b265831086d3c76aebe6dae91cad51d83f79d16b"),
+ hexdec("074c9330599d7f8d712fca54392f4ddde93751206b3584c8f43f9e6dc51531f9"),
+ ),
+ )
@item MGM AEAD mode for 64 and 128 bit ciphers (Р 1323565.1.026–2019)
@item CTR-ACPKM, OMAC-ACPKM-Master modes of operation (Р 1323565.1.017-2018)
@item KExp15/KImp15 key export/import functions (Р 1323565.1.017-2018)
+@item KDF_GOSTR3411_2012_256, KDF_TREE_GOSTR3411_2012_256 (Р 50.1.113-2016)
+@item KEG export key generation function (Р 1323565.1.020-2018)
@item PEP247-compatible hash/MAC functions
@end itemize