@settitle GoGOST
@copying
-Copyright @copyright{} 2015-2017 @email{stargrave@@stargrave.org, Sergey Matveev}
+Copyright @copyright{} 2015-2024 @email{stargrave@@stargrave.org, Sergey Matveev}
@end copying
@node Top
It is
@url{https://www.gnu.org/philosophy/pragmatic.html, copylefted}
@url{https://www.gnu.org/philosophy/free-sw.html, free software}:
-licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}.
-You can read about GOST algorithms @url{http://www.cypherpunks.ru/gost/, more}.
+licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3}.
+You can read about GOST algorithms @url{http://www.gost.cypherpunks.ru/, more}.
Currently supported algorithms are:
(@url{https://tools.ietf.org/html/rfc7091.html, RFC 7091})
public key signature function
@item various 34.10 curve parameters included
+@item Coordinates conversion from twisted Edwards to Weierstrass
+ form and vice versa
@item VKO GOST R 34.10-2001 key agreement function
(@url{https://tools.ietf.org/html/rfc4357.html, RFC 4357})
@item VKO GOST R 34.10-2012 key agreement function
(@url{https://tools.ietf.org/html/rfc7836.html, RFC 7836})
+@item @code{KDF_GOSTR3411_2012_256} KDF function
+ (@url{https://tools.ietf.org/html/rfc7836.html, RFC 7836})
@item GOST R 34.12-2015 128-bit block cipher Кузнечик (Kuznechik)
(@url{https://tools.ietf.org/html/rfc7801.html, RFC 7801})
+@item GOST R 34.12-2015 64-bit block cipher Магма (Magma)
@item GOST R 34.13-2015 padding methods
+@item MGM AEAD mode for 64 and 128 bit ciphers
+ (@url{https://tools.ietf.org/html/rfc9058.html, RFC 9058})
+@item TLSTREE keyscheduling function
+@item ESPTREE/IKETREE (IKE* is the same as ESP*) keyscheduling function
+@item @code{PRF_IPSEC_PRFPLUS_GOSTR3411_2012_@{256,512@}} and generic
+ @code{prf+} functions (Р 50.1.111-2016 with IKEv2
+ @url{https://tools.ietf.org/html/rfc5831.html, RFC 7296})
@end itemize
-Please send questions, bug reports and patches to
-@url{https://lists.cypherpunks.ru/mailman/listinfo/gost, gost}
-mailing list. Announcements also go to this mailing list.
-
-@insertcopying
-
-@node News
-@unnumbered News
-
-@table @strong
-
-@item 2.0
- @itemize
- @item 34.11-2012 is split on two different modules:
- @code{gost34112012256} and @code{gost34112012512}
- @item 34.11-94's digest is reversed. Now it is compatible with TC26's
- HMAC and PBKDF2 test vectors
- @item @code{gogost-streebog} is split to @code{streebog256} and
- @code{streebog512} correspondingly by analogy with sha* utilities
- @item added VKO 34.10-2012 support with corresponding test vectors
- @item @code{gost3410.DigestSizeX} is renamed to
- @code{gost3410.ModeX} because it is not related to digest size,
- but parameters and key sizes
- @item KEK functions take @code{big.Int} UKM value. Use @code{NewUKM}
- to unmarshal raw binary UKM
- @end itemize
-
-@item 1.1
- @itemize
- @item gogost-streebog is able to use either 256 or 512 bits digest size
- @item 34.13-2015 padding methods
- @item 28147-89 CBC mode of operation
- @end itemize
-
-@end table
+Probably you could be interested in
+@url{//www.gostls13.cypherpunks.ru/, Go's support of GOST TLS 1.3}.
-@node Download
-@unnumbered Download
-
-Preferable way is to download tarball with the signature from
-website and, for example, run tests with benchmarks:
-
-@verbatim
-% wget http://www.cypherpunks.ru/gogost/gogost-1.1.tar.xz
-% wget http://www.cypherpunks.ru/gogost/gogost-1.1.tar.xz.sig
-% gpg --verify gogost-1.1.tar.xz.sig gogost-1.1.tar.xz
-% xz -d < gogost-1.1.tar.xz | tar xf -
-% make -C gogost-1.1 all bench
-% echo hello world | ./gogost-1.1/streebog256
-f72018189a5cfb803dbe1f2149cf554c40093d8e7f81c21e08ac5bcd09d9934d
-@end verbatim
-
-And then you can include its source code in your project for example
-like this:
+Example 34.10-2012-256 keypair generation, signing and verifying:
@verbatim
-% mkdir -p myproj/src
-% export GOPATH=$PWD/myproj
-% cd myproj/src
-% cat > main.go <<EOF
-package main
-
import (
- "encoding/hex"
- "fmt"
-
- "cypherpunks.ru/gogost/gost34112012256"
+ "crypto/rand"
+ "io"
+ "go.cypherpunks.ru/gogost/v5/gost3410"
+ "go.cypherpunks.ru/gogost/v5/gost34112012256"
)
-
func main() {
- h := gost34112012256.New()
- h.Write([]byte("hello world"))
- fmt.Println(hex.EncodeToString(h.Sum(nil)))
+ data := []byte("data to be signed")
+ hasher := gost34112012256.New()
+ _, err := hasher.Write(data)
+ dgst := hasher.Sum(nil)
+ curve := gost3410.CurveIdtc26gost341012256paramSetB()
+ prvRaw := make([]byte, 32)
+ _, err = io.ReadFull(rand.Reader, prvRaw)
+ prv, err := gost3410.NewPrivateKey(curve, prvRaw)
+ pub, err := prv.PublicKey()
+ pubRaw := pub.Raw()
+ sign, err := prv.Sign(rand.Reader, dgst, nil)
+ pub, err = gost3410.NewPublicKey(curve, pubRaw)
+ isValid, err := pub.VerifyDigest(dgst, sign)
+ if !isValid { panic("signature is invalid") }
}
-EOF
-% cp -r ../../gogost-1.1/src/cypherpunks.ru .
-% go run main.go
-c600fd9dd049cf8abd2f5b32e840d2cb0e41ea44de1c155dcd88dc84fe58a855
-@end verbatim
-
-@multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
-@headitem Version @tab Size @tab Tarball @tab SHA256 checksum @tab Streebog-256 checksum
-
-@item 2.0 @tab 39 KiB
-@tab @url{gogost-2.0.tar.xz, link} @url{gogost-2.0.tar.xz.sig, sign}
-@tab @code{28E8C15C 0EC5CC2A 47A8CCDA DF9EADB5 E46970AA FB7FAAF3 AA250FFC 79CE57F7}
-@tab @code{e2858b9c1e7834663838c44b9b9ebbd1f37e5b85ceba5698b6fb5d180e071710}
-
-@item 1.2 @tab 34 KiB
-@tab @url{gogost-1.2.tar.xz, link} @url{gogost-1.2.tar.xz.sig, sign}
-@tab @code{B894D0E4 923F0361 8A33A360 65AE860F FCFAF8F5 42A82D71 EA0A0BA7 7BC99093}
-@tab @code{fc6d3533e28d356398877674b6ee18954581c7f46832a5cf994ae243ab00ddf5}
-
-@item 1.1 @tab 33 KiB
-@tab @url{gogost-1.1.tar.xz, link} @url{gogost-1.1.tar.xz.sig, sign}
-@tab @code{26D37912 6FE220C1 C0381835 DEFFDC4B BDCDC394 15D6E9C1 F8A5A302 04F9452B}
-@tab @code{313fa58c2c030dd5acd20b524842bd2d4ec7403fcfca2a4a238ddc187c3ef0df}
-
-@end multitable
-
-You @strong{have to} verify downloaded tarballs integrity and
-authenticity to be sure that you retrieved trusted and untampered
-software. @url{https://www.gnupg.org/, The GNU Privacy Guard} is used
-for that purpose.
-
-For the very first time it it necessary to get signing public key and
-import it. It is provided below, but you should check alternative
-resources.
-
-@verbatim
-pub rsa2048/0x82343436696FC85A 2016-09-13 [SC]
- CEBD 1282 2C46 9C02 A81A 0467 8234 3436 696F C85A
-uid GoGOST releases <gogost at cypherpunks dot ru>
@end verbatim
-@itemize
-
-@item @url{https://lists.cypherpunks.ru/mailman/listinfo/gost, gost} maillist
-
-@item
-@verbatim
-% gpg --keyserver hkp://keys.gnupg.net/ --recv-keys 0x82343436696FC85A
-% gpg --auto-key-locate dane --locate-keys gogost at cypherpunks dot ru
-% gpg --auto-key-locate wkd --locate-keys gogost at cypherpunks dot ru
-% gpg --auto-key-locate pka --locate-keys gogost at cypherpunks dot ru
-@end verbatim
-
-@item
-@verbatiminclude PUBKEY.asc
+Please send questions, bug reports and patches to
+@url{http://lists.cypherpunks.ru/gost.html, gost}
+mailing list. Announcements also go to this mailing list.
-@end itemize
+@insertcopying
-You can obtain development source code by cloning
-@url{http://git-scm.com/, Git}
-@url{https://git.cypherpunks.ru/cgit.cgi/gogost.git/}.
+@include faq.texi
+@include news.texi
+@include install.texi
@bye