# coding: utf-8
# PyGOST -- Pure Python GOST cryptographic functions library
-# Copyright (C) 2015-2016 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2015-2018 Sergey Matveev <stargrave@stargrave.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
from os import urandom
-from pygost.gost3411_94 import GOST341194
from pygost.utils import bytes2long
from pygost.utils import hexdec
from pygost.utils import long2bytes
from pygost.utils import modinvert
-SIZE_3410_2001 = 32
-SIZE_3410_2012 = 64
+MODE2SIZE = {
+ 2001: 32,
+ 2012: 64,
+}
DEFAULT_CURVE = "GostR3410_2001_CryptoPro_A_ParamSet"
"0000000000000000000000000000000000000000000000000000000000000000",
"41ECE55743711A8C3CBF3783CD08C0EE4D4DC440D4641A8F366E550DFDB3BB67",
),
+ # pylint: disable=line-too-long
"GostR3410_2012_TC26_ParamSetA": (
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275",
"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002",
"1A8F7EDA389B094C2C071E3647A8940F3C123B697578C213BE6DD9E6C8EC7335DCB228FD1EDF4A39152CBCAAF8C0398828041055F94CEEEC7E21340780FE41BD"
),
+ # pylint: enable=line-too-long
}
for c, params in CURVE_PARAMS.items():
CURVE_PARAMS[c] = [hexdec(param) for param in params]
>>> p, q, a, b, x, y = CURVE_PARAMS["GostR3410_2001_TestParamSet"]
>>> curve = GOST3410Curve(p, q, a, b, x, y)
- >>> priv = bytes2long(urandom(32))
- >>> signature = sign(curve, priv, GOST341194(data).digest())
- >>> pubX, pubY = public_key(curve, priv)
- >>> verify(curve, pubX, pubY, GOST341194(data).digest(), signature)
+ >>> prv = prv_unmarshal(urandom(32))
+ >>> signature = sign(curve, prv, GOST341194(data).digest())
+ >>> pub = public_key(curve, prv)
+ >>> verify(curve, pub, GOST341194(data).digest(), signature)
True
"""
def __init__(self, p, q, a, b, x, y):
y = y or self.y
tx = x
ty = y
- degree -= 1
if degree == 0:
raise ValueError("Bad degree value")
+ degree -= 1
while degree != 0:
if degree & 1 == 1:
tx, ty = self._add(tx, ty, x, y)
return tx, ty
-def public_key(curve, private_key):
+def public_key(curve, prv):
""" Generate public key from the private one
:param GOST3410Curve curve: curve to use
- :param long private_key: private key
- :return: public key's parts, X and Y
+ :param long prv: private key
+ :returns: public key's parts, X and Y
:rtype: (long, long)
"""
- return curve.exp(private_key)
+ return curve.exp(prv)
-def kek(curve, private_key, ukm, pubkey):
- """ Make Diffie-Hellman computation
-
- :param GOST3410Curve curve: curve to use
- :param long private_key: private key
- :param ukm: UKM value (VKO-factor)
- :type ukm: bytes, 8 bytes
- :param pubkey: public key's part
- :type pubkey: (long, long)
- :return: Key Encryption Key (shared key)
- :rtype: bytes, 32 bytes
-
- Shared Key Encryption Key computation is based on
- :rfc:`4357` VKO GOST 34.10-2001 with little-endian
- hash output.
- """
- key = curve.exp(private_key, pubkey[0], pubkey[1])
- key = curve.exp(bytes2long(24 * b'\x00' + ukm), key[0], key[1])
- return GOST341194(
- (long2bytes(key[1]) + long2bytes(key[0]))[::-1],
- "GostR3411_94_CryptoProParamSet"
- ).digest()[::-1]
-
-
-def sign(curve, private_key, digest, size=SIZE_3410_2001):
+def sign(curve, prv, digest, mode=2001):
""" Calculate signature for provided digest
:param GOST3410Curve curve: curve to use
- :param long private_key: private key
+ :param long prv: private key
:param digest: digest for signing
- :type digest: bytes, 32 bytes
- :param size: signature size
- :type size: 32 (for 34.10-2001) or 64 (for 34.10-2012)
- :return: signature
- :rtype: bytes, 64 bytes
+ :type digest: bytes, 32 or 64 bytes
+ :returns: signature
+ :rtype: bytes, 64 or 128 bytes
"""
- if len(digest) != size:
- raise ValueError("Invalid digest length")
+ size = MODE2SIZE[mode]
q = curve.q
e = bytes2long(digest) % q
if e == 0:
r %= q
if r == 0:
continue
- d = private_key * r
+ d = prv * r
k *= e
s = (d + k) % q
if s == 0:
return long2bytes(s, size) + long2bytes(r, size)
-def verify(curve, pubkeyX, pubkeyY, digest, signature, size=SIZE_3410_2001):
+def verify(curve, pub, digest, signature, mode=2001):
""" Verify provided digest with the signature
:param GOST3410Curve curve: curve to use
- :param long pubkeyX: public key's X
- :param long pubkeyY: public key's Y
+ :type pub: (long, long)
:param digest: digest needed to check
- :type digest: bytes, 32 bytes
+ :type digest: bytes, 32 or 64 bytes
:param signature: signature to verify with
- :type signature: bytes, 64 bytes
- :param size: signature size
- :type size: 32 (for 34.10-2001) or 64 (for 34.10-2012)
+ :type signature: bytes, 64 or 128 bytes
:rtype: bool
"""
- if len(digest) != size:
- raise ValueError("Invalid digest length")
+ size = MODE2SIZE[mode]
if len(signature) != size * 2:
raise ValueError("Invalid signature length")
q = curve.q
z1 = s * v % q
z2 = q - r * v % q
p1x, p1y = curve.exp(z1)
- q1x, q1y = curve.exp(z2, pubkeyX, pubkeyY)
+ q1x, q1y = curve.exp(z2, pub[0], pub[1])
lm = q1x - p1x
if lm < 0:
lm += p
lm %= q
# This is not constant time comparison!
return lm == r
+
+
+def prv_unmarshal(prv):
+ """Unmarshal private key
+
+ :param bytes prv: serialized private key
+ :rtype: long
+ """
+ return bytes2long(prv[::-1])
+
+
+def pub_marshal(pub, mode=2001):
+ """Marshal public key
+
+ :type pub: (long, long)
+ :rtype: bytes
+ """
+ size = MODE2SIZE[mode]
+ return (long2bytes(pub[1], size) + long2bytes(pub[0], size))[::-1]
+
+
+def pub_unmarshal(pub, mode=2001):
+ """Unmarshal public key
+
+ :type pub: bytes
+ :rtype: (long, long)
+ """
+ size = MODE2SIZE[mode]
+ pub = pub[::-1]
+ return (bytes2long(pub[size:]), bytes2long(pub[:size]))