Documentation ¶
Overview ¶
/\_/\ ( 0.0 ) = ^ = /|_|\ (") (")=~
~= GOSTHopper =~
Implementation of block cipher Kuznyechik, GOST R 34.12-2015 ¶
Author: Alexander Venedioukhin, dxdt.ru Date: 17/02/2019 Free software, distribution unlimited.
Supplementary files:
docipher.go docipher_amd64.go docipher_amd64.s
Kuznyechik is 128-bit block cipher with keys of 256 bits, standardized in 2015 as GOST R 34.12-2015 (Russian Federation National Standard).
This is example implementation in Go using assembly for x64/amd64 platform. It runs very fast on this platform.
For other platforms - there is universal implementation in more or less pure Go included. It means, that on platforms different from x64/amd64 compiled code will be orders of magnitude slower (100 times or so).
See gosthopper_amd64.s for assembly.
This version implements standard interface for crypto/cipher package. Particularly - with GCM module.
General usage: c, err := NewCipher(key) - creates and initializes new instance with key given. Returns cipher.Block with Kuznyechik; c.Encrypt(dst,src), c.Decrypt(dst,src) - block encryption and decryption methods;
gosthopper.DoEncrypt(block, round_keys) - cipher encrypt procedure, low level; gosthopper.DoDecrypt(block, round_keys) - cipher decrypt procedure, low level.
There are simple counter mode functions:
gosthopper.CMEncrypt(nonce_iv, key, plain_text); gosthopper.CMDecrypt(nonce_iv, key, cipher_text);
nonce_iv is a counter initial state, it will be incremented for each block. The same value must be set for successful decryption. In counter mode nonce_iv must be never reused with the same key for encryption.
To use in GCM mode of operation: --- import "crypto/cipher"
kCipher, err := NewCipher(key) kuznyechikGCM, err := cipher.NewGCM(kCipher) [...] kuznyechikGCM.Seal(...), kuznyechikGCM.Open(...) ---
Other functions: gosthopper.InitCipher() - initializes (computes values) in-memory lookup tables needed for encryption/decryption;
More usage examples: --- gosthopper.InitCipher() RoundKeys = gosthopper.StretchKey(MainKey) CipherText = gosthopper.DoEncrypt(PlainText, RoundKeys) DecRoundKeys = gosthopper.GetDecryptRoundKeys(RoundKeys) PlainText = gosthopper.DoDecrypt(CipherText, DecryptRoundKeys)) ---
Kuznyechik or Kuznechik (Grasshopper in Russian) cipher is based on substitution-permutation network and use Feistel cipher to derive round keys. This implementation uses a precomputed lookup tables of transformations and cipher assembly implementation (amd64) to speed up encryption and decryption process.
Reference: C implementation - https://github.com/mjosaarinen/kuznechik/ SAGE implementation - https://github.com/okazymyrov/kuznechik/ Cipher informational RFC 7801 - https://tools.ietf.org/html/rfc7801
Modified Copyright (c) 2020 BI.ZONE LLC.
Index ¶
- Constants
- Variables
- func CMDecrypt(iv uint64, key [32]uint8, cText []uint8) []uint8
- func CMEncrypt(iv uint64, key [32]uint8, plainText []uint8) []uint8
- func Decrypt(key [32]uint8, block [16]uint8) [16]uint8
- func DoDecrypt(block [16]uint8, rkeys [10][16]uint8) [16]uint8
- func DoEncrypt(block [16]uint8, rkeys [10][16]uint8) [16]uint8
- func DoEncryptCounter(nonce [16]uint8, block [16]uint8, rkeys [10][16]uint8) [16]uint8
- func Encrypt(key [32]uint8, block [16]uint8) [16]uint8
- func GF2Mul(x, y uint8) uint8
- func GetDecryptRoundKeys(rkeys [10][16]uint8) [10][16]uint8
- func InitCipher()
- func L(block [16]uint8) [16]uint8
- func LInv(block [16]uint8) [16]uint8
- func NewCipher(key []byte) (cipher.Block, error)
- func StretchKey(key [32]uint8) [10][16]uint8
- type GOSTHopper
- type KeySizeError
Constants ¶
const BlockSize = 16
128-bit block cipher. Defined as a constant here, but most of code below use hardcoded plain 16.
Variables ¶
var CipherInitialized = false
Flag to indicate that cipher lookup tables are ready.
var LInvLookup [16][256][16]uint8
Lookup table for precomputed inverse of L-function.
var LSEncLookup [16][256][16]uint8
Lookup table for precomputed encryption transformations (LS).
var LVector = [16]uint8{0x94, 0x20, 0x85, 0x10, 0xC2, 0xC0, 0x01, 0xFB,
0x01, 0xC0, 0xC2, 0x10, 0x85, 0x20, 0x94, 0x01}
L-function (transformation) vector.
var PiInverseTable = [256]uint8{}/* 256 elements not displayed */
Inverse Pi(S) substitution lookup table.
var PiTable = [256]uint8{}/* 256 elements not displayed */
Pi(S) substitution lookup table.
var SLDecLookup [16][256][16]uint8
Lookup table for precomputed decryption transformations (SL).
Functions ¶
func DoEncryptCounter ¶
func GetDecryptRoundKeys ¶
func InitCipher ¶
func InitCipher()
func StretchKey ¶
Types ¶
type GOSTHopper ¶
type GOSTHopper struct {
// contains filtered or unexported fields
}
func (*GOSTHopper) BlockSize ¶
func (c *GOSTHopper) BlockSize() int
func (*GOSTHopper) Decrypt ¶
func (c *GOSTHopper) Decrypt(dst, src []byte)
func (*GOSTHopper) Encrypt ¶
func (c *GOSTHopper) Encrypt(dst, src []byte)
type KeySizeError ¶
type KeySizeError int
Standard error-info construction (from crypto/aes)
func (KeySizeError) Error ¶
func (k KeySizeError) Error() string