PRF_IPSEC_PRFPLUS_GOSTR3411_2012_{256,512}

diff --git a/INSTALL b/INSTALL
index 06e6e6725fdd95162c57937c42cfb042b720a63a..22565efcf353e7069072c94417f6b3fedeca58a4 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -1,19 +1,19 @@
 Preferable way is to download tarball with the signature from official
 website and, for example, run tests with benchmarks:
 
-    $ wget http://gogost.cypherpunks.ru/gogost-4.1.0.tar.xz
-    $ wget http://gogost.cypherpunks.ru/gogost-4.1.0.tar.xz.sig
-    $ gpg --verify gogost-4.1.0.tar.xz.sig gogost-4.1.0.tar.xz
-    $ xz -d < gogost-4.1.0.tar.xz | tar xf -
-    $ make -C gogost-4.1.0 all bench
-    $ echo hello world | ./gogost-4.1.0/streebog256
+    $ wget http://gogost.cypherpunks.ru/gogost-4.2.0.tar.xz
+    $ wget http://gogost.cypherpunks.ru/gogost-4.2.0.tar.xz.sig
+    $ gpg --verify gogost-4.2.0.tar.xz.sig gogost-4.2.0.tar.xz
+    $ xz -d < gogost-4.2.0.tar.xz | tar xf -
+    $ make -C gogost-4.2.0 all bench
+    $ echo hello world | ./gogost-4.2.0/streebog256
     f72018189a5cfb803dbe1f2149cf554c40093d8e7f81c21e08ac5bcd09d9934d
 
 And then you can include its source code in your project for example
 like this:
 
     $ mkdir -p myproj/src
-    $ cp -r gogost-4.1.0/src/go.cypherpunks.ru myproj/src
+    $ cp -r gogost-4.2.0/src/go.cypherpunks.ru myproj/src
     $ export GOPATH=$PWD/myproj
     $ cd myproj/src
     $ cat > main.go <<EOF
@@ -64,5 +64,5 @@ GOPRIVATE=go.cypherpunks.ru/gogost environment variable.
 
 Also you can use "replace" feature inside your go.mod, like:
 
-    require go.cypherpunks.ru/gogost/v4 v4.1.0
-    replace go.cypherpunks.ru/gogost/v4 => /home/stargrave/gogost-4.1.0/src/go.cypherpunks.ru/gogost/v4
+    require go.cypherpunks.ru/gogost/v4 v4.2.0
+    replace go.cypherpunks.ru/gogost/v4 => /home/stargrave/gogost-4.2.0/src/go.cypherpunks.ru/gogost/v4

diff --git a/NEWS b/NEWS
index 5b13d25b49710f2545481b240d5012ead0c5030a..1723442b9531341c4013040df7a7dae0b69a3cf6 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,9 @@
+4.2.0:
+    * PRF_IPSEC_PRFPLUS_GOSTR3411_2012_{256,512} implementation
+    * Generic prf+ function (taken from IKEv2) implementation
+
 4.1.0:
-    * ESPTREE implementation
+    * ESPTREE/IKETREE implementation
     * CurveIdtc26gost34102012256paramSetB, CurveIdtc26gost34102012256paramSetC,
       CurveIdtc26gost34102012256paramSetD curve aliases
     * Forbid any later GNU GPL version autousage

diff --git a/VERSION b/VERSION
index ee74734aa2258df77aa09402d55798a1e2e55212..6aba2b245a847cc30a9b9dc009fc9d2522fff998 100644 (file)
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.1.0
+4.2.0

diff --git a/download.texi b/download.texi
index e26424735eb47a8fea07c331bc904b0acb9fc823..fde8fdae11ff30ab5c39fdc89f084baf2166d05a 100644 (file)
--- a/download.texi
+++ b/download.texi
@@ -5,12 +5,12 @@ Preferable way is to download tarball with the signature from
 website and, for example, run tests with benchmarks:
 
 @verbatim
-$ wget http://gogost.cypherpunks.ru/gogost-4.1.0.tar.xz
-$ wget http://gogost.cypherpunks.ru/gogost-4.1.0.tar.xz.sig
-$ gpg --verify gogost-4.1.0.tar.xz.sig gogost-4.1.0.tar.xz
-$ xz -d < gogost-4.1.0.tar.xz | tar xf -
-$ make -C gogost-4.1.0 all bench
-$ echo hello world | ./gogost-4.1.0/streebog256
+$ wget http://gogost.cypherpunks.ru/gogost-4.2.0.tar.xz
+$ wget http://gogost.cypherpunks.ru/gogost-4.2.0.tar.xz.sig
+$ gpg --verify gogost-4.2.0.tar.xz.sig gogost-4.2.0.tar.xz
+$ xz -d < gogost-4.2.0.tar.xz | tar xf -
+$ make -C gogost-4.2.0 all bench
+$ echo hello world | ./gogost-4.2.0/streebog256
 f72018189a5cfb803dbe1f2149cf554c40093d8e7f81c21e08ac5bcd09d9934d
 @end verbatim
 
@@ -19,7 +19,7 @@ like this:
 
 @verbatim
 $ mkdir -p myproj/src
-$ cp -r gogost-4.1.0/src/go.cypherpunks.ru myproj/src
+$ cp -r gogost-4.2.0/src/go.cypherpunks.ru myproj/src
 $ export GOPATH=$PWD/myproj
 $ cd myproj/src
 $ cat > main.go <<EOF
@@ -123,8 +123,8 @@ environment variable.
 
 Also you can use @code{replace} feature inside your @file{go.mod}, like:
 @verbatim
-require go.cypherpunks.ru/gogost/v4 v4.1.0
-replace go.cypherpunks.ru/gogost/v4 => /home/stargrave/gogost-4.1.0/src/go.cypherpunks.ru/gogost/v4
+require go.cypherpunks.ru/gogost/v4 v4.2.0
+replace go.cypherpunks.ru/gogost/v4 => /home/stargrave/gogost-4.2.0/src/go.cypherpunks.ru/gogost/v4
 @end verbatim
 
 You can obtain development source code with

diff --git a/makedist.sh b/makedist.sh
index 7ed9a15821eb89a9b329284a1997fff8ebaf3362..879a37357dd02a36626854f1f72ff94ae01eb144 100755 (executable)
--- a/makedist.sh
+++ b/makedist.sh
@@ -22,6 +22,7 @@ mv \
     gost341264 \
     gost3413 \
     mgm \
+    prfplus \
     cmd internal gogost.go go.mod go.sum src/$mod_name
 
 mkdir -p src/golang.org/x/crypto

diff --git a/news.texi b/news.texi
index 7e09a27d1ad0d4861d151c6a5935823b4ebe1456..01fb655bb8a8ec752e0df6910de5d0fec605fa68 100644 (file)
--- a/news.texi
+++ b/news.texi
@@ -3,6 +3,14 @@
 
 @table @strong
 
+@anchor{Release 4.2.0}
+@item 4.2.0
+    @itemize
+    @item @code{PRF_IPSEC_PRFPLUS_GOSTR3411_2012_@{256,512@}} implementation
+    @item Generic @code{prf+} function (taken from IKEv2
+        (@url{https://tools.ietf.org/html/rfc5831.html, RFC 7296}))
+    @end itemize
+
 @anchor{Release 4.1.0}
 @item 4.1.0
     @itemize

diff --git a/prfplus/gost.go b/prfplus/gost.go
new file mode 100644 (file)
index 0000000..659b5b4
--- /dev/null
+++ b/prfplus/gost.go
@@ -0,0 +1,46 @@
+// GoGOST -- Pure Go GOST cryptographic functions library
+// Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// PRF_IPSEC_PRFPLUS_GOSTR3411_2012_{256,512} as defined in R 50.1.113-2016.
+package prfplus
+
+import (
+       "crypto/hmac"
+       "hash"
+
+       "go.cypherpunks.ru/gogost/v4/gost34112012256"
+       "go.cypherpunks.ru/gogost/v4/gost34112012512"
+)
+
+type PRFIPsecPRFPlusGOSTR34112012 struct{ h hash.Hash }
+
+func NewPRFIPsecPRFPlusGOSTR34112012256(key []byte) PRFForPlus {
+       return PRFIPsecPRFPlusGOSTR34112012{hmac.New(gost34112012256.New, key)}
+}
+
+func NewPRFIPsecPRFPlusGOSTR34112012512(key []byte) PRFForPlus {
+       return PRFIPsecPRFPlusGOSTR34112012{hmac.New(gost34112012512.New, key)}
+}
+
+func (prf PRFIPsecPRFPlusGOSTR34112012) BlockSize() int {
+       return prf.h.Size()
+}
+
+func (prf PRFIPsecPRFPlusGOSTR34112012) Derive(salt []byte) []byte {
+       prf.h.Write(salt)
+       sum := prf.h.Sum(nil)
+       prf.h.Reset()
+       return sum
+}

diff --git a/prfplus/gost_test.go b/prfplus/gost_test.go
new file mode 100644 (file)
index 0000000..300d76c
--- /dev/null
+++ b/prfplus/gost_test.go
@@ -0,0 +1,81 @@
+// GoGOST -- Pure Go GOST cryptographic functions library
+// Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package prfplus
+
+import (
+       "bytes"
+       "testing"
+)
+
+func TestPRFIPsecPRFPlusGOSTR34112012256(t *testing.T) {
+       prf := NewPRFIPsecPRFPlusGOSTR34112012256([]byte{
+               0xC9, 0xA9, 0xA7, 0x73, 0x20, 0xE2, 0xCC, 0x55,
+               0x9E, 0xD7, 0x2D, 0xCE, 0x6F, 0x47, 0xE2, 0x19,
+               0x2C, 0xCE, 0xA9, 0x5F, 0xA6, 0x48, 0x67, 0x05,
+               0x82, 0xC0, 0x54, 0xC0, 0xEF, 0x36, 0xC2, 0x21,
+       })
+       dst := make([]byte, 64)
+       PRFPlus(prf, dst, []byte{
+               0x01, 0x26, 0xBD, 0xB8, 0x78, 0x00, 0x1D, 0x80,
+               0x60, 0x3C, 0x85, 0x44, 0xC7, 0x27, 0x01, 0x00,
+       })
+       if bytes.Compare(dst, []byte{
+               0x2D, 0xE5, 0xEE, 0x84, 0xE1, 0x3D, 0x7B, 0xE5,
+               0x36, 0x16, 0x67, 0x39, 0x13, 0x37, 0x0A, 0xB0,
+               0x54, 0xC0, 0x74, 0xB7, 0x9B, 0x69, 0xA8, 0xA8,
+               0x46, 0x82, 0xA9, 0xF0, 0x4F, 0xEC, 0xD5, 0x87,
+               0x29, 0xF6, 0x0D, 0xDA, 0x45, 0x7B, 0xF2, 0x19,
+               0xAA, 0x2E, 0xF9, 0x5D, 0x7A, 0x59, 0xBE, 0x95,
+               0x4D, 0xE0, 0x08, 0xF4, 0xA5, 0x0D, 0x50, 0x4D,
+               0xBD, 0xB6, 0x90, 0xBE, 0x68, 0x06, 0x01, 0x53,
+       }) != 0 {
+               t.FailNow()
+       }
+}
+
+func TestPRFIPsecPRFPlusGOSTR34112012512(t *testing.T) {
+       prf := NewPRFIPsecPRFPlusGOSTR34112012512([]byte{
+               0xC9, 0xA9, 0xA7, 0x73, 0x20, 0xE2, 0xCC, 0x55,
+               0x9E, 0xD7, 0x2D, 0xCE, 0x6F, 0x47, 0xE2, 0x19,
+               0x2C, 0xCE, 0xA9, 0x5F, 0xA6, 0x48, 0x67, 0x05,
+               0x82, 0xC0, 0x54, 0xC0, 0xEF, 0x36, 0xC2, 0x21,
+       })
+       dst := make([]byte, 128)
+       PRFPlus(prf, dst, []byte{
+               0x01, 0x26, 0xBD, 0xB8, 0x78, 0x00, 0x1D, 0x80,
+               0x60, 0x3C, 0x85, 0x44, 0xC7, 0x27, 0x01, 0x00,
+       })
+       if bytes.Compare(dst, []byte{
+               0x5D, 0xA6, 0x71, 0x43, 0xA5, 0xF1, 0x2A, 0x6D,
+               0x6E, 0x47, 0x42, 0x59, 0x6F, 0x39, 0x24, 0x3F,
+               0xCC, 0x61, 0x57, 0x45, 0x91, 0x5B, 0x32, 0x59,
+               0x10, 0x06, 0xFF, 0x78, 0xA2, 0x08, 0x63, 0xD5,
+               0xF8, 0x8E, 0x4A, 0xFC, 0x17, 0xFB, 0xBE, 0x70,
+               0xB9, 0x50, 0x95, 0x73, 0xDB, 0x00, 0x5E, 0x96,
+               0x26, 0x36, 0x98, 0x46, 0xCB, 0x86, 0x19, 0x99,
+               0x71, 0x6C, 0x16, 0x5D, 0xD0, 0x6A, 0x15, 0x85,
+               0x48, 0x34, 0x49, 0x5A, 0x43, 0x74, 0x6C, 0xB5,
+               0x3F, 0x0A, 0xBA, 0x3B, 0xC4, 0x6E, 0xBC, 0xF8,
+               0x77, 0x3C, 0xA6, 0x4A, 0xD3, 0x43, 0xC1, 0x22,
+               0xEE, 0x2A, 0x57, 0x75, 0x57, 0x03, 0x81, 0x57,
+               0xEE, 0x9C, 0x38, 0x8D, 0x96, 0xEF, 0x71, 0xD5,
+               0x8B, 0xE5, 0xC1, 0xEF, 0xA1, 0xAF, 0xA9, 0x5E,
+               0xBE, 0x83, 0xE3, 0x9D, 0x00, 0xE1, 0x9A, 0x5D,
+               0x03, 0xDC, 0xD6, 0x0A, 0x01, 0xBC, 0xA8, 0xE3,
+       }) != 0 {
+               t.FailNow()
+       }
+}

diff --git a/prfplus/plus.go b/prfplus/plus.go
new file mode 100644 (file)
index 0000000..84ce70c
--- /dev/null
+++ b/prfplus/plus.go
@@ -0,0 +1,47 @@
+// GoGOST -- Pure Go GOST cryptographic functions library
+// Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package prfplus
+
+type PRFForPlus interface {
+       BlockSize() int
+       Derive(salt []byte) []byte
+}
+
+// prf+ function as defined in RFC 7296 (IKEv2)
+func PRFPlus(prf PRFForPlus, dst, salt []byte) {
+       in := make([]byte, prf.BlockSize()+len(salt)+1)
+       in[len(in)-1] = byte(0x01)
+       copy(in[prf.BlockSize():], salt)
+       copy(in[:prf.BlockSize()], prf.Derive(in[prf.BlockSize():]))
+       copy(dst, in[:prf.BlockSize()])
+       n := len(dst) / prf.BlockSize()
+       if n == 0 {
+               return
+       }
+       if n*prf.BlockSize() != len(dst) {
+               n++
+       }
+       n--
+       out := dst[prf.BlockSize():]
+       for i := 0; i < n; i++ {
+               in[len(in)-1] = byte(i + 2)
+               copy(in[:prf.BlockSize()], prf.Derive(in))
+               copy(out, in[:prf.BlockSize()])
+               if i+1 != n {
+                       out = out[prf.BlockSize():]
+               }
+       }
+}