gogost/NEWS at main · MIRChain/gogost · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
News
****

*5.9.0*
     "gost3410" is more thread-safe.

*5.8.0*
     Faster Kuznechik and ~3x faster Kuznechik-MGM.

*5.7.0*
     Go 1.17 requires "gost3410.PublicKey" to have "Equal" method.

*5.6.0*
        • Add "gost3410.CurveIdtc26gost341012512paramSetTest" curve
        • More curve aliases:
          CurveIdGostR34102001CryptoProAParamSet -> CurveIdtc26gost341012256paramSetB
          CurveIdGostR34102001CryptoProBParamSet -> CurveIdtc26gost341012256paramSetC
          CurveIdGostR34102001CryptoProCParamSet -> CurveIdtc26gost341012256paramSetD
          CurveIdGostR34102001CryptoProXchAParamSet -> CurveIdGostR34102001CryptoProAParamSet
          CurveIdGostR34102001CryptoProXchBParamSet -> CurveIdGostR34102001CryptoProCParamSet
          CurveIdtc26gost34102012256paramSetA -> CurveIdtc26gost341012256paramSetA
          CurveIdtc26gost34102012256paramSetB -> CurveIdtc26gost341012256paramSetB
          CurveIdtc26gost34102012256paramSetC -> CurveIdtc26gost341012256paramSetC
          CurveIdtc26gost34102012256paramSetD -> CurveIdtc26gost341012256paramSetD
          CurveIdtc26gost34102012512paramSetTest -> CurveIdtc26gost341012512paramSetTest
          CurveIdtc26gost34102012512paramSetA -> CurveIdtc26gost341012512paramSetA
          CurveIdtc26gost34102012512paramSetB -> CurveIdtc26gost341012512paramSetB
          CurveIdtc26gost34102012512paramSetC -> CurveIdtc26gost341012512paramSetC

*5.5.0*
     "gost3410.PrivateKey" is in "gost3410.Curve.Q" now.  That makes
     them more friendly with some implementations.

*5.4.0*
     Even slightly less allocations in Streebog.

*5.3.0*
     ~16x speedup of Streebog, ~15x speedup of Kuznechik.

*5.2.0*
     MGM does not panic when short (tagless) message is verified.

*5.1.1*
     Tarball uses vendoring, instead of "GOPATH" overriding.  As minimal
     Go version is 1.12 for a long time, it supports modules.

*5.1.0*
     "gost3410/KEK*" functions do not alter "ukm" argument.  It is safe
     to reuse now.

*5.0.0*
     Backward incompatible remove of excess misleading "gost3410.Mode"
     from all related functions.  Point/key sizes are determined by
     looking at curve’s parameters size.

*4.3.0*
     *Fixed* nasty bug with Edwards curves using in 34.10-VKO functions:
     curve’s cofactor has not been used.

*4.2.4*
     "gost3410.PrivateKeyReverseDigest" reversed digests and
     "PrivateKeyReverseDigestAndSignature" with also reversed signatures
     signers appeared for convenience.

*4.2.3*
     Panic on all possible hash "Write" errors.

*4.2.2*
     More 34.10-2012 test vectors.

*4.2.1*
     Dummy release.  More nicer tarballs.

*4.2.0*
        • "PRF_IPSEC_PRFPLUS_GOSTR3411_2012_{256,512}" implementation
        • Generic "prf+" function (taken from IKEv2 (RFC 7296
          (https://tools.ietf.org/html/rfc5831.html)))

*4.1.0*
        • "ESPTREE"/"IKETREE" implementation
        • "CurveIdtc26gost34102012256paramSetB",
          "CurveIdtc26gost34102012256paramSetC",
          "CurveIdtc26gost34102012256paramSetD" curve aliases
        • Forbid any later GNU GPL version autousage (project’s licence
          now is GNU GPLv3 only)
        • Project now is "go get"-able and uses "go.cypherpunks.ru"
          namespace: "go get go.cypherpunks.ru/gogost", "go get
          go.cypherpunks.ru/gogost/cmd/streebog{256,512}"

*4.0*
        • Backward incompatible change: all keys passing to encryption
          functions are slices now, not the fixed arrays.  That heavily
          simplifies the library usage
        • Fix bug with overwriting IVs memory in "gost28147.CFB*crypter"
        • "TLSTREE", used in TLS 1.[23], implementation
        • "gost3410.KEK2012*" can be used with any curves, not only
          512-bit ones
        • "gost3410.PrivateKey" satisfies "crypto.Signer" interface
        • "gost34112012*" hashes satisfy "encoding.Binary(Un)Marshaler"
        • Streebog256 HKDF test vectors

*3.0*
        • Multilinear Galois Mode (MGM) block cipher mode for 64 and 128
          bit ciphers
        • "KDF_GOSTR3411_2012_256" KDF
        • 34.12-2015 64-bit block cipher Магма (Magma)
        • Additional EAC 28147-89 Sbox
        • 34.10-2012 TC26 twisted Edwards curve related parameters
        • Coordinates conversion from twisted Edwards to Weierstrass
          form and vice versa
        • Fixed "gost3410.PrivateKey"’s length validation
        • Backward incompatible change: "gost3410.NewCurve" takes
          "big.Int", instead of encoded integers
        • Backward incompatible Sbox and curves parameters renaming, to
          comply with OIDs identifying them:
          Gost2814789_TestParamSet       -> SboxIdGost2814789TestParamSet
          Gost28147_CryptoProParamSetA   -> SboxIdGost2814789CryptoProAParamSet
          Gost28147_CryptoProParamSetB   -> SboxIdGost2814789CryptoProBParamSet
          Gost28147_CryptoProParamSetC   -> SboxIdGost2814789CryptoProCParamSet
          Gost28147_CryptoProParamSetD   -> SboxIdGost2814789CryptoProDParamSet
          GostR3411_94_TestParamSet      -> SboxIdGostR341194TestParamSet
          Gost28147_tc26_ParamZ          -> SboxIdtc26gost28147paramZ
          GostR3411_94_CryptoProParamSet -> SboxIdGostR341194CryptoProParamSet
          EACParamSet                    -> SboxEACParamSet

          CurveParamsGostR34102001cc            -> CurveGostR34102001ParamSetcc
          CurveParamsGostR34102001Test          -> CurveIdGostR34102001TestParamSet
          CurveParamsGostR34102001CryptoProA    -> CurveIdGostR34102001CryptoProAParamSet
          CurveParamsGostR34102001CryptoProB    -> CurveIdGostR34102001CryptoProBParamSet
          CurveParamsGostR34102001CryptoProC    -> CurveIdGostR34102001CryptoProCParamSet
          CurveParamsGostR34102001CryptoProXchA -> CurveIdGostR34102001CryptoProXchAParamSet
          CurveParamsGostR34102001CryptoProXchB -> CurveIdGostR34102001CryptoProXchBParamSet
          CurveParamsGostR34102012TC26ParamSetA -> CurveIdtc26gost341012512paramSetA
          CurveParamsGostR34102012TC26ParamSetB -> CurveIdtc26gost341012512paramSetB
        • Various additional test vectors
        • go modules friendliness

*2.0*
        • 34.11-2012 is split on two different modules:
          "gost34112012256" and "gost34112012512"
        • 34.11-94’s digest is reversed.  Now it is compatible with
          TC26’s HMAC and PBKDF2 test vectors
        • "gogost-streebog" is split to "streebog256" and "streebog512"
          correspondingly by analogy with sha* utilities
        • added VKO 34.10-2012 support with corresponding test vectors
        • "gost3410.DigestSizeX" is renamed to "gost3410.ModeX" because
          it is not related to digest size, but parameters and key sizes
        • KEK functions take "big.Int" UKM value.  Use "NewUKM" to
          unmarshal raw binary UKM

*1.1*
        • gogost-streebog is able to use either 256 or 512 bits digest
          size
        • 34.13-2015 padding methods
        • 28147-89 CBC mode of operation