UPD: Upstream project merge

README → README.md

@@ -1,6 +1,7 @@
-Pure Go GOST cryptographic functions library.
+##Pure Go GOST cryptographic functions library.
 
-GOST is GOvernment STandard of Russian Federation (and Soviet Union).
+###Fork of original gogost project https://git.cypherpunks.ru/cgit.cgi/gogost.git
+####GOST is GOvernment STandard of Russian Federation (and Soviet Union).
 
 * GOST 28147-89 (RFC 5830) block cipher with ECB, CNT (CTR), CFB, MAC
   CBC (RFC 4357) modes of operation
@@ -18,28 +19,53 @@ GOST is GOvernment STandard of Russian Federation (and Soviet Union).
 * GOST R 34.12-2015 128-bit block cipher Кузнечик (Kuznechik) (RFC 7801)
 * GOST R 34.12-2015 64-bit block cipher Магма (Magma)
 * GOST R 34.13-2015 padding methods
-* MGM AEAD mode for 64 and 128 bit ciphers
+* MGM AEAD mode for 64 and 128 bit ciphers (Р 1323565.1.026–2019)
 * TLSTREE keyscheduling function
 * ESPTREE/IKETREE (IKE* is the same as ESP*) keyscheduling function
 * PRF_IPSEC_PRFPLUS_GOSTR3411_2012_{256,512} and generic prf+ functions
   (Р 50.1.111-2016 with IKEv2 RFC 7296)
 
 Probably you could be interested in
-Go's support of GOST TLS 1.3 (http://gostls13.cypherpunks.ru/).
+Go's support of GOST TLS 1.3 (http://www.gostls13.cypherpunks.ru/).
 
-Known problems:
+####Known problems:
 
 * intermediate calculation values are not zeroed
 * 34.10 is not time constant and slow
 
+#####Example 34.10-2012-256 keypair generation, signing and verifying:
+
+    import (
+        "crypto/rand"
+        "io"
+        "github.com/ftomza/gogost/gost3410"
+        "github.com/ftomza/gogost/gost34112012256"
+    )
+    func main() {
+        data := []byte("data to be signed")
+        hasher := gost34112012256.New()
+        _, err := hasher.Write(data)
+        dgst := hasher.Sum(nil)
+        curve := gost3410.CurveIdtc26gost34102012256paramSetB()
+        prvRaw := make([]byte, int(32))
+        _, err = io.ReadFull(rand.Reader, prvRaw)
+        prv, err := gost3410.NewPrivateKey(curve, prvRaw)
+        pub, err := prv.PublicKey()
+        pubRaw := pub.Raw()
+        sign, err := prv.Sign(rand.Reader, dgst, nil)
+        pub, err = gost3410.NewPublicKey(curve, pubRaw)
+        isValid, err := pub.VerifyDigest(dgst, sign)
+        if !isValid { panic("signature is invalid") }
+    }
+
 GoGOST is free software: see the file COPYING for copying conditions.
 
-GoGOST'es home page is: http://gogost.cypherpunks.ru/
-You can read about GOST algorithms more: http://gost.cypherpunks.ru/
+GoGOST'es home page is: http://www.gogost.cypherpunks.ru/
+You can read about GOST algorithms more: http://www.gost.cypherpunks.ru/
 
 Please send questions, bug reports and patches to
 https://lists.cypherpunks.ru/mailman/listinfo/gost
 mailing list. Announcements also go to this mailing list.
 
 Development Git source code repository currently is located here:
-https://git.cypherpunks.ru/cgit.cgi/gogost.git/
+http://git.cypherpunks.ru/cgit.cgi/gogost.git/

clean.do

@@ -1 +1 @@
-rm -f module-name streebog256 streebog512
+rm -f module-name streebog256 streebog512 VERSION

default.do

@@ -1,3 +1,2 @@
 redo-ifchange module-name
-MOD=`cat module-name`
-go build -o $3 -ldflags "-X ${MOD}.Version=`cat VERSION`" ${MOD}/cmd/$1
+go build -o $3 `cat module-name`/cmd/$1

download.texi

@@ -1,6 +1,31 @@
 @multitable {XXXXX} {XXXX-XX-XX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
 @headitem Version @tab Date @tab Size @tab Tarball @tab SHA256 checksum @tab Streebog-256 checksum
 
+@item 5.0.2 @tab 2020-09-05 @tab 62 KiB
+@tab @url{gogost-5.0.2.tar.xz, link} @url{gogost-5.0.2.tar.xz.sig, sign}
+@tab @code{2A62D4B8 B45CBD6D EFF8DD2A 973F16B3 463F8365 467408A0 2DD538F9 0EFD0B69}
+@tab @code{0dd8ed5b0cfae0b8ad30658dab3e12188c005a590db0a698731fb85dcec679c4}
+
+@item 5.0.1 @tab 2020-09-05 @tab 62 KiB
+@tab @url{gogost-5.0.1.tar.xz, link} @url{gogost-5.0.1.tar.xz.sig, sign}
+@tab @code{4DAEA73C 44527737 054C659A 9B619A21 643EA3AA 66F6E092 4AC8777A 5D897C6A}
+@tab @code{0bde87f569e0dbad29856610dcbd2ffbcaca4f4899046cb138d92b059856b4b2}
+
+@item @ref{Release 5.0.0, 5.0.0} @tab 2020-09-04 @tab 62 KiB
+@tab @url{gogost-5.0.0.tar.xz, link} @url{gogost-5.0.0.tar.xz.sig, sign}
+@tab @code{222CB86E 559E9CCF E80FFFB1 B3A7908B A978FE84 9E12B7F9 DA571512 6A24BCA7}
+@tab @code{2a0fc616372fe905e8677e1e82d8bd82f852e6393c03cbfb34f69f855bcbfc85}
+
+@item 4.3.1 @tab 2020-09-01 @tab 63 KiB
+@tab @url{gogost-4.3.1.tar.xz, link} @url{gogost-4.3.1.tar.xz.sig, sign}
+@tab @code{FEB48FAA 49F43FB4 6FF4812C ECB9BD8B 077EA3A1 693088CA 1C2F29E8 F2AFE500}
+@tab @code{785b17e7f84f3b472d5bdcb710e124908da656bdec2df7f6bcf0a1b4042403ce}
+
+@item @ref{Release 4.3.0, 4.3.0} @tab 2020-08-02 @tab 58 KiB
+@tab @url{gogost-4.3.0.tar.xz, link} @url{gogost-4.3.0.tar.xz.sig, sign}
+@tab @code{B5550996 57149869 46F01316 937CA4E2 C0786F90 F0281E59 FD3E4D0B 633785EC}
+@tab @code{e5a187c1e9753b747918a13008f128efa0b9fbc8f2b26ef8af1315a53ac8b8ba}
+
 @item @ref{Release 4.2.4, 4.2.4} @tab 2020-06-24 @tab 58 KiB
 @tab @url{gogost-4.2.4.tar.xz, link} @url{gogost-4.2.4.tar.xz.sig, sign}
 @tab @code{AB7716CB B1E67C5F 5F38B4F9 EEE2733E 931A0498 084AF7BC E816F961 16EB26AE}

go.mod

@@ -2,4 +2,4 @@ module github.com/ftomza/gogost
 
 go 1.12
 
-require golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9
+require golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a

gogost.go

@@ -1,6 +1,4 @@
 // Pure Go GOST cryptographic functions library.
 package gogost
 
-var (
-	Version string = "UNKNOWN"
-)
+const Version = "5.0.2"

gost3410/2001_test.go

@@ -59,7 +59,7 @@ func TestRFCVectors(t *testing.T) {
 	}
 
 	c := CurveIdGostR34102001TestParamSet()
-	prv, err := NewPrivateKey(c, Mode2001, priv)
+	prv, err := NewPrivateKey(c, priv)
 	if err != nil {
 		t.FailNow()
 	}
@@ -90,11 +90,7 @@ func TestRFCVectors(t *testing.T) {
 func TestRandom2001(t *testing.T) {
 	c := CurveIdGostR34102001TestParamSet()
 	f := func(data [31]byte, digest [32]byte) bool {
-		prv, err := NewPrivateKey(
-			c,
-			Mode2001,
-			append([]byte{0xde}, data[:]...),
-		)
+		prv, err := NewPrivateKey(c, append([]byte{0xde}, data[:]...))
 		if err != nil {
 			return false
 		}
@@ -103,7 +99,7 @@ func TestRandom2001(t *testing.T) {
 			return false
 		}
 		pubRaw := pub.Raw()
-		pub, err = NewPublicKey(c, Mode2001, pubRaw)
+		pub, err = NewPublicKey(c, pubRaw)
 		if err != nil {
 			return false
 		}
@@ -124,7 +120,7 @@ func TestRandom2001(t *testing.T) {
 
 func BenchmarkSign2001(b *testing.B) {
 	c := CurveIdGostR34102001TestParamSet()
-	prv, err := GenPrivateKey(c, Mode2001, rand.Reader)
+	prv, err := GenPrivateKey(c, rand.Reader)
 	if err != nil {
 		b.FailNow()
 	}
@@ -138,7 +134,7 @@ func BenchmarkSign2001(b *testing.B) {
 
 func BenchmarkVerify2001(b *testing.B) {
 	c := CurveIdGostR34102001TestParamSet()
-	prv, err := GenPrivateKey(c, Mode2001, rand.Reader)
+	prv, err := GenPrivateKey(c, rand.Reader)
 	if err != nil {
 		b.FailNow()
 	}
@@ -160,9 +156,9 @@ func BenchmarkVerify2001(b *testing.B) {
 
 func TestPrvEqualsTo1(t *testing.T) {
 	c := CurveIdGostR34102001TestParamSet()
-	prvRaw := make([]byte, int(Mode2001))
+	prvRaw := make([]byte, 32)
 	prvRaw[len(prvRaw)-1] = 1
-	prv, err := NewPrivateKey(c, Mode2001, prvRaw)
+	prv, err := NewPrivateKey(c, prvRaw)
 	if err != nil {
 		t.FailNow()
 	}

gost3410/2012_test.go

@@ -57,7 +57,7 @@ func TestStdVector1(t *testing.T) {
 		0x92, 0x80, 0x14, 0xF6, 0xC5, 0xBF, 0x9C, 0x40,
 	}
 	reverse(prvRaw)
-	prv, err := NewPrivateKey(CurveIdGostR34102001TestParamSet(), Mode2001, prvRaw)
+	prv, err := NewPrivateKey(CurveIdGostR34102001TestParamSet(), prvRaw)
 	if err != nil {
 		t.FailNow()
 	}
@@ -126,6 +126,7 @@ func TestStdVector2(t *testing.T) {
 		}),
 		nil,
 		nil,
+		nil,
 	)
 	if err != nil {
 		t.FailNow()
@@ -181,7 +182,7 @@ func TestStdVector2(t *testing.T) {
 		0x2A, 0x98, 0x53, 0xBD, 0xE7, 0x3E, 0x5B, 0x4A,
 	}
 	reverse(prvRaw)
-	prv, err := NewPrivateKey(c, Mode2012, prvRaw)
+	prv, err := NewPrivateKey(c, prvRaw)
 	if err != nil {
 		t.FailNow()
 	}
@@ -322,11 +323,12 @@ func TestGCL3Vectors(t *testing.T) {
 		bytes2big(y),
 		nil,
 		nil,
+		nil,
 	)
 	if err != nil {
 		t.FailNow()
 	}
-	prv, err := NewPrivateKey(c, Mode2012, priv)
+	prv, err := NewPrivateKey(c, priv)
 	if err != nil {
 		t.FailNow()
 	}
@@ -357,11 +359,7 @@ func TestGCL3Vectors(t *testing.T) {
 func TestRandom2012(t *testing.T) {
 	c := CurveIdtc26gost341012512paramSetA()
 	f := func(prvRaw [64 - 1]byte, digest [64]byte) bool {
-		prv, err := NewPrivateKey(
-			c,
-			Mode2012,
-			append([]byte{0xde}, prvRaw[:]...),
-		)
+		prv, err := NewPrivateKey(c, append([]byte{0xde}, prvRaw[:]...))
 		if err != nil {
 			return false
 		}
@@ -370,7 +368,7 @@ func TestRandom2012(t *testing.T) {
 			return false
 		}
 		pubRaw := pub.Raw()
-		pub, err = NewPublicKey(c, Mode2012, pubRaw)
+		pub, err = NewPublicKey(c, pubRaw)
 		if err != nil {
 			return false
 		}
@@ -580,7 +578,7 @@ func TestUVXYConversion(t *testing.T) {
 
 func BenchmarkSign2012(b *testing.B) {
 	c := CurveIdtc26gost341012512paramSetA()
-	prv, err := GenPrivateKey(c, Mode2012, rand.Reader)
+	prv, err := GenPrivateKey(c, rand.Reader)
 	if err != nil {
 		b.FailNow()
 	}
@@ -594,7 +592,7 @@ func BenchmarkSign2012(b *testing.B) {
 
 func BenchmarkVerify2012(b *testing.B) {
 	c := CurveIdtc26gost341012512paramSetA()
-	prv, err := GenPrivateKey(c, Mode2012, rand.Reader)
+	prv, err := GenPrivateKey(c, rand.Reader)
 	if err != nil {
 		b.FailNow()
 	}

gost3410/curve.go

@@ -25,6 +25,7 @@ var (
 	bigInt1 *big.Int = big.NewInt(1)
 	bigInt2 *big.Int = big.NewInt(2)
 	bigInt3 *big.Int = big.NewInt(3)
+	bigInt4 *big.Int = big.NewInt(4)
 )
 
 type Curve struct {
@@ -33,6 +34,8 @@ type Curve struct {
 	P *big.Int // Characteristic of the underlying prime field
 	Q *big.Int // Elliptic curve subgroup order
 
+	Co *big.Int // Cofactor
+
 	// Equation coefficients of the elliptic curve in canonical form
 	A *big.Int
 	B *big.Int
@@ -55,7 +58,7 @@ type Curve struct {
 	edT *big.Int
 }
 
-func NewCurve(p, q, a, b, x, y, e, d *big.Int) (*Curve, error) {
+func NewCurve(p, q, a, b, x, y, e, d, co *big.Int) (*Curve, error) {
 	c := Curve{
 		Name: "unknown",
 		P:    p,
@@ -85,9 +88,18 @@ func NewCurve(p, q, a, b, x, y, e, d *big.Int) (*Curve, error) {
 		c.E = e
 		c.D = d
 	}
+	if co == nil {
+		c.Co = bigInt1
+	} else {
+		c.Co = co
+	}
 	return &c, nil
 }
 
+func (c *Curve) PointSize() int {
+	return PointSize(c.P)
+}
+
 func (c *Curve) pos(v *big.Int) {
 	if v.Cmp(zero) < 0 {
 		v.Add(v, c.P)

gost3410/params.go

@@ -15,12 +15,7 @@
 
 package gost3410
 
-type Mode int
-
 var (
-	Mode2001 Mode = Mode(32)
-	Mode2012 Mode = Mode(64)
-
 	CurveGostR34102001ParamSetcc func() *Curve = func() *Curve {
 		curve, err := NewCurve(
 			bytes2big([]byte{
@@ -61,6 +56,7 @@ var (
 			}),
 			nil,
 			nil,
+			nil,
 		)
 		if err != nil {
 			panic(err)
@@ -109,6 +105,7 @@ var (
 			}),
 			nil,
 			nil,
+			nil,
 		)
 		if err != nil {
 			panic(err)
@@ -157,6 +154,7 @@ var (
 			}),
 			nil,
 			nil,
+			nil,
 		)
 		if err != nil {
 			panic(err)
@@ -205,6 +203,7 @@ var (
 			}),
 			nil,
 			nil,
+			nil,
 		)
 		if err != nil {
 			panic(err)
@@ -253,6 +252,7 @@ var (
 			}),
 			nil,
 			nil,
+			nil,
 		)
 		if err != nil {
 			panic(err)
@@ -318,6 +318,7 @@ var (
 				0x2B, 0x9D, 0xF6, 0x28, 0x97, 0x00, 0x9A, 0xF7,
 				0xE5, 0x22, 0xC3, 0x2D, 0x6D, 0xC7, 0xBF, 0xFB,
 			}),
+			bigInt4,
 		)
 		if err != nil {
 			panic(err)
@@ -408,6 +409,7 @@ var (
 			}),
 			nil,
 			nil,
+			nil,
 		)
 		if err != nil {
 			panic(err)
@@ -480,6 +482,7 @@ var (
 			}),
 			nil,
 			nil,
+			nil,
 		)
 		if err != nil {
 			panic(err)
@@ -561,6 +564,7 @@ var (
 				0x91, 0xA0, 0xCF, 0xC2, 0xBC, 0x2A, 0x22, 0xB4,
 				0xCA, 0x30, 0x2D, 0xBB, 0x33, 0xEE, 0x75, 0x50,
 			}),
+			bigInt4,
 		)
 		if err != nil {
 			panic(err)