2 # PyGOST -- Pure Python GOST cryptographic functions library
3 # Copyright (C) 2015-2016 Sergey Matveev <stargrave@stargrave.org>
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 """GOST 34.12-2015 128-bit block cipher Кузнечик (Kuznechik)
19 :rfc:`7801`. Pay attention that 34.12-2015 also defines 64-bit block
20 cipher Магма (Magma) -- it is **not** implemented here, but in gost28147
23 Several precalculations are performed during this module importing.
26 from pygost.utils import strxor
27 from pygost.utils import xrange
31 148, 32, 133, 16, 194, 192, 1, 251, 1, 192, 194, 16, 133, 32, 148, 1,
34 252, 238, 221, 17, 207, 110, 49, 22, 251, 196, 250, 218, 35, 197, 4, 77,
35 233, 119, 240, 219, 147, 46, 153, 186, 23, 54, 241, 187, 20, 205, 95, 193,
36 249, 24, 101, 90, 226, 92, 239, 33, 129, 28, 60, 66, 139, 1, 142, 79, 5,
37 132, 2, 174, 227, 106, 143, 160, 6, 11, 237, 152, 127, 212, 211, 31, 235,
38 52, 44, 81, 234, 200, 72, 171, 242, 42, 104, 162, 253, 58, 206, 204, 181,
39 112, 14, 86, 8, 12, 118, 18, 191, 114, 19, 71, 156, 183, 93, 135, 21, 161,
40 150, 41, 16, 123, 154, 199, 243, 145, 120, 111, 157, 158, 178, 177, 50, 117,
41 25, 61, 255, 53, 138, 126, 109, 84, 198, 128, 195, 189, 13, 87, 223, 245,
42 36, 169, 62, 168, 67, 201, 215, 121, 214, 246, 124, 34, 185, 3, 224, 15,
43 236, 222, 122, 148, 176, 188, 220, 232, 40, 80, 78, 51, 10, 74, 167, 151,
44 96, 115, 30, 0, 98, 68, 26, 184, 56, 130, 100, 159, 38, 65, 173, 69, 70,
45 146, 39, 94, 85, 47, 140, 163, 165, 125, 105, 213, 149, 59, 7, 88, 179, 64,
46 134, 172, 29, 247, 48, 55, 107, 228, 136, 217, 231, 137, 225, 27, 131, 73,
47 76, 63, 248, 254, 141, 83, 170, 144, 202, 216, 133, 97, 32, 113, 103, 164,
48 45, 43, 9, 91, 203, 155, 37, 208, 190, 229, 108, 82, 89, 166, 116, 210, 230,
49 244, 180, 192, 209, 102, 175, 194, 57, 75, 99, 182,
52 ########################################################################
53 # Precalculate inverted PI value as a performance optimization.
54 # Actually it can be computed only once and saved on the disk.
55 ########################################################################
56 PIinv = bytearray(256)
73 ########################################################################
74 # Precalculate all possible gf(byte, byte) values as a performance
76 # Actually it can be computed only once and saved on the disk.
77 ########################################################################
78 GF = [bytearray(256) for _ in xrange(256)]
84 def L(blk, rounds=16):
85 for _ in range(rounds):
87 for i in range(14, -1, -1):
89 t ^= GF[blk[i]][LC[i]]
99 t ^= GF[blk[i]][LC[i]]
103 ########################################################################
104 # Precalculate values of the C -- it does not depend on key.
105 # Actually it can be computed only once and saved on the disk.
106 ########################################################################
108 for x in range(1, 33):
115 return L([PI[v] for v in blk])
118 class GOST3412Kuz(object):
119 """GOST 34.12-2015 128-bit block cipher Кузнечик (Kuznechik)
121 def __init__(self, key):
123 :param key: encryption/decryption key
124 :type key: bytes, 32 bytes
126 Key scheduling (roundkeys precomputation) is performed here.
128 kr0 = bytearray(key[:16])
129 kr1 = bytearray(key[16:])
133 k = lp(bytearray(strxor(C[8 * i + j], kr0)))
134 kr0, kr1 = [strxor(k, kr1), kr0]
138 def encrypt(self, blk):
141 blk = lp(bytearray(strxor(self.ks[i], blk)))
142 return bytes(strxor(self.ks[9], blk))
144 def decrypt(self, blk):
146 for i in range(9, 0, -1):
147 blk = [PIinv[v] for v in Linv(bytearray(strxor(self.ks[i], blk)))]
148 return bytes(strxor(self.ks[0], blk))