]> Cypherpunks.ru repositories - gogost.git/commitdiff
projects / gogost.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 91562b3)
ESPTREE
authorSergey Matveev <stargrave@stargrave.org>
Tue, 1 Oct 2019 08:03:13 +0000 (11:03 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Tue, 1 Oct 2019 08:03:13 +0000 (11:03 +0300)
README patch | blob | history
news.texi patch | blob | history
src/cypherpunks.ru/gogost/gost34112012256/esptree.go [new file with mode: 0644] patch | blob
src/cypherpunks.ru/gogost/gost34112012256/esptree_test.go [new file with mode: 0644] patch | blob
www.texi patch | blob | history

diff --git a/README b/README
index fa05b907ff0edb9256fb96ad1e8235e6e98237db..2f37487c8f4a6e6c1c97aff460f04a794af665cd 100644 (file)
--- a/README
+++ b/README
@@ -20,6 +20,7 @@ GOST is GOvernment STandard of Russian Federation (and Soviet Union).
 * GOST R 34.13-2015 padding methods
 * MGM AEAD mode for 64 and 128 bit ciphers
 * TLSTREE keyscheduling function
+* ESPTREE keyscheduling function
 
 Known problems:
 
diff --git a/news.texi b/news.texi
index dc918f769cb7b33357f00d215f3c0a197c8e9424..5569269f1fa848ef6585fc3047bdae7a4cde5fcf 100644 (file)
--- a/news.texi
+++ b/news.texi
@@ -3,6 +3,13 @@
 
 @table @strong
 
+@anchor{Release 4.1}
+@item 4.1
+    @itemize
+    @item @code{ESPTREE} implementation
+
+    @end itemize
+
 @anchor{Release 4.0}
 @item 4.0
     @itemize
diff --git a/src/cypherpunks.ru/gogost/gost34112012256/esptree.go b/src/cypherpunks.ru/gogost/gost34112012256/esptree.go
new file mode 100644 (file)
index 0000000..dceaeb7
--- /dev/null
+++ b/src/cypherpunks.ru/gogost/gost34112012256/esptree.go
@@ -0,0 +1,60 @@
+// GoGOST -- Pure Go GOST cryptographic functions library
+// Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package gost34112012256
+
+import (
+       "crypto/subtle"
+)
+
+type ESPTree struct {
+       keyRoot []byte
+       isPrev  [5]byte
+       key     []byte
+}
+
+func NewESPTree(keyRoot []byte) *ESPTree {
+       key := make([]byte, len(keyRoot))
+       copy(key, keyRoot)
+       t := &ESPTree{
+               keyRoot: key,
+               key:     make([]byte, Size),
+       }
+       t.isPrev[0] += 1 // invalidate cache
+       t.DeriveCached([]byte{0x00, 0x00, 0x00, 0x00, 0x00})
+       return t
+}
+
+func (t *ESPTree) DeriveCached(is []byte) ([]byte, bool) {
+       if len(is) != 1+2+2 {
+               panic("invalid i1+i2+i3 input")
+       }
+       if subtle.ConstantTimeCompare(t.isPrev[:], is) == 1 {
+               return t.key, true
+       }
+       kdf1 := NewKDF(t.keyRoot)
+       kdf2 := NewKDF(kdf1.Derive(t.key[:0], []byte("level1"), append([]byte{0}, is[0])))
+       kdf3 := NewKDF(kdf2.Derive(t.key[:0], []byte("level2"), is[1:3]))
+       kdf3.Derive(t.key[:0], []byte("level3"), is[3:5])
+       copy(t.isPrev[:], is)
+       return t.key, false
+}
+
+func (t *ESPTree) Derive(is []byte) []byte {
+       keyDerived := make([]byte, Size)
+       key, _ := t.DeriveCached(is)
+       copy(keyDerived, key)
+       return keyDerived
+}
diff --git a/src/cypherpunks.ru/gogost/gost34112012256/esptree_test.go b/src/cypherpunks.ru/gogost/gost34112012256/esptree_test.go
new file mode 100644 (file)
index 0000000..a5c50e6
--- /dev/null
+++ b/src/cypherpunks.ru/gogost/gost34112012256/esptree_test.go
@@ -0,0 +1,192 @@
+// GoGOST -- Pure Go GOST cryptographic functions library
+// Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package gost34112012256
+
+import (
+       "bytes"
+       "testing"
+)
+
+func TestESPTree(t *testing.T) {
+       t.Run("1", func(t *testing.T) {
+               espTree := NewESPTree([]byte{
+                       0xB6, 0x18, 0x0C, 0x14, 0x5C, 0x51, 0x2D, 0xBD,
+                       0x69, 0xD9, 0xCE, 0xA9, 0x2C, 0xAC, 0x1B, 0x5C,
+                       0xE1, 0xBC, 0xFA, 0x73, 0x79, 0x2D, 0x61, 0xAF,
+                       0x0B, 0x44, 0x0D, 0x84, 0xB5, 0x22, 0xCC, 0x38,
+               })
+               is := []byte{0x00, 0x00, 0x00, 0x00, 0x00}
+               got := espTree.Derive(is)
+               if bytes.Compare(got, []byte{
+                       0x2F, 0xF1, 0xC9, 0x0E, 0xDE, 0x78, 0x6E, 0x06,
+                       0x1E, 0x17, 0xB3, 0x74, 0xD7, 0x82, 0xAF, 0x7B,
+                       0xD8, 0x80, 0xBD, 0x52, 0x7C, 0x66, 0xA2, 0xBA,
+                       0xDC, 0x3E, 0x56, 0x9A, 0xAB, 0x27, 0x1D, 0xA4,
+               }) != 0 {
+                       t.FailNow()
+               }
+               if _, cached := espTree.DeriveCached(is); !cached {
+                       t.FailNow()
+               }
+       })
+       t.Run("2", func(t *testing.T) {
+               espTree := NewESPTree([]byte{
+                       0xB6, 0x18, 0x0C, 0x14, 0x5C, 0x51, 0x2D, 0xBD,
+                       0x69, 0xD9, 0xCE, 0xA9, 0x2C, 0xAC, 0x1B, 0x5C,
+                       0xE1, 0xBC, 0xFA, 0x73, 0x79, 0x2D, 0x61, 0xAF,
+                       0x0B, 0x44, 0x0D, 0x84, 0xB5, 0x22, 0xCC, 0x38,
+               })
+               is := []byte{0x00, 0x00, 0x01, 0x00, 0x01}
+               got := espTree.Derive(is)
+               if bytes.Compare(got, []byte{
+                       0x9A, 0xBA, 0xC6, 0x57, 0x78, 0x18, 0x0E, 0x6F,
+                       0x2A, 0xF6, 0x1F, 0xB8, 0xD5, 0x71, 0x62, 0x36,
+                       0x66, 0xC2, 0xF5, 0x13, 0x0D, 0x54, 0xE2, 0x11,
+                       0x6C, 0x7D, 0x53, 0x0E, 0x6E, 0x7D, 0x48, 0xBC,
+               }) != 0 {
+                       t.FailNow()
+               }
+               if _, cached := espTree.DeriveCached(is); !cached {
+                       t.FailNow()
+               }
+       })
+       t.Run("3", func(t *testing.T) {
+               espTree := NewESPTree([]byte{
+                       0x5B, 0x50, 0xBF, 0x33, 0x78, 0x87, 0x02, 0x38,
+                       0xF3, 0xCA, 0x74, 0x0F, 0xD1, 0x24, 0xBA, 0x6C,
+                       0x22, 0x83, 0xEF, 0x58, 0x9B, 0xE6, 0xF4, 0x6A,
+                       0x89, 0x4A, 0xA3, 0x5D, 0x5F, 0x06, 0xB2, 0x03,
+               })
+               is := []byte{0x00, 0x00, 0x00, 0x00, 0x00}
+               got := espTree.Derive(is)
+               if bytes.Compare(got, []byte{
+                       0x25, 0x65, 0x21, 0xE2, 0x70, 0xB7, 0x4A, 0x16,
+                       0x4D, 0xFC, 0x26, 0xE6, 0xBF, 0x0C, 0xCA, 0x76,
+                       0x5E, 0x9D, 0x41, 0x02, 0x7D, 0x4B, 0x7B, 0x19,
+                       0x76, 0x2B, 0x1C, 0xC9, 0x01, 0xDC, 0xDE, 0x7F,
+               }) != 0 {
+                       t.FailNow()
+               }
+               if _, cached := espTree.DeriveCached(is); !cached {
+                       t.FailNow()
+               }
+       })
+       t.Run("4", func(t *testing.T) {
+               espTree := NewESPTree([]byte{
+                       0x5B, 0x50, 0xBF, 0x33, 0x78, 0x87, 0x02, 0x38,
+                       0xF3, 0xCA, 0x74, 0x0F, 0xD1, 0x24, 0xBA, 0x6C,
+                       0x22, 0x83, 0xEF, 0x58, 0x9B, 0xE6, 0xF4, 0x6A,
+                       0x89, 0x4A, 0xA3, 0x5D, 0x5F, 0x06, 0xB2, 0x03,
+               })
+               is := []byte{0x00, 0x00, 0x01, 0x00, 0x01}
+               got := espTree.Derive(is)
+               if bytes.Compare(got, []byte{
+                       0x20, 0xE0, 0x46, 0xD4, 0x09, 0x83, 0x9B, 0x23,
+                       0xF0, 0x66, 0xA5, 0x0A, 0x7A, 0x06, 0x5B, 0x4A,
+                       0x39, 0x24, 0x4F, 0x0E, 0x29, 0xEF, 0x1E, 0x6F,
+                       0x2E, 0x5D, 0x2E, 0x13, 0x55, 0xF5, 0xDA, 0x08,
+               }) != 0 {
+                       t.FailNow()
+               }
+               if _, cached := espTree.DeriveCached(is); !cached {
+                       t.FailNow()
+               }
+       })
+       t.Run("5", func(t *testing.T) {
+               espTree := NewESPTree([]byte{
+                       0x98, 0xBD, 0x34, 0xCE, 0x3B, 0xE1, 0x9A, 0x34,
+                       0x65, 0xE4, 0x87, 0xC0, 0x06, 0x48, 0x83, 0xF4,
+                       0x88, 0xCC, 0x23, 0x92, 0x63, 0xDC, 0x32, 0x04,
+                       0x91, 0x9B, 0x64, 0x3F, 0xE7, 0x57, 0xB2, 0xBE,
+               })
+               is := []byte{0x00, 0x00, 0x00, 0x00, 0x00}
+               got := espTree.Derive(is)
+               if bytes.Compare(got, []byte{
+                       0x98, 0xF1, 0x03, 0x01, 0x81, 0x0A, 0x04, 0x1C,
+                       0xDA, 0xDD, 0xE1, 0xBD, 0x85, 0xA0, 0x8F, 0x21,
+                       0x8B, 0xAC, 0xB5, 0x7E, 0x00, 0x35, 0xE2, 0x22,
+                       0xC8, 0x31, 0xE3, 0xE4, 0xF0, 0xA2, 0x0C, 0x8F,
+               }) != 0 {
+                       t.FailNow()
+               }
+               if _, cached := espTree.DeriveCached(is); !cached {
+                       t.FailNow()
+               }
+       })
+       t.Run("6", func(t *testing.T) {
+               espTree := NewESPTree([]byte{
+                       0x98, 0xBD, 0x34, 0xCE, 0x3B, 0xE1, 0x9A, 0x34,
+                       0x65, 0xE4, 0x87, 0xC0, 0x06, 0x48, 0x83, 0xF4,
+                       0x88, 0xCC, 0x23, 0x92, 0x63, 0xDC, 0x32, 0x04,
+                       0x91, 0x9B, 0x64, 0x3F, 0xE7, 0x57, 0xB2, 0xBE,
+               })
+               is := []byte{0x00, 0x00, 0x00, 0x00, 0x01}
+               got := espTree.Derive(is)
+               if bytes.Compare(got, []byte{
+                       0x02, 0xC5, 0x41, 0x87, 0x7C, 0xC6, 0x23, 0xF3,
+                       0xF1, 0x35, 0x91, 0x9A, 0x75, 0x13, 0xB6, 0xF8,
+                       0xA8, 0xA1, 0x8C, 0xB2, 0x63, 0x99, 0x86, 0x2F,
+                       0x50, 0x81, 0x4F, 0x52, 0x91, 0x01, 0x67, 0x84,
+               }) != 0 {
+                       t.FailNow()
+               }
+               if _, cached := espTree.DeriveCached(is); !cached {
+                       t.FailNow()
+               }
+       })
+       t.Run("7", func(t *testing.T) {
+               espTree := NewESPTree([]byte{
+                       0xD0, 0x65, 0xB5, 0x30, 0xFA, 0x20, 0xB8, 0x24,
+                       0xC7, 0x57, 0x0C, 0x1D, 0x86, 0x2A, 0xE3, 0x39,
+                       0x2C, 0x1C, 0x07, 0x6D, 0xFA, 0xDA, 0x69, 0x75,
+                       0x74, 0x4A, 0x07, 0xA8, 0x85, 0x7D, 0xBD, 0x30,
+               })
+               is := []byte{0x00, 0x00, 0x00, 0x00, 0x00}
+               got := espTree.Derive(is)
+               if bytes.Compare(got, []byte{
+                       0x4C, 0x61, 0x45, 0x99, 0xA0, 0xA0, 0x67, 0xF1,
+                       0x94, 0x87, 0x24, 0x0A, 0xE1, 0x00, 0xE1, 0xB7,
+                       0xEA, 0xF2, 0x3E, 0xDA, 0xF8, 0x7E, 0x38, 0x73,
+                       0x50, 0x86, 0x1C, 0x68, 0x3B, 0xA4, 0x04, 0x46,
+               }) != 0 {
+                       t.FailNow()
+               }
+               if _, cached := espTree.DeriveCached(is); !cached {
+                       t.FailNow()
+               }
+       })
+       t.Run("8", func(t *testing.T) {
+               espTree := NewESPTree([]byte{
+                       0xD0, 0x65, 0xB5, 0x30, 0xFA, 0x20, 0xB8, 0x24,
+                       0xC7, 0x57, 0x0C, 0x1D, 0x86, 0x2A, 0xE3, 0x39,
+                       0x2C, 0x1C, 0x07, 0x6D, 0xFA, 0xDA, 0x69, 0x75,
+                       0x74, 0x4A, 0x07, 0xA8, 0x85, 0x7D, 0xBD, 0x30,
+               })
+               is := []byte{0x00, 0x00, 0x00, 0x00, 0x01}
+               got := espTree.Derive(is)
+               if bytes.Compare(got, []byte{
+                       0xB4, 0xF3, 0xF9, 0x0D, 0xC4, 0x87, 0xFA, 0xB8,
+                       0xC4, 0xAF, 0xD0, 0xEB, 0x45, 0x49, 0xF2, 0xF0,
+                       0xE4, 0x36, 0x32, 0xB6, 0x79, 0x19, 0x37, 0x2E,
+                       0x1E, 0x96, 0x09, 0xEA, 0xF0, 0xB8, 0xE2, 0x28,
+               }) != 0 {
+                       t.FailNow()
+               }
+               if _, cached := espTree.DeriveCached(is); !cached {
+                       t.FailNow()
+               }
+       })
+}
diff --git a/www.texi b/www.texi
index 61d316519efb3d6d007e94577dfd7a2631bcd0fd..116cf20d82ac3f6d6ae7dc5c1d41d6a50210c185 100644 (file)
--- a/www.texi
+++ b/www.texi
@@ -50,6 +50,7 @@ Currently supported algorithms are:
 @item GOST R 34.13-2015 padding methods
 @item MGM AEAD mode for 64 and 128 bit ciphers
 @item TLSTREE keyscheduling function
+@item ESPTREE keyscheduling function
 @end itemize
 
 Please send questions, bug reports and patches to
Pure Go GOST cryptographic functions library