From: Sergey Matveev Date: Sat, 19 Nov 2016 20:01:46 +0000 (+0300) Subject: Separate 34.11-94 PBKDF2 function could be useful X-Git-Tag: 3.0~4 X-Git-Url: http://www.git.cypherpunks.ru/?p=pygost.git;a=commitdiff_plain;h=bb465b9292214f3e7b0e95848f882b6abf4e40e5 Separate 34.11-94 PBKDF2 function could be useful --- diff --git a/NEWS b/NEWS index 8726c5d..e2887cc 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,7 @@ helpers added, removing the need of x509 module at all * gost3410.verify expects (pubX, pubY) tuple, instead of two separate pubX, pubY arguments + * 34.11-94 based PBKDF2 function added 2.4: Fixed 34.13 mypy stub diff --git a/README b/README index 54cc0c9..3e98f11 100644 --- a/README +++ b/README @@ -6,6 +6,7 @@ GOST is GOvernment STandard of Russian Federation (and Soviet Union). CBC (RFC 4357) modes of operation * various 28147-89-related S-boxes included * GOST R 34.11-94 hash function (RFC 5831) +* GOST R 34.11-94 based PBKDF2 function * GOST R 34.11-2012 Стрибог (Streebog) hash function (RFC 6986) * GOST R 34.10-2001 (RFC 5832) public key signature function * GOST R 34.10-2012 (RFC 7091) public key signature function diff --git a/pygost/gost341194.py b/pygost/gost341194.py index adc0925..0a71518 100644 --- a/pygost/gost341194.py +++ b/pygost/gost341194.py @@ -29,8 +29,10 @@ from pygost.gost28147 import encrypt from pygost.gost28147 import ns2block from pygost.gost28147 import validate_sbox from pygost.iface import PEP247 +from pygost.utils import bytes2long from pygost.utils import hexdec from pygost.utils import hexenc +from pygost.utils import long2bytes from pygost.utils import strxor from pygost.utils import xrange @@ -183,3 +185,36 @@ class GOST341194(PEP247): def new(data=b"", sbox=DEFAULT_SBOX): return GOST341194(data, sbox) + + +# This implementation is based on Python 3.5.2 source code's one. +# PyGOST does not register itself in hashlib anyway, so use it instead. +def pbkdf2(password, salt, iterations, dklen): + """PBKDF2 implementation for GOST R 34.11-94 + + Based on http://tc26.ru/methods/containers_v1/Addition_to_PKCS5_v1_0.pdf + """ + inner = GOST341194(sbox="GostR3411_94_CryptoProParamSet") + outer = GOST341194(sbox="GostR3411_94_CryptoProParamSet") + password = password + b"\x00" * (inner.block_size - len(password)) + inner.update(strxor(password, len(password) * b"\x36")) + outer.update(strxor(password, len(password) * b"\x5C")) + + def prf(msg): + icpy = inner.copy() + ocpy = outer.copy() + icpy.update(msg) + ocpy.update(icpy.digest()) + return ocpy.digest() + + dkey = b'' + loop = 1 + while len(dkey) < dklen: + prev = prf(salt + long2bytes(loop, 4)) + rkey = bytes2long(prev) + for _ in xrange(iterations - 1): + prev = prf(prev) + rkey ^= bytes2long(prev) + loop += 1 + dkey += long2bytes(rkey, inner.digest_size) + return dkey[:dklen] diff --git a/pygost/stubs/pygost/gost341194.pyi b/pygost/stubs/pygost/gost341194.pyi index 18e04d4..1432fad 100644 --- a/pygost/stubs/pygost/gost341194.pyi +++ b/pygost/stubs/pygost/gost341194.pyi @@ -14,3 +14,6 @@ class GOST341194: def new(data: bytes=..., sbox: str=...) -> GOST341194: ... + + +def pbkdf2(password: bytes, salt: bytes, iterations: int, dklen: int) -> bytes: ... diff --git a/pygost/test_gost341194.py b/pygost/test_gost341194.py index 4af684b..aa9fc68 100644 --- a/pygost/test_gost341194.py +++ b/pygost/test_gost341194.py @@ -21,11 +21,8 @@ import hmac from pygost import gost341194 from pygost.gost341194 import GOST341194 -from pygost.utils import bytes2long +from pygost.gost341194 import pbkdf2 from pygost.utils import hexenc -from pygost.utils import long2bytes -from pygost.utils import strxor -from pygost.utils import xrange class TestCopy(TestCase): @@ -153,67 +150,37 @@ class TestVectorsCryptoPro(TestCase): ) -# This implementation is based on Python 3.5.2 source code. -# PyGOST does not register itself in hashlib anyway, so use -# pbkdf2_hmac directly. -def pbkdf2_hmac(password, salt, iterations, dklen): - inner = GOST341194(sbox="GostR3411_94_CryptoProParamSet") - outer = GOST341194(sbox="GostR3411_94_CryptoProParamSet") - password = password + b'\x00' * (inner.block_size - len(password)) - inner.update(strxor(password, len(password) * b"\x36")) - outer.update(strxor(password, len(password) * b"\x5C")) - - def prf(msg): - icpy = inner.copy() - ocpy = outer.copy() - icpy.update(msg) - ocpy.update(icpy.digest()) - return ocpy.digest() - - dkey = b'' - loop = 1 - while len(dkey) < dklen: - prev = prf(salt + long2bytes(loop, 4)) - rkey = bytes2long(prev) - for _ in xrange(iterations - 1): - prev = prf(prev) - rkey ^= bytes2long(prev) - loop += 1 - dkey += long2bytes(rkey, inner.digest_size) - return dkey[:dklen] - - class TestPBKDF2(TestCase): """http://tc26.ru/methods/containers_v1/Addition_to_PKCS5_v1_0.pdf test vectors """ def test_1(self): self.assertEqual( - hexenc(pbkdf2_hmac(b"password", b"salt", 1, 32)), + hexenc(pbkdf2(b"password", b"salt", 1, 32)), "7314e7c04fb2e662c543674253f68bd0b73445d07f241bed872882da21662d58", ) def test_2(self): self.assertEqual( - hexenc(pbkdf2_hmac(b"password", b"salt", 2, 32)), + hexenc(pbkdf2(b"password", b"salt", 2, 32)), "990dfa2bd965639ba48b07b792775df79f2db34fef25f274378872fed7ed1bb3", ) def test_3(self): self.assertEqual( - hexenc(pbkdf2_hmac(b"password", b"salt", 4096, 32)), + hexenc(pbkdf2(b"password", b"salt", 4096, 32)), "1f1829a94bdff5be10d0aeb36af498e7a97467f3b31116a5a7c1afff9deadafe", ) @skip("it takes too long") def test_4(self): self.assertEqual( - hexenc(pbkdf2_hmac(b"password", b"salt", 16777216, 32)), + hexenc(pbkdf2(b"password", b"salt", 16777216, 32)), "a57ae5a6088396d120850c5c09de0a525100938a59b1b5c3f7810910d05fcd97", ) def test_5(self): self.assertEqual( - hexenc(pbkdf2_hmac( + hexenc(pbkdf2( b"passwordPASSWORDpassword", b"saltSALTsaltSALTsaltSALTsaltSALTsalt", 4096, @@ -224,7 +191,7 @@ class TestPBKDF2(TestCase): def test_6(self): self.assertEqual( - hexenc(pbkdf2_hmac( + hexenc(pbkdf2( b"pass\x00word", b"sa\x00lt", 4096,