(ECB, CTR, OFB, CBC, CFB, MAC)
* MGM AEAD mode for 64 and 128 bit ciphers (Р 1323565.1.026–2019)
* CTR-ACPKM, OMAC-ACPKM-Master modes of operation (Р 1323565.1.017-2018)
+* KExp15/KImp15 key export/import functions (Р 1323565.1.017-2018)
* PEP247-compatible hash/MAC functions
Known problems: low performance and non time-constant calculations.
@itemize
@item CTR-ACPKM mode of operation
@item OMAC-ACPKM-Master moder of operation
+ @item KExp15/KImp15 key export/import functions
@end itemize
@anchor{Release 4.8}
+from typing import Callable
+
+
def wrap_gost(ukm: bytes, kek: bytes, cek: bytes, sbox: str = ...) -> bytes: ...
def unwrap_cryptopro(kek: bytes, data: bytes, sbox: str = ...) -> bytes: ...
+
+
+def kexp15(
+ encrypter_key: Callable[[bytes], bytes],
+ encrypter_mac: Callable[[bytes], bytes],
+ bs: int,
+ key: bytes,
+ iv: bytes,
+) -> bytes: ...
+
+
+def kimp15(
+ encrypter_key: Callable[[bytes], bytes],
+ encrypter_mac: Callable[[bytes], bytes],
+ bs: int,
+ kexp: bytes,
+ iv: bytes,
+) -> bytes: ...
from os import urandom
from unittest import TestCase
+from pygost.gost3412 import GOST3412Kuznechik
+from pygost.gost3412 import GOST3412Magma
+from pygost.utils import hexdec
+from pygost.wrap import kexp15
+from pygost.wrap import kimp15
from pygost.wrap import unwrap_cryptopro
from pygost.wrap import unwrap_gost
from pygost.wrap import wrap_cryptopro
wrapped = wrap_cryptopro(ukm, kek, cek)
unwrapped = unwrap_cryptopro(kek, wrapped)
self.assertSequenceEqual(unwrapped, cek)
+
+
+class TestVectorKExp15(TestCase):
+ """Test vectors from Р 1323565.1.017-2018
+ """
+ key = hexdec("8899AABBCCDDEEFF0011223344556677FEDCBA98765432100123456789ABCDEF")
+ key_enc = hexdec("202122232425262728292A2B2C2D2E2F38393A3B3C3D3E3F3031323334353637")
+ key_mac = hexdec("08090A0B0C0D0E0F0001020304050607101112131415161718191A1B1C1D1E1F")
+
+ def test_magma(self):
+ iv = hexdec("67BED654")
+ kexp = kexp15(
+ GOST3412Magma(self.key_enc).encrypt,
+ GOST3412Magma(self.key_mac).encrypt,
+ GOST3412Magma.blocksize,
+ self.key,
+ iv,
+ )
+ self.assertSequenceEqual(kexp, hexdec("""
+CF D5 A1 2D 5B 81 B6 E1 E9 9C 91 6D 07 90 0C 6A
+C1 27 03 FB 3A BD ED 55 56 7B F3 74 2C 89 9C 75
+5D AF E7 B4 2E 3A 8B D9
+ """.replace("\n", "").replace(" ", "")))
+ self.assertSequenceEqual(kimp15(
+ GOST3412Magma(self.key_enc).encrypt,
+ GOST3412Magma(self.key_mac).encrypt,
+ GOST3412Magma.blocksize,
+ kexp,
+ iv,
+ ), self.key)
+
+ def test_kuznechik(self):
+ iv = hexdec("0909472DD9F26BE8")
+ kexp = kexp15(
+ GOST3412Kuznechik(self.key_enc).encrypt,
+ GOST3412Kuznechik(self.key_mac).encrypt,
+ GOST3412Kuznechik.blocksize,
+ self.key,
+ iv,
+ )
+ self.assertSequenceEqual(kexp, hexdec("""
+E3 61 84 E8 4E 8D 73 6F F3 6C C2 E5 AE 06 5D C6
+56 B2 3C 20 F5 49 B0 2F DF F8 8E 1F 3F 30 D8 C2
+9A 53 F3 CA 55 4D BA D8 0D E1 52 B9 A4 62 5B 32
+ """.replace("\n", "").replace(" ", "")))
+ self.assertSequenceEqual(kimp15(
+ GOST3412Kuznechik(self.key_enc).encrypt,
+ GOST3412Kuznechik(self.key_mac).encrypt,
+ GOST3412Kuznechik.blocksize,
+ kexp,
+ iv,
+ ), self.key)
:rfc:`4357` key wrapping (28147-89 and CryptoPro).
"""
+from hmac import compare_digest
from struct import pack
from struct import unpack
from pygost.gost28147 import ecb_decrypt
from pygost.gost28147 import ecb_encrypt
from pygost.gost28147_mac import MAC
+from pygost.gost3413 import ctr
+from pygost.gost3413 import mac
def wrap_gost(ukm, kek, cek, sbox=DEFAULT_SBOX):
iv = pack("<I", s1 % 2 ** 32) + pack("<I", s2 % 2 ** 32)
out = cfb_encrypt(out, out, iv=iv, sbox=sbox)
return out
+
+
+def kexp15(encrypter_key, encrypter_mac, bs, key, iv):
+ """KExp15 key exporting
+
+ :param encrypter_key: encrypting function for key encryption,
+ that takes block as an input
+ :param encrypter_mac: encrypting function for key authentication
+ :param int bs: cipher's blocksize, bytes
+ :param bytes key: key to export
+ :param bytes iv: half blocksize-sized initialization vector
+ """
+ key_mac = mac(encrypter_mac, bs, iv + key)
+ return ctr(encrypter_key, bs, key + key_mac, iv)
+
+
+def kimp15(encrypter_key, encrypter_mac, bs, kexp, iv):
+ """KImp15 key importing
+
+ :param encrypter_key: encrypting function for key decryption,
+ that takes block as an input
+ :param encrypter_mac: encrypting function for key authentication
+ :param int bs: cipher's blocksize, bytes
+ :param bytes kexp: key to import
+ :param bytes iv: half blocksize-sized initialization vector
+ """
+ key_and_key_mac = ctr(encrypter_key, bs, kexp, iv)
+ key, key_mac = key_and_key_mac[:-bs], key_and_key_mac[-bs:]
+ if not compare_digest(mac(encrypter_mac, bs, iv + key), key_mac):
+ raise ValueError("invalid authentication tag")
+ return key
(ECB, CTR, OFB, CBC, CFB, MAC)
@item MGM AEAD mode for 64 and 128 bit ciphers (Р 1323565.1.026–2019)
@item CTR-ACPKM, OMAC-ACPKM-Master modes of operation (Р 1323565.1.017-2018)
+@item KExp15/KImp15 key export/import functions (Р 1323565.1.017-2018)
@item PEP247-compatible hash/MAC functions
@end itemize