# coding: utf-8
# PyGOST -- Pure Python GOST cryptographic functions library
-# Copyright (C) 2015-2016 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
from functools import partial
-from pygost.gost3413 import pad1
from pygost.gost3413 import pad2
+from pygost.gost3413 import pad_size
+from pygost.gost3413 import unpad2
from pygost.utils import hexdec
from pygost.utils import strxor
-from pygost.utils import xrange
+from pygost.utils import xrange # pylint: disable=redefined-builtin
KEYSIZE = 32
(13, 14, 4, 1, 7, 0, 5, 10, 3, 12, 8, 15, 6, 2, 9, 11),
(1, 3, 10, 9, 5, 11, 4, 15, 8, 6, 7, 14, 13, 0, 2, 12),
),
- "AppliedCryptography": (
- (4, 10, 9, 2, 13, 8, 0, 14, 6, 11, 1, 12, 7, 15, 5, 3),
- (14, 11, 4, 12, 6, 13, 15, 10, 2, 3, 8, 1, 0, 7, 5, 9),
- (5, 8, 1, 13, 10, 3, 4, 2, 14, 15, 12, 7, 6, 0, 9, 11),
- (7, 13, 10, 1, 0, 8, 9, 15, 14, 4, 6, 12, 11, 2, 5, 3),
- (6, 12, 7, 1, 5, 15, 13, 8, 4, 10, 9, 14, 0, 3, 11, 2),
- (4, 11, 10, 0, 7, 2, 1, 13, 3, 6, 8, 5, 9, 12, 15, 14),
- (13, 11, 4, 1, 3, 15, 5, 9, 0, 10, 14, 7, 6, 8, 2, 12),
- (1, 15, 13, 0, 5, 7, 10, 4, 9, 2, 3, 14, 6, 11, 8, 12),
- ),
"Gost28147_tc26_ParamZ": (
(12, 4, 6, 2, 10, 5, 11, 9, 14, 8, 13, 7, 0, 3, 15, 1),
(6, 8, 2, 3, 9, 10, 5, 12, 1, 14, 4, 7, 11, 13, 0, 15),
(7, 14, 12, 13, 9, 4, 8, 15, 10, 2, 6, 0, 3, 11, 5, 1),
),
}
+SBOXES["AppliedCryptography"] = SBOXES["GostR3411_94_TestParamSet"]
def _K(s, _in):
:param s: S-box
:param _in: 32-bit word
- :return: substituted 32-bit word
+ :returns: substituted 32-bit word
"""
return (
(s[0][(_in >> 0) & 0x0F] << 0) +
:param bytes key: 256-bit encryption key
:param ns: N1 and N2 integers
:type ns: (int, int)
- :return: resulting N1 and N2
+ :returns: resulting N1 and N2
:rtype: (int, int)
"""
s = SBOXES[sbox]
:param bytes key: encryption key
:param data: plaintext
:type data: bytes, multiple of BLOCKSIZE
- :param func action: encrypt/decrypt
+ :param func action: "encrypt"/"decrypt"
:param sbox: S-box parameters to use
:type sbox: str, SBOXES'es key
- :return: ciphertext
+ :returns: ciphertext
:rtype: bytes
"""
validate_key(key)
ecb_decrypt = partial(ecb, action=decrypt)
-def cbc_encrypt(key, data, iv=8 * b"\x00", pad=True, sbox=DEFAULT_SBOX):
+def cbc_encrypt(key, data, iv=8 * b"\x00", pad=True, sbox=DEFAULT_SBOX, mesh=False):
""" CBC encryption mode of operation
:param bytes key: encryption key
:type bool pad: perform ISO/IEC 7816-4 padding
:param sbox: S-box parameters to use
:type sbox: str, SBOXES'es key
- :return: ciphertext
+ :param bool mesh: enable key meshing
+ :returns: ciphertext
:rtype: bytes
34.13-2015 padding method 2 is used.
raise ValueError("Data is not blocksize aligned")
ciphertext = [iv]
for i in xrange(0, len(data), BLOCKSIZE):
+ if mesh and i >= MESH_MAX_DATA and i % MESH_MAX_DATA == 0:
+ key, _ = meshing(key, iv, sbox=sbox)
ciphertext.append(ns2block(encrypt(sbox, key, block2ns(
strxor(ciphertext[-1], data[i:i + BLOCKSIZE])
))))
return b"".join(ciphertext)
-def cbc_decrypt(key, data, pad=True, sbox=DEFAULT_SBOX):
+def cbc_decrypt(key, data, pad=True, sbox=DEFAULT_SBOX, mesh=False):
""" CBC decryption mode of operation
:param bytes key: encryption key
:param bytes data: ciphertext
- :param iv: initialization vector
- :type iv: bytes, BLOCKSIZE length
:type bool pad: perform ISO/IEC 7816-4 unpadding after decryption
:param sbox: S-box parameters to use
:type sbox: str, SBOXES'es key
- :return: plaintext
+ :param bool mesh: enable key meshing
+ :returns: plaintext
:rtype: bytes
"""
validate_key(key)
raise ValueError("Data is not blocksize aligned")
if len(data) < 2 * BLOCKSIZE:
raise ValueError("There is no either data, or IV in ciphertext")
+ iv = data[:BLOCKSIZE]
plaintext = []
for i in xrange(BLOCKSIZE, len(data), BLOCKSIZE):
+ if (
+ mesh and
+ (i - BLOCKSIZE) >= MESH_MAX_DATA and
+ (i - BLOCKSIZE) % MESH_MAX_DATA == 0
+ ):
+ key, _ = meshing(key, iv, sbox=sbox)
plaintext.append(strxor(
ns2block(decrypt(sbox, key, block2ns(data[i:i + BLOCKSIZE]))),
data[i - BLOCKSIZE:i],
))
if pad:
- last_block = bytearray(plaintext[-1])
- pad_index = last_block.rfind(b"\x80")
- if pad_index == -1:
- raise ValueError("Invalid padding")
- for c in last_block[pad_index + 1:]:
- if c != 0:
- raise ValueError("Invalid padding")
- plaintext[-1] = bytes(last_block[:pad_index])
+ plaintext[-1] = unpad2(plaintext[-1], BLOCKSIZE)
return b"".join(plaintext)
:type iv: bytes, BLOCKSIZE length
:param sbox: S-box parameters to use
:type sbox: str, SBOXES'es key
- :return: ciphertext
+ :returns: ciphertext
:rtype: bytes
For decryption you use the same function again.
if not data:
raise ValueError("No data supplied")
n2, n1 = encrypt(sbox, key, block2ns(iv))
- size = len(data)
- data = pad1(data, BLOCKSIZE)
gamma = []
- for _ in xrange(0, len(data), BLOCKSIZE):
+ for _ in xrange(0, len(data) + pad_size(len(data), BLOCKSIZE), BLOCKSIZE):
n1 = addmod(n1, C2, 2 ** 32)
n2 = addmod(n2, C1, 2 ** 32 - 1)
gamma.append(ns2block(encrypt(sbox, key, (n1, n2))))
- return strxor(b"".join(gamma), data[:size])
+ return strxor(b"".join(gamma), data)
MESH_CONST = hexdec("6900722264C904238D3ADB9646E92AC418FEAC9400ED0712C086DCC2EF4CA92B")
:param sbox: S-box parameters to use
:type sbox: str, SBOXES'es key
:param bool mesh: enable key meshing
- :return: ciphertext
+ :returns: ciphertext
:rtype: bytes
"""
validate_key(key)
validate_sbox(sbox)
if not data:
raise ValueError("No data supplied")
- size = len(data)
- data = pad1(data, BLOCKSIZE)
ciphertext = [iv]
- for i in xrange(0, len(data), BLOCKSIZE):
+ for i in xrange(0, len(data) + pad_size(len(data), BLOCKSIZE), BLOCKSIZE):
if mesh and i >= MESH_MAX_DATA and i % MESH_MAX_DATA == 0:
key, iv = meshing(key, ciphertext[-1], sbox=sbox)
ciphertext.append(strxor(
data[i:i + BLOCKSIZE],
ns2block(encrypt(sbox, key, block2ns(ciphertext[-1]))),
))
- return b"".join(ciphertext[1:])[:size]
+ return b"".join(ciphertext[1:])
def cfb_decrypt(key, data, iv=8 * b"\x00", sbox=DEFAULT_SBOX, mesh=False):
:param sbox: S-box parameters to use
:type sbox: str, SBOXES'es key
:param bool mesh: enable key meshing
- :return: ciphertext
+ :returns: ciphertext
:rtype: bytes
"""
validate_key(key)
validate_sbox(sbox)
if not data:
raise ValueError("No data supplied")
- size = len(data)
- data = pad1(data, BLOCKSIZE)
plaintext = []
data = iv + data
- for i in xrange(BLOCKSIZE, len(data), BLOCKSIZE):
+ for i in xrange(BLOCKSIZE, len(data) + pad_size(len(data), BLOCKSIZE), BLOCKSIZE):
if (
mesh and
(i - BLOCKSIZE) >= MESH_MAX_DATA and
data[i:i + BLOCKSIZE],
ns2block(encrypt(sbox, key, block2ns(data[i - BLOCKSIZE:i]))),
))
- return b"".join(plaintext)[:size]
+ return b"".join(plaintext)