Fix wrap_cryptopro's sbox handling

diff --git a/news.texi b/news.texi
index 6ad35a0ab3b95cf193894f8dd7bdedfba5fb3142..96db53f11f537d2e922b66a408a2a9f270265ba8 100644 (file)
--- a/news.texi
+++ b/news.texi
@@ -3,6 +3,10 @@
 
 @table @strong
 
+@anchor{Release 5.9}
+@item 5.9
+Fixed @code{wrap.wrap_cryptopro}, that ignored Sbox for key diversification.
+
 @anchor{Release 5.8}
 @item 5.8
 Added human-readable name of the curve in @code{GOST3410Curve.name}.

diff --git a/pygost/__init__.py b/pygost/__init__.py
index 497345c3ee28758121943e5066a60554008d24bd..7800ed42a565f97a80b1a7af83038733485b62cf 100644 (file)
--- a/pygost/__init__.py
+++ b/pygost/__init__.py
@@ -3,4 +3,4 @@
 PyGOST is free software: see the file COPYING for copying conditions.
 """
 
-__version__ = "5.8"
+__version__ = "5.9"

diff --git a/pygost/test_wrap.py b/pygost/test_wrap.py
index b9d376d5c5fe93822dc21a726b56a4b2b1f3fe2a..3a0d9758af3bd81b04045b9805ecbc71ee0a0f7c 100644 (file)
--- a/pygost/test_wrap.py
+++ b/pygost/test_wrap.py
@@ -17,6 +17,7 @@
 from os import urandom
 from unittest import TestCase
 
+from pygost.gost28147 import DEFAULT_SBOX
 from pygost.gost3412 import GOST3412Kuznechik
 from pygost.gost3412 import GOST3412Magma
 from pygost.utils import hexdec
@@ -30,13 +31,14 @@ from pygost.wrap import wrap_gost
 
 class WrapGostTest(TestCase):
     def test_symmetric(self):
-        for _ in range(1 << 8):
-            kek = urandom(32)
-            cek = urandom(32)
-            ukm = urandom(8)
-            wrapped = wrap_gost(ukm, kek, cek)
-            unwrapped = unwrap_gost(kek, wrapped)
-            self.assertSequenceEqual(unwrapped, cek)
+        for sbox in (DEFAULT_SBOX, "id-tc26-gost-28147-param-Z"):
+            for _ in range(1 << 8):
+                kek = urandom(32)
+                cek = urandom(32)
+                ukm = urandom(8)
+                wrapped = wrap_gost(ukm, kek, cek, sbox=sbox)
+                unwrapped = unwrap_gost(kek, wrapped, sbox=sbox)
+                self.assertSequenceEqual(unwrapped, cek)
 
     def test_invalid_length(self):
         with self.assertRaises(ValueError):
@@ -47,13 +49,14 @@ class WrapGostTest(TestCase):
 
 class WrapCryptoproTest(TestCase):
     def test_symmetric(self):
-        for _ in range(1 << 8):
-            kek = urandom(32)
-            cek = urandom(32)
-            ukm = urandom(8)
-            wrapped = wrap_cryptopro(ukm, kek, cek)
-            unwrapped = unwrap_cryptopro(kek, wrapped)
-            self.assertSequenceEqual(unwrapped, cek)
+        for sbox in (DEFAULT_SBOX, "id-tc26-gost-28147-param-Z"):
+            for _ in range(1 << 8):
+                kek = urandom(32)
+                cek = urandom(32)
+                ukm = urandom(8)
+                wrapped = wrap_cryptopro(ukm, kek, cek, sbox=sbox)
+                unwrapped = unwrap_cryptopro(kek, wrapped, sbox=sbox)
+                self.assertSequenceEqual(unwrapped, cek)
 
 
 class TestVectorKExp15(TestCase):

diff --git a/pygost/wrap.py b/pygost/wrap.py
index 9deeff591f49647cc11afb19c5d8af548d5d54e0..eb3855fb8ce3d7f25c18f01ae53c61df610f1783 100644 (file)
--- a/pygost/wrap.py
+++ b/pygost/wrap.py
@@ -79,7 +79,12 @@ def wrap_cryptopro(ukm, kek, cek, sbox=DEFAULT_SBOX):
     :returns: wrapped key
     :rtype: bytes, 44 bytes
     """
-    return wrap_gost(ukm, diversify(kek, bytearray(ukm)), cek, sbox=sbox)
+    return wrap_gost(
+        ukm,
+        diversify(kek, bytearray(ukm), sbox=sbox),
+        cek,
+        sbox=sbox,
+    )
 
 
 def unwrap_cryptopro(kek, data, sbox=DEFAULT_SBOX):