PKA key distribution is over

[pygost.git] / www.texi

\input texinfo
@documentencoding UTF-8
@settitle PyGOST

@copying
Copyright @copyright{} 2015-2018 @email{stargrave@@stargrave.org, Sergey Matveev}
@end copying

@node Top
@top PyGOST

PyGOST is pure Python 2.7/3.x GOST cryptographic functions library.
GOST is GOvernment STandard of Russian Federation (and Soviet Union).
It is
@url{https://www.gnu.org/philosophy/pragmatic.html, copylefted}
@url{https://www.gnu.org/philosophy/free-sw.html, free software}:
licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GPLv3+}.
You can read about GOST algorithms @url{http://gost.cypherpunks.ru/, more}.

Currently supported algorithms are:

@itemize
@item GOST 28147-89 (@url{https://tools.ietf.org/html/rfc5830.html, RFC 5830})
    block cipher with ECB, CNT (CTR), CFB, MAC,
    CBC (@url{https://tools.ietf.org/html/rfc4357.html, RFC 4357})
    modes of operation
@item various 28147-89-related S-boxes included
@item GOST R 34.11-94 hash function
    (@url{https://tools.ietf.org/html/rfc5831.html, RFC 5831})
@item GOST R 34.11-94 based @url{https://en.wikipedia.org/wiki/PBKDF2, PBKDF2} function
@item GOST R 34.11-2012 Стрибог (Streebog) hash function
    (@url{https://tools.ietf.org/html/rfc6986.html, RFC 6986})
@item GOST R 34.11-2012 based PBKDF2 function (Р 50.1.111-2016)
@item GOST R 34.10-2001
    (@url{https://tools.ietf.org/html/rfc5832.html, RFC 5832})
    public key signature function
@item GOST R 34.10-2012
    (@url{https://tools.ietf.org/html/rfc7091.html, RFC 7091})
    public key signature function
@item various 34.10 curve parameters included
@item VKO GOST R 34.10-2001 key agreement function
    (@url{https://tools.ietf.org/html/rfc4357.html, RFC 4357})
@item VKO GOST R 34.10-2012 key agreement function
    (@url{https://tools.ietf.org/html/rfc7836.html, RFC 7836})
@item 28147-89 and CryptoPro key wrapping
    (@url{https://tools.ietf.org/html/rfc4357.html, RFC 4357})
@item 28147-89 CryptoPro key meshing for CFB mode
    (@url{https://tools.ietf.org/html/rfc4357.html, RFC 4357})
@item @url{https://tools.ietf.org/html/rfc4491.html, RFC 4491}
    (using GOST algorithms with X.509) compatibility helpers
@item GOST R 34.12-2015 128-bit block cipher Кузнечик (Kuznechik)
    (@url{https://tools.ietf.org/html/rfc7801.html, RFC 7801})
@item GOST R 34.12-2015 64-bit block cipher Магма (Magma)
@item GOST R 34.13-2015 padding methods and block cipher modes of operation
      (ECB, CTR, OFB, CBC, CFB, MAC)
@item PEP247-compatible hash/MAC functions
@end itemize

Example 34.10-2012 keypair generation, signing and verifying:

@verbatim
>>> from pygost.gost3410 import CURVE_PARAMS
>>> from pygost.gost3410 import GOST3410Curve
>>> curve = GOST3410Curve(*CURVE_PARAMS["GostR3410_2012_TC26_ParamSetA"])
>>> from os import urandom
>>> prv_raw = urandom(32)
>>> from pygost.gost3410 import prv_unmarshal
>>> prv = prv_unmarshal(prv_raw)
>>> from pygost.gost3410 import public_key
>>> pub = public_key(curve, prv)
>>> from pygost.gost3410 import pub_marshal
>>> from pygost.utils import hexenc
>>> print "Public key is:", hexenc(pub_marshal(pub))
>>> from pygost import gost34112012256
>>> data_for_signing = b"some data"
>>> dgst = gost34112012256.new(data_for_signing).digest()
>>> from pygost.gost3410 import sign
>>> signature = sign(curve, prv, dgst, mode=2012)
>>> from pygost.gost3410 import verify
>>> verify(curve, pub, dgst, signature, mode=2012)
True
@end verbatim

Please send questions, bug reports and patches to
@url{https://lists.cypherpunks.ru/mailman/listinfo/gost, gost}
mailing list. Announcements also go to this mailing list.

@insertcopying

@node News
@unnumbered News

@table @strong
@item 3.11
Fixed PEP247 typing stub with invalid hexdigest method.

@item 3.10
Additional missing 34.11-* typing stubs.

@item 3.9
Add missing 34.11-2012 PBKDF2 typing stub.

@item 3.8
    @itemize
    @item 34.11-2012 based PBKDF2 function added
    @item 34.13-2015 does not require double blocksized IVs
    @end itemize

@item 3.7
Fixed 34.13-2015 OFB bug with IVs longer than 2 blocks.

@item 3.6
Fixed source files installation during @command{setup.py install} invocation.

@item 3.5
Dummy release: added long description in package metadata.

@item 3.4
Small mypy stubs related fixes.

@item 3.3
    @itemize
    @item @code{GOST3412Kuz} renamed to @code{GOST3412Kuznechik}
    @item @code{GOST3412Magma} implements GOST R 34.12-2015 Magma 64-bit
        block cipher
    @end itemize

@item 3.2
34.13-2015 block cipher modes of operation implementations.

@item 3.1
Fixed mypy stubs related to PEP247-successors.

@item 3.0
    @itemize
    @item @code{gost3411_94} renamed to @code{gost341194}
    @item @code{gost3411_2012} renamed and split to
        @code{gost34112012256}, @code{gost34112012512}
    @item @code{GOST34112012} split to
        @code{GOST34112012256}, @code{GOST34112012512}
    @item @code{gost3410.kek} moved to separate
        @code{gost3410_vko.kek_34102001}
    @item VKO GOST R 34.10-2012 appeared in @code{gost3410_vko},
        with test vectors
    @item 34.11-94 digest is reversed, to be compatible with HMAC and
        PBKDF2 test vectors describe in TC26 documents
    @item 34.11-94 PBKDF2 test vectors added
    @item @code{gost3410.prv_unmarshal},
        @code{gost3410.pub_marshal},
        @code{gost3410.pub_unmarshal}
        helpers added, removing the need of @code{x509} module at all
    @item @code{gost3410.verify} requires @code{(pubX, pubY)} tuple,
        instead of two separate @code{pubX}, @code{pubY} arguments
    @item 34.11-94 based PBKDF2 function added
    @end itemize

@item 2.4
Fixed 34.13 mypy stub.

@item 2.3
Typo and pylint fixes.

@item 2.2
GOST R 34.13-2015 padding methods

@item 2.1
Documentation and supplementary files refactoring.

@item 2.0
PEP-0247 compatible hashers and MAC.

@item 1.0
    @itemize
    @item Ability to specify curve in pygost.x509 module
    @item Ability to use 34.10-2012 in pygost.x509 functions
    @end itemize

    Renamed classes and modules:

    @itemize
    @item pygost.gost3410.SIZE_34100 -> pygost.gost3410.SIZE_3410_2001
    @item pygost.gost3410.SIZE_34112 -> pygost.gost3410.SIZE_3410_2012
    @item pygost.gost3411_12.GOST341112 -> pygost.gost3411_2012.GOST34112012
    @end itemize

@item 0.16
34.10-2012 TC26 curve parameters.

@item 0.15
PEP-0484 static typing hints.

@item 0.14
34.10-2012 workability fix.

@item 0.13
Python3 compatibility.

@item 0.11
GOST R 34.12-2015 Кузнечик (Kuznechik) implementation.

@item 0.10
CryptoPro and GOST key wrapping, CryptoPro key meshing.
@end table

@node Download
@unnumbered Download

No additional dependencies except Python 2.7/3.x interpreter are required.

Preferable way is to download tarball with the signature:

@verbatim
% wget http://pygost.cypherpunks.ru/pygost-3.8.tar.xz
% wget http://pygost.cypherpunks.ru/pygost-3.8.tar.xz.sig
% gpg --verify pygost-3.8.tar.xz.sig pygost-3.8.tar.xz
% xz -d < pygost-3.8.tar.xz | tar xf -
% cd pygost-3.8
% python setup.py install
@end verbatim

@multitable {XXXXX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
@headitem Version @tab Size @tab Tarball @tab SHA256 checksum @tab Streebog-256 checksum

@item 3.11 @tab 44 KiB
@tab @url{pygost-3.11.tar.xz, link} @url{pygost-3.11.tar.xz.sig, sign}
@tab @code{34C092B7 78778DD4 1587BD31 AC62E7E6 3C45CEB8 7B664293 CCCA66DB 21147835}
@tab @code{fdf1f96b93feb7ef5d6cd2f525a493bcd26933a1e15970f182d554595c2d2839}

@item 3.10 @tab 44 KiB
@tab @url{pygost-3.10.tar.xz, link} @url{pygost-3.10.tar.xz.sig, sign}
@tab @code{8508C513 EBA78BA3 9D4BE5DA 42A2CE39 B0EB8998 9C9EBF20 5E100A1F B594AB10}
@tab @code{357fe05d52f1d30e0972a3b7fa381bdc84be45ebcc01e59d921c78d8e3a456c0}

@item 3.9 @tab 44 KiB
@tab @url{pygost-3.9.tar.xz, link} @url{pygost-3.9.tar.xz.sig, sign}
@tab @code{EA734025 6A892D4C 6272E577 B773CADA 6D5DEAB5 651D82D0 4721F92C 068CCC10}
@tab @code{4302d934b9ccfbd63da4e3587eff322cbf6712fa45ffeb917fb831121a673dc9}

@item 3.8 @tab 44 KiB
@tab @url{pygost-3.8.tar.xz, link} @url{pygost-3.8.tar.xz.sig, sign}
@tab @code{C8219F12 900B15D6 DA479157 BC48EE08 8BDF7FD0 548E02E4 16B44B6A 4A2FFDD3}
@tab @code{0ad60ab474171cb72aa7282a77e5a87a3b8c6f958a0d781504dde2f82e7b839a}

@item 3.7 @tab 43 KiB
@tab @url{pygost-3.7.tar.xz, link} @url{pygost-3.7.tar.xz.sig, sign}
@tab @code{2BE1647A 2ED7C794 7B80EBFA 32EB71B1 2AA95711 71CAA0CE E8319BF7 17361E28}
@tab @code{b76ba4964a61b15a65be60c19d85063b88222fff881d9a9a8ff7dd8a07b2fc67}

@item 3.6 @tab 43 KiB
@tab @url{pygost-3.6.tar.xz, link} @url{pygost-3.6.tar.xz.sig, sign}
@tab @code{37EA8A31 B308DBC6 B3229922 ABA0355F 46008BEC 2649BF98 11F62091 17BD94B3}
@tab @code{47495afde7218e5d01160800daa0f9c786f5c95579686b0ce5a37fb7550bc735}

@item 3.5 @tab 43 KiB
@tab @url{pygost-3.5.tar.xz, link} @url{pygost-3.5.tar.xz.sig, sign}
@tab @code{14E504AE 81E74DDD 122E5BF1 0B9E25D7 82D51AB6 5ED43533 0BF276A4 8A7C7AA4}
@tab @code{eb2106523cf8ed1b462d7a0a57f771f94759047a7e0e5a0b96ee35b24293e264}

@item 3.4 @tab 43 KiB
@tab @url{pygost-3.4.tar.xz, link} @url{pygost-3.4.tar.xz.sig, sign}
@tab @code{89715612 8A197071 AD7689FA 96F89304 19E42F76 87632309 B47E5FDE 1AD6126D}
@tab @code{e590ddc7485e6f99658f26ac23cd2266648f27efa584a33f93abec8b80e1771d}

@item 3.3 @tab 41 KiB
@tab @url{pygost-3.3.tar.xz, link} @url{pygost-3.3.tar.xz.sig, sign}
@tab @code{D118F539 537CCD5D 9CCE850E DD8EFD8E ACDA9D6E 0C113A0F C575574A F4BD452A}
@tab @code{8400a3714b70dddfef03f6fe96325e73ac25db814d052a44dbd8f2ce5ddb05bb}

@item 3.2 @tab 41 KiB
@tab @url{pygost-3.2.tar.xz, link} @url{pygost-3.2.tar.xz.sig, sign}
@tab @code{6779D1B1 A4E2B1C3 49CA39F8 425FC962 AF2ED133 BB495343 0F83764B E2624087}
@tab @code{0a39880ad00ca11d112fef096b81a42a85ce4e5b25c48d1f643858b1e0c520d6}

@item 3.1 @tab 39 KiB
@tab @url{pygost-3.1.tar.xz, link} @url{pygost-3.1.tar.xz.sig, sign}
@tab @code{ACCCF1A9 F4B345FF 01595248 5B793DAC FCF71D1F 32A6ABCF 32042DDB 20897BC5}
@tab @code{823961b6c2a1abe83f6d828397002e68d711a08ce115f21ddff81a294882cd46}

@item 3.0 @tab 39 KiB
@tab @url{pygost-3.0.tar.xz, link} @url{pygost-3.0.tar.xz.sig, sign}
@tab @code{0AB10703 6960962D 30BD1646 ACC8D44B E9CBD8A8 4F25DF25 91F26383 DE28875F}
@tab @code{ef4729df62b4f615a154a9c35ccffaf6bb614a23067f4dd49d2993ec93bb6665}

@item 2.4 @tab 37 KiB
@tab @url{pygost-2.4.tar.xz, link} @url{pygost-2.4.tar.xz.sig, sign}
@tab @code{94D14E99 3CF63973 6C8E78D0 5EBD0838 09A47624 C05A9878 11136301 C0A07264}
@tab @code{b107b5ba043a2e4c30d9348e222b92218b8dff9d672964ffd04259c5261bc5a7}

@item 2.3 @tab 37 KiB
@tab @url{pygost-2.3.tar.xz, link} @url{pygost-2.3.tar.xz.sig, sign}
@tab @code{FF2C7E78 F3677B45 EB472DC6 1837C72C 0BD72387 AB0A9DC7 AD88AD11 59589732}
@tab @code{42cfd0cdf357997a909a9114ca14391b4c5e8b62e298675f899b80a8a26d690f}

@end multitable

But also you can use PIP (@strong{no} authentication is performed!):

@verbatim
% pip install pygost==3.7
@end verbatim

You @strong{have to} verify downloaded tarballs integrity and
authenticity to be sure that you retrieved trusted and untampered
software. @url{https://www.gnupg.org/, The GNU Privacy Guard} is used
for that purpose.

For the very first time it is necessary to get signing public key and
import it. It is provided below, but you should check alternative
resources.

@verbatim
pub   rsa2048/0xE6FD1269CD0C009E 2016-09-13
      F55A 7619 3A0C 323A A031  0E6B E6FD 1269 CD0C 009E
uid   PyGOST releases <pygost at cypherpunks dot ru>
@end verbatim

@itemize

@item @url{https://lists.cypherpunks.ru/mailman/listinfo/gost, gost} maillist

@item
@verbatim
% gpg --keyserver hkp://keys.gnupg.net/ --recv-keys 0xE6FD1269CD0C009E
% gpg --auto-key-locate dane --locate-keys pygost at cypherpunks dot ru
% gpg --auto-key-locate wkd --locate-keys pygost at cypherpunks dot ru
@end verbatim

@item
@verbatiminclude PUBKEY.asc

@end itemize

You can obtain development source code by cloning
@url{http://git-scm.com/, Git}
@url{https://git.cypherpunks.ru/cgit.cgi/pygost.git/}.

@bye