-
Notifications
You must be signed in to change notification settings - Fork 3
/
wrap.go
83 lines (77 loc) · 2.25 KB
/
wrap.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
// GoGOST -- Pure Go GOST cryptographic functions library
// Copyright (C) 2015-2023 Sergey Matveev <stargrave@stargrave.org>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, version 3 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package gost28147
import (
"bytes"
"crypto/subtle"
"encoding/binary"
)
func WrapGost(ukm, kek, cek []byte) []byte {
c := NewCipher(kek, &SboxIdGost2814789CryptoProAParamSet)
mac, err := c.NewMAC(4, ukm)
if err != nil {
panic(err)
}
_, err = mac.Write(cek)
if err != nil {
panic(err)
}
cekMac := mac.Sum(nil)
cekEnc := make([]byte, 32)
c.NewECBEncrypter().CryptBlocks(cekEnc, cek)
return bytes.Join([][]byte{ukm, cekEnc, cekMac}, nil)
}
func UnwrapGost(kek, data []byte) []byte {
ukm, data := data[:8], data[8:]
cekEnc, cekMac := data[:KeySize], data[KeySize:]
c := NewCipher(kek, &SboxIdGost2814789CryptoProAParamSet)
cek := make([]byte, 32)
c.NewECBDecrypter().CryptBlocks(cek, cekEnc)
mac, err := c.NewMAC(4, ukm)
if err != nil {
panic(err)
}
_, err = mac.Write(cek)
if err != nil {
panic(err)
}
if subtle.ConstantTimeCompare(mac.Sum(nil), cekMac) != 1 {
return nil
}
return cek
}
func DiversifyCryptoPro(kek, ukm []byte) []byte {
out := kek
for i := 0; i < 8; i++ {
var s1, s2 uint64
for j := 0; j < 8; j++ {
k := binary.LittleEndian.Uint32(out[j*4 : j*4+4])
if (ukm[i]>>j)&1 > 0 {
s1 += uint64(k)
} else {
s2 += uint64(k)
}
}
iv := make([]byte, 8)
binary.LittleEndian.PutUint32(iv[:4], uint32(s1%(1<<32)))
binary.LittleEndian.PutUint32(iv[4:], uint32(s2%(1<<32)))
c := NewCipher(out, &SboxIdGost2814789CryptoProAParamSet)
c.NewCFBEncrypter(iv).XORKeyStream(out, out)
}
return out
}
func UnwrapCryptoPro(kek, data []byte) []byte {
return UnwrapGost(DiversifyCryptoPro(kek, data[:8]), data)
}