#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-"""GOST 34.12-2015 128-bit block cipher Кузнечик (Kuznechik)
-
-:rfc:`7801`. Pay attention that 34.12-2015 also defines 64-bit block
-cipher Магма (Magma) -- it is **not** implemented here, but in gost28147
-module.
+"""GOST 34.12-2015 64 and 128 bit block ciphers (:rfc:`7801`)
Several precalculations are performed during this module importing.
"""
+from pygost.gost28147 import block2ns as gost28147_block2ns
+from pygost.gost28147 import decrypt as gost28147_decrypt
+from pygost.gost28147 import encrypt as gost28147_encrypt
+from pygost.gost28147 import ns2block as gost28147_ns2block
from pygost.utils import strxor
from pygost.utils import xrange # pylint: disable=redefined-builtin
for i in range(9, 0, -1):
blk = [PIinv[v] for v in Linv(bytearray(strxor(self.ks[i], blk)))]
return bytes(strxor(self.ks[0], blk))
+
+
+class GOST3412Magma(object):
+ """GOST 34.12-2015 64-bit block cipher Магма (Magma)
+ """
+ def __init__(self, key):
+ """
+ :param key: encryption/decryption key
+ :type key: bytes, 32 bytes
+ """
+ # Backward compatibility key preparation for 28147-89 key schedule
+ self.key = b"".join(key[i * 4:i * 4 + 4][::-1] for i in range(8))
+ self.sbox = "Gost28147_tc26_ParamZ"
+
+ def encrypt(self, blk):
+ return gost28147_ns2block(gost28147_encrypt(
+ self.sbox,
+ self.key,
+ gost28147_block2ns(blk[::-1]),
+ ))[::-1]
+
+ def decrypt(self, blk):
+ return gost28147_ns2block(gost28147_decrypt(
+ self.sbox,
+ self.key,
+ gost28147_block2ns(blk[::-1]),
+ ))[::-1]
For decryption you use the same function again.
"""
- if len(iv) != 2 * bs:
+ if len(iv) < 2 * bs or len(iv) % bs != 0:
raise ValueError("Invalid IV size")
- r = [iv[:bs], iv[bs:]]
+ r = [iv[i:i + bs] for i in range(0, len(iv), bs)]
result = []
for i in xrange(0, len(data) + pad_size(len(data), bs), bs):
- r = [r[1], encrypter(r[0])]
+ r = r[1:] + [encrypter(r[0])]
result.append(strxor(r[1], data[i:i + bs]))
return b"".join(result)
"""
if not pt or len(pt) % bs != 0:
raise ValueError("Plaintext is not blocksize aligned")
- if len(iv) != 2 * bs:
+ if len(iv) < 2 * bs or len(iv) % bs != 0:
raise ValueError("Invalid IV size")
- r = [iv[:bs], iv[bs:]]
+ r = [iv[i:i + bs] for i in range(0, len(iv), bs)]
ct = []
for i in xrange(0, len(pt), bs):
ct.append(encrypter(strxor(r[0], pt[i:i + bs])))
- r = [r[1], ct[-1]]
+ r = r[1:] + [ct[-1]]
return b"".join(ct)
"""
if not ct or len(ct) % bs != 0:
raise ValueError("Ciphertext is not blocksize aligned")
- if len(iv) != 2 * bs:
+ if len(iv) < 2 * bs or len(iv) % bs != 0:
raise ValueError("Invalid IV size")
- r = [iv[:bs], iv[bs:]]
+ r = [iv[i:i + bs] for i in range(0, len(iv), bs)]
pt = []
for i in xrange(0, len(ct), bs):
blk = ct[i:i + bs]
pt.append(strxor(r[0], decrypter(blk)))
- r = [r[1], blk]
+ r = r[1:] + [blk]
return b"".join(pt)
:param bytes pt: plaintext
:param bytes iv: double blocksize-sized initialization vector
"""
- if len(iv) != 2 * bs:
+ if len(iv) < 2 * bs or len(iv) % bs != 0:
raise ValueError("Invalid IV size")
- r = [iv[:bs], iv[bs:]]
+ r = [iv[i:i + bs] for i in range(0, len(iv), bs)]
ct = []
for i in xrange(0, len(pt) + pad_size(len(pt), bs), bs):
ct.append(strxor(encrypter(r[0]), pt[i:i + bs]))
- r = [r[1], ct[-1]]
+ r = r[1:] + [ct[-1]]
return b"".join(ct)
:param bytes ct: ciphertext
:param bytes iv: double blocksize-sized initialization vector
"""
- if len(iv) != 2 * bs:
+ if len(iv) < 2 * bs or len(iv) % bs != 0:
raise ValueError("Invalid IV size")
- r = [iv[:bs], iv[bs:]]
+ r = [iv[i:i + bs] for i in range(0, len(iv), bs)]
pt = []
for i in xrange(0, len(ct) + pad_size(len(ct), bs), bs):
blk = ct[i:i + bs]
pt.append(strxor(encrypter(r[0]), blk))
- r = [r[1], blk]
+ r = r[1:] + [blk]
return b"".join(pt)
from unittest import TestCase
from pygost.gost3412 import GOST3412Kuznechik
+from pygost.gost3412 import GOST3412Magma
from pygost.gost3413 import _mac_ks
from pygost.gost3413 import cbc_decrypt
from pygost.gost3413 import cbc_encrypt
data = urandom(randint(0, 16 * 2))
ciph = GOST3412Kuznechik(urandom(32))
mac(ciph.encrypt, 16, data)
+
+
+class GOST3412MagmaModesTest(TestCase):
+ key = hexdec("ffeeddccbbaa99887766554433221100f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff")
+ ciph = GOST3412Magma(key)
+ plaintext = ""
+ plaintext += "92def06b3c130a59"
+ plaintext += "db54c704f8189d20"
+ plaintext += "4a98fb2e67a8024c"
+ plaintext += "8912409b17b57e41"
+ iv = hexdec("1234567890abcdef234567890abcdef134567890abcdef12")
+
+ def test_ecb_vectors(self):
+ ciphtext = ""
+ ciphtext += "2b073f0494f372a0"
+ ciphtext += "de70e715d3556e48"
+ ciphtext += "11d8d9e9eacfbc1e"
+ ciphtext += "7c68260996c67efb"
+ self.assertSequenceEqual(
+ hexenc(ecb_encrypt(self.ciph.encrypt, 8, hexdec(self.plaintext))),
+ ciphtext,
+ )
+ self.assertSequenceEqual(
+ hexenc(ecb_decrypt(self.ciph.decrypt, 8, hexdec(ciphtext))),
+ self.plaintext,
+ )
+
+ def test_ecb_symmetric(self):
+ for _ in range(100):
+ pt = pad2(urandom(randint(0, 16 * 2)), 16)
+ ciph = GOST3412Magma(urandom(32))
+ ct = ecb_encrypt(ciph.encrypt, 8, pt)
+ self.assertSequenceEqual(ecb_decrypt(ciph.decrypt, 8, ct), pt)
+
+ def test_ctr_vectors(self):
+ ciphtext = ""
+ ciphtext += "4e98110c97b7b93c"
+ ciphtext += "3e250d93d6e85d69"
+ ciphtext += "136d868807b2dbef"
+ ciphtext += "568eb680ab52a12d"
+ iv = self.iv[:4]
+ self.assertSequenceEqual(
+ hexenc(ctr(self.ciph.encrypt, 8, hexdec(self.plaintext), iv)),
+ ciphtext,
+ )
+ self.assertSequenceEqual(
+ hexenc(ctr(self.ciph.encrypt, 8, hexdec(ciphtext), iv)),
+ self.plaintext,
+ )
+
+ def test_ctr_symmetric(self):
+ for _ in range(100):
+ pt = urandom(randint(0, 16 * 2))
+ iv = urandom(4)
+ ciph = GOST3412Magma(urandom(32))
+ ct = ctr(ciph.encrypt, 8, pt, iv)
+ self.assertSequenceEqual(ctr(ciph.encrypt, 8, ct, iv), pt)
+
+ def test_ofb_vectors(self):
+ iv = self.iv[:16]
+ ciphtext = ""
+ ciphtext += "db37e0e266903c83"
+ ciphtext += "0d46644c1f9a089c"
+ ciphtext += "a0f83062430e327e"
+ ciphtext += "c824efb8bd4fdb05"
+ self.assertSequenceEqual(
+ hexenc(ofb(self.ciph.encrypt, 8, hexdec(self.plaintext), iv)),
+ ciphtext,
+ )
+ self.assertSequenceEqual(
+ hexenc(ofb(self.ciph.encrypt, 8, hexdec(ciphtext), iv)),
+ self.plaintext,
+ )
+
+ def test_ofb_symmetric(self):
+ for _ in range(100):
+ pt = urandom(randint(0, 16 * 2))
+ iv = urandom(8 * 2)
+ ciph = GOST3412Magma(urandom(32))
+ ct = ofb(ciph.encrypt, 8, pt, iv)
+ self.assertSequenceEqual(ofb(ciph.encrypt, 8, ct, iv), pt)
+
+ def test_cbc_vectors(self):
+ ciphtext = ""
+ ciphtext += "96d1b05eea683919"
+ ciphtext += "aff76129abb937b9"
+ ciphtext += "5058b4a1c4bc0019"
+ ciphtext += "20b78b1a7cd7e667"
+ self.assertSequenceEqual(
+ hexenc(cbc_encrypt(self.ciph.encrypt, 8, hexdec(self.plaintext), self.iv)),
+ ciphtext,
+ )
+ self.assertSequenceEqual(
+ hexenc(cbc_decrypt(self.ciph.decrypt, 8, hexdec(ciphtext), self.iv)),
+ self.plaintext,
+ )
+
+ def test_cbc_symmetric(self):
+ for _ in range(100):
+ pt = pad2(urandom(randint(0, 16 * 2)), 16)
+ iv = urandom(8 * 2)
+ ciph = GOST3412Magma(urandom(32))
+ ct = cbc_encrypt(ciph.encrypt, 8, pt, iv)
+ self.assertSequenceEqual(cbc_decrypt(ciph.decrypt, 8, ct, iv), pt)
+
+ def test_cfb_vectors(self):
+ iv = self.iv[:16]
+ ciphtext = ""
+ ciphtext += "db37e0e266903c83"
+ ciphtext += "0d46644c1f9a089c"
+ ciphtext += "24bdd2035315d38b"
+ ciphtext += "bcc0321421075505"
+ self.assertSequenceEqual(
+ hexenc(cfb_encrypt(self.ciph.encrypt, 8, hexdec(self.plaintext), iv)),
+ ciphtext,
+ )
+ self.assertSequenceEqual(
+ hexenc(cfb_decrypt(self.ciph.encrypt, 8, hexdec(ciphtext), iv)),
+ self.plaintext,
+ )
+
+ def test_cfb_symmetric(self):
+ for _ in range(100):
+ pt = urandom(randint(0, 16 * 2))
+ iv = urandom(8 * 2)
+ ciph = GOST3412Magma(urandom(32))
+ ct = cfb_encrypt(ciph.encrypt, 8, pt, iv)
+ self.assertSequenceEqual(cfb_decrypt(ciph.encrypt, 8, ct, iv), pt)
+
+ def test_mac_vectors(self):
+ k1, k2 = _mac_ks(self.ciph.encrypt, 8)
+ self.assertSequenceEqual(hexenc(k1), "5f459b3342521424")
+ self.assertSequenceEqual(hexenc(k2), "be8b366684a42848")
+ self.assertSequenceEqual(
+ hexenc(mac(self.ciph.encrypt, 8, hexdec(self.plaintext))[:4]),
+ "154e7210",
+ )
+
+ def test_mac_applies(self):
+ for _ in range(100):
+ data = urandom(randint(0, 16 * 2))
+ ciph = GOST3412Magma(urandom(32))
+ mac(ciph.encrypt, 8, data)