@li0ard/gost 0.0.1 → 0.1.2

package/hmac.js

@@ -0,0 +1,22 @@
+import { createHasher } from "@noble/hashes/utils.js";
+import { _HMAC } from "@noble/hashes/hmac.js";
+import { streebog256, streebog512 } from "./streebog/index.js";
+import { Gost341194 } from "./gost341194/index.js";
+export class Streebog256HMAC extends _HMAC {
+    constructor(key) {
+        super(streebog256, key);
+    }
+}
+export class Streebog512HMAC extends _HMAC {
+    constructor(key) {
+        super(streebog512, key);
+    }
+}
+export class Gost341194HMAC extends _HMAC {
+    constructor(key) {
+        super(createHasher(Gost341194.create), key);
+    }
+}
+export const streebog256hmac = (key, message) => new Streebog256HMAC(key).update(message).digest();
+export const streebog512hmac = (key, message) => new Streebog512HMAC(key).update(message).digest();
+export const gost341194hmac = (key, message) => new Gost341194HMAC(key).update(message).digest();

package/index.d.ts

@@ -0,0 +1,9 @@
+export * from "./gost3410/index.js";
+export * from "./gost341194/index.js";
+export * from "./kuznyechik/index.js";
+export * from "./magma/index.js";
+export * from "./modes/index.js";
+export * from "./streebog/index.js";
+export * from "./hmac.js";
+export * from "./kdf.js";
+export * from "./types.js";

package/index.js

@@ -0,0 +1,9 @@
+export * from "./gost3410/index.js";
+export * from "./gost341194/index.js";
+export * from "./kuznyechik/index.js";
+export * from "./magma/index.js";
+export * from "./modes/index.js";
+export * from "./streebog/index.js";
+export * from "./hmac.js";
+export * from "./kdf.js";
+export * from "./types.js";

package/kdf.d.ts

@@ -0,0 +1,7 @@
+import { type TArg, type TRet } from "@noble/hashes/utils.js";
+export declare const kdf_gostr3411_2012_256: (key: TArg<Uint8Array>, label: TArg<Uint8Array>, seed: TArg<Uint8Array>) => TRet<Uint8Array>;
+export declare const kdf_tree_gostr3411_2012_256: (key: TArg<Uint8Array>, label: TArg<Uint8Array>, seed: TArg<Uint8Array>, keys: number, i_len?: number) => TRet<Uint8Array>[];
+export declare const streebog256pbkdf2: (password: TArg<Uint8Array>, salt: TArg<Uint8Array>, iter: number, dkLen: number) => TRet<Uint8Array>;
+export declare const streebog512pbkdf2: (password: TArg<Uint8Array>, salt: TArg<Uint8Array>, iter: number, dkLen: number) => TRet<Uint8Array>;
+export declare const gost341194pbkdf2: (password: TArg<Uint8Array>, salt: TArg<Uint8Array>, iter: number, dkLen: number) => TRet<Uint8Array>;
+export declare const cpkdf: (password: TArg<Uint8Array>, salt: TArg<Uint8Array>) => TRet<Uint8Array>;

package/kdf.js

@@ -0,0 +1,59 @@
+import { concatBytes, createHasher } from "@noble/hashes/utils.js";
+import { streebog256hmac } from "./hmac.js";
+import { numberToBytesBE } from "@noble/curves/utils.js";
+import { pbkdf2 } from "@noble/hashes/pbkdf2.js";
+import { Streebog256, streebog256, streebog512 } from "./streebog/index.js";
+import { Gost341194 } from "./gost341194/index.js";
+import { pad1, xorBytes } from "./utils.js";
+const _0 = new Uint8Array([0]);
+const _1 = new Uint8Array([1]);
+const _0100 = new Uint8Array([1, 0]);
+const CPKDF_CONST = new Uint8Array(64);
+CPKDF_CONST.set(new TextEncoder().encode("DENEFH028.760246785.IUEFHWUIO.EF"));
+const _36 = new Uint8Array(64).fill(0x36);
+const _5C = new Uint8Array(64).fill(0x5C);
+export const kdf_gostr3411_2012_256 = (key, label, seed) => streebog256hmac(key, concatBytes(_1, label, _0, seed, _0100));
+export const kdf_tree_gostr3411_2012_256 = (key, label, seed, keys, i_len = 1) => {
+    const keymat = [];
+    const length = numberToBytesBE(keys * 32 * 8, 2);
+    for (let i = 0; i < keys; i++)
+        keymat.push(streebog256hmac(key, concatBytes(numberToBytesBE(i + 1, i_len), label, _0, seed, length)));
+    return keymat;
+};
+export const streebog256pbkdf2 = (password, salt, iter, dkLen) => pbkdf2(streebog256, password, salt, { dkLen, c: iter });
+export const streebog512pbkdf2 = (password, salt, iter, dkLen) => pbkdf2(streebog512, password, salt, { dkLen, c: iter });
+export const gost341194pbkdf2 = (password, salt, iter, dkLen) => pbkdf2(createHasher(Gost341194.create), password, salt, { dkLen, c: iter });
+export const cpkdf = (password, salt) => {
+    const hasher = Streebog256.create();
+    const bs = 64;
+    if (password.length * 4 > 1024)
+        throw new Error("Password cannot be longer than 256 symbols");
+    const pin = new Uint8Array(password.length * 4);
+    for (let i = 0; i < password.length; i++)
+        pin[i * 4] = password[i];
+    hasher.update(salt);
+    if (password.length != 0)
+        hasher.update(pin);
+    const hash = hasher.digest();
+    const c = new Uint8Array(CPKDF_CONST);
+    const m0 = new Uint8Array(bs);
+    const m1 = new Uint8Array(bs);
+    for (let j = 0; j < (password.length != 0 ? 2000 : 2); j++) {
+        m0.set(xorBytes(c, _36));
+        m1.set(xorBytes(c, _5C));
+        hasher.update(m0);
+        hasher.update(hash);
+        hasher.update(m1);
+        hasher.update(hash);
+        c.set(pad1(hasher.digest(), bs));
+    }
+    m0.set(xorBytes(c, _36));
+    m1.set(xorBytes(c, _5C));
+    hasher.update(m0.subarray(0, 32));
+    hasher.update(salt);
+    hasher.update(m1.subarray(0, 32));
+    if (password.length != 0)
+        hasher.update(pin);
+    hasher.update(hasher.digest());
+    return hasher.digest();
+};

package/kuznyechik/const.d.ts

@@ -0,0 +1,4 @@
+export declare const PI: Uint8Array;
+export declare const PI_REV: Uint8Array;
+export declare const L: Uint8Array;
+export declare const ITER: Uint8Array<ArrayBuffer>[];

package/kuznyechik/const.js

@@ -0,0 +1,78 @@
+export const PI = new Uint8Array([
+    0xfc, 0xee, 0xdd, 0x11, 0xcf, 0x6e, 0x31, 0x16, 0xfb, 0xc4, 0xfa, 0xda, 0x23, 0xc5, 0x04, 0x4d,
+    0xe9, 0x77, 0xf0, 0xdb, 0x93, 0x2e, 0x99, 0xba, 0x17, 0x36, 0xf1, 0xbb, 0x14, 0xcd, 0x5f, 0xc1,
+    0xf9, 0x18, 0x65, 0x5a, 0xe2, 0x5c, 0xef, 0x21, 0x81, 0x1c, 0x3c, 0x42, 0x8b, 0x01, 0x8e, 0x4f,
+    0x05, 0x84, 0x02, 0xae, 0xe3, 0x6a, 0x8f, 0xa0, 0x06, 0x0b, 0xed, 0x98, 0x7f, 0xd4, 0xd3, 0x1f,
+    0xeb, 0x34, 0x2c, 0x51, 0xea, 0xc8, 0x48, 0xab, 0xf2, 0x2a, 0x68, 0xa2, 0xfd, 0x3a, 0xce, 0xcc,
+    0xb5, 0x70, 0x0e, 0x56, 0x08, 0x0c, 0x76, 0x12, 0xbf, 0x72, 0x13, 0x47, 0x9c, 0xb7, 0x5d, 0x87,
+    0x15, 0xa1, 0x96, 0x29, 0x10, 0x7b, 0x9a, 0xc7, 0xf3, 0x91, 0x78, 0x6f, 0x9d, 0x9e, 0xb2, 0xb1,
+    0x32, 0x75, 0x19, 0x3d, 0xff, 0x35, 0x8a, 0x7e, 0x6d, 0x54, 0xc6, 0x80, 0xc3, 0xbd, 0x0d, 0x57,
+    0xdf, 0xf5, 0x24, 0xa9, 0x3e, 0xa8, 0x43, 0xc9, 0xd7, 0x79, 0xd6, 0xf6, 0x7c, 0x22, 0xb9, 0x03,
+    0xe0, 0x0f, 0xec, 0xde, 0x7a, 0x94, 0xb0, 0xbc, 0xdc, 0xe8, 0x28, 0x50, 0x4e, 0x33, 0x0a, 0x4a,
+    0xa7, 0x97, 0x60, 0x73, 0x1e, 0x00, 0x62, 0x44, 0x1a, 0xb8, 0x38, 0x82, 0x64, 0x9f, 0x26, 0x41,
+    0xad, 0x45, 0x46, 0x92, 0x27, 0x5e, 0x55, 0x2f, 0x8c, 0xa3, 0xa5, 0x7d, 0x69, 0xd5, 0x95, 0x3b,
+    0x07, 0x58, 0xb3, 0x40, 0x86, 0xac, 0x1d, 0xf7, 0x30, 0x37, 0x6b, 0xe4, 0x88, 0xd9, 0xe7, 0x89,
+    0xe1, 0x1b, 0x83, 0x49, 0x4c, 0x3f, 0xf8, 0xfe, 0x8d, 0x53, 0xaa, 0x90, 0xca, 0xd8, 0x85, 0x61,
+    0x20, 0x71, 0x67, 0xa4, 0x2d, 0x2b, 0x09, 0x5b, 0xcb, 0x9b, 0x25, 0xd0, 0xbe, 0xe5, 0x6c, 0x52,
+    0x59, 0xa6, 0x74, 0xd2, 0xe6, 0xf4, 0xb4, 0xc0, 0xd1, 0x66, 0xaf, 0xc2, 0x39, 0x4b, 0x63, 0xb6,
+]);
+export const PI_REV = new Uint8Array([
+    0xa5, 0x2d, 0x32, 0x8f, 0x0e, 0x30, 0x38, 0xc0, 0x54, 0xe6, 0x9e, 0x39, 0x55, 0x7e, 0x52, 0x91,
+    0x64, 0x03, 0x57, 0x5a, 0x1c, 0x60, 0x07, 0x18, 0x21, 0x72, 0xa8, 0xd1, 0x29, 0xc6, 0xa4, 0x3f,
+    0xe0, 0x27, 0x8d, 0x0c, 0x82, 0xea, 0xae, 0xb4, 0x9a, 0x63, 0x49, 0xe5, 0x42, 0xe4, 0x15, 0xb7,
+    0xc8, 0x06, 0x70, 0x9d, 0x41, 0x75, 0x19, 0xc9, 0xaa, 0xfc, 0x4d, 0xbf, 0x2a, 0x73, 0x84, 0xd5,
+    0xc3, 0xaf, 0x2b, 0x86, 0xa7, 0xb1, 0xb2, 0x5b, 0x46, 0xd3, 0x9f, 0xfd, 0xd4, 0x0f, 0x9c, 0x2f,
+    0x9b, 0x43, 0xef, 0xd9, 0x79, 0xb6, 0x53, 0x7f, 0xc1, 0xf0, 0x23, 0xe7, 0x25, 0x5e, 0xb5, 0x1e,
+    0xa2, 0xdf, 0xa6, 0xfe, 0xac, 0x22, 0xf9, 0xe2, 0x4a, 0xbc, 0x35, 0xca, 0xee, 0x78, 0x05, 0x6b,
+    0x51, 0xe1, 0x59, 0xa3, 0xf2, 0x71, 0x56, 0x11, 0x6a, 0x89, 0x94, 0x65, 0x8c, 0xbb, 0x77, 0x3c,
+    0x7b, 0x28, 0xab, 0xd2, 0x31, 0xde, 0xc4, 0x5f, 0xcc, 0xcf, 0x76, 0x2c, 0xb8, 0xd8, 0x2e, 0x36,
+    0xdb, 0x69, 0xb3, 0x14, 0x95, 0xbe, 0x62, 0xa1, 0x3b, 0x16, 0x66, 0xe9, 0x5c, 0x6c, 0x6d, 0xad,
+    0x37, 0x61, 0x4b, 0xb9, 0xe3, 0xba, 0xf1, 0xa0, 0x85, 0x83, 0xda, 0x47, 0xc5, 0xb0, 0x33, 0xfa,
+    0x96, 0x6f, 0x6e, 0xc2, 0xf6, 0x50, 0xff, 0x5d, 0xa9, 0x8e, 0x17, 0x1b, 0x97, 0x7d, 0xec, 0x58,
+    0xf7, 0x1f, 0xfb, 0x7c, 0x09, 0x0d, 0x7a, 0x67, 0x45, 0x87, 0xdc, 0xe8, 0x4f, 0x1d, 0x4e, 0x04,
+    0xeb, 0xf8, 0xf3, 0x3e, 0x3d, 0xbd, 0x8a, 0x88, 0xdd, 0xcd, 0x0b, 0x13, 0x98, 0x02, 0x93, 0x80,
+    0x90, 0xd0, 0x24, 0x34, 0xcb, 0xed, 0xf4, 0xce, 0x99, 0x10, 0x44, 0x40, 0x92, 0x3a, 0x01, 0x26,
+    0x12, 0x1a, 0x48, 0x68, 0xf5, 0x81, 0x8b, 0xc7, 0xd6, 0x20, 0x0a, 0x08, 0x00, 0x4c, 0xd7, 0x74,
+]);
+export const L = new Uint8Array([
+    0x01, 0x94, 0x20, 0x85, 0x10, 0xc2, 0xc0, 0x01, 0xfb, 0x01, 0xc0, 0xc2, 0x10, 0x85, 0x20, 0x94,
+]);
+/*const ITER: Uint8Array[] = Array(32).fill(null).map(() => new Uint8Array(16).fill(0));
+for(let i = 0; i < 32; i++) {
+    ITER[i][15] = i + 1;
+    ITER[i] = LL(ITER[i]);
+}*/
+export const ITER = [
+    new Uint8Array([0x6E, 0xA2, 0x76, 0x72, 0x6C, 0x48, 0x7A, 0xB8, 0x5D, 0x27, 0xBD, 0x10, 0xDD, 0x84, 0x94, 0x01]),
+    new Uint8Array([0xDC, 0x87, 0xEC, 0xE4, 0xD8, 0x90, 0xF4, 0xB3, 0xBA, 0x4E, 0xB9, 0x20, 0x79, 0xCB, 0xEB, 0x02]),
+    new Uint8Array([0xB2, 0x25, 0x9A, 0x96, 0xB4, 0xD8, 0x8E, 0x0B, 0xE7, 0x69, 0x04, 0x30, 0xA4, 0x4F, 0x7F, 0x03]),
+    new Uint8Array([0x7B, 0xCD, 0x1B, 0x0B, 0x73, 0xE3, 0x2B, 0xA5, 0xB7, 0x9C, 0xB1, 0x40, 0xF2, 0x55, 0x15, 0x04]),
+    new Uint8Array([0x15, 0x6F, 0x6D, 0x79, 0x1F, 0xAB, 0x51, 0x1D, 0xEA, 0xBB, 0x0C, 0x50, 0x2F, 0xD1, 0x81, 0x05]),
+    new Uint8Array([0xA7, 0x4A, 0xF7, 0xEF, 0xAB, 0x73, 0xDF, 0x16, 0x0D, 0xD2, 0x08, 0x60, 0x8B, 0x9E, 0xFE, 0x06]),
+    new Uint8Array([0xC9, 0xE8, 0x81, 0x9D, 0xC7, 0x3B, 0xA5, 0xAE, 0x50, 0xF5, 0xB5, 0x70, 0x56, 0x1A, 0x6A, 0x07]),
+    new Uint8Array([0xF6, 0x59, 0x36, 0x16, 0xE6, 0x05, 0x56, 0x89, 0xAD, 0xFB, 0xA1, 0x80, 0x27, 0xAA, 0x2A, 0x08]),
+    new Uint8Array([0x98, 0xFB, 0x40, 0x64, 0x8A, 0x4D, 0x2C, 0x31, 0xF0, 0xDC, 0x1C, 0x90, 0xFA, 0x2E, 0xBE, 0x09]),
+    new Uint8Array([0x2A, 0xDE, 0xDA, 0xF2, 0x3E, 0x95, 0xA2, 0x3A, 0x17, 0xB5, 0x18, 0xA0, 0x5E, 0x61, 0xC1, 0x0A]),
+    new Uint8Array([0x44, 0x7C, 0xAC, 0x80, 0x52, 0xDD, 0xD8, 0x82, 0x4A, 0x92, 0xA5, 0xB0, 0x83, 0xE5, 0x55, 0x0B]),
+    new Uint8Array([0x8D, 0x94, 0x2D, 0x1D, 0x95, 0xE6, 0x7D, 0x2C, 0x1A, 0x67, 0x10, 0xC0, 0xD5, 0xFF, 0x3F, 0x0C]),
+    new Uint8Array([0xE3, 0x36, 0x5B, 0x6F, 0xF9, 0xAE, 0x07, 0x94, 0x47, 0x40, 0xAD, 0xD0, 0x08, 0x7B, 0xAB, 0x0D]),
+    new Uint8Array([0x51, 0x13, 0xC1, 0xF9, 0x4D, 0x76, 0x89, 0x9F, 0xA0, 0x29, 0xA9, 0xE0, 0xAC, 0x34, 0xD4, 0x0E]),
+    new Uint8Array([0x3F, 0xB1, 0xB7, 0x8B, 0x21, 0x3E, 0xF3, 0x27, 0xFD, 0x0E, 0x14, 0xF0, 0x71, 0xB0, 0x40, 0x0F]),
+    new Uint8Array([0x2F, 0xB2, 0x6C, 0x2C, 0x0F, 0x0A, 0xAC, 0xD1, 0x99, 0x35, 0x81, 0xC3, 0x4E, 0x97, 0x54, 0x10]),
+    new Uint8Array([0x41, 0x10, 0x1A, 0x5E, 0x63, 0x42, 0xD6, 0x69, 0xC4, 0x12, 0x3C, 0xD3, 0x93, 0x13, 0xC0, 0x11]),
+    new Uint8Array([0xF3, 0x35, 0x80, 0xC8, 0xD7, 0x9A, 0x58, 0x62, 0x23, 0x7B, 0x38, 0xE3, 0x37, 0x5C, 0xBF, 0x12]),
+    new Uint8Array([0x9D, 0x97, 0xF6, 0xBA, 0xBB, 0xD2, 0x22, 0xDA, 0x7E, 0x5C, 0x85, 0xF3, 0xEA, 0xD8, 0x2B, 0x13]),
+    new Uint8Array([0x54, 0x7F, 0x77, 0x27, 0x7C, 0xE9, 0x87, 0x74, 0x2E, 0xA9, 0x30, 0x83, 0xBC, 0xC2, 0x41, 0x14]),
+    new Uint8Array([0x3A, 0xDD, 0x01, 0x55, 0x10, 0xA1, 0xFD, 0xCC, 0x73, 0x8E, 0x8D, 0x93, 0x61, 0x46, 0xD5, 0x15]),
+    new Uint8Array([0x88, 0xF8, 0x9B, 0xC3, 0xA4, 0x79, 0x73, 0xC7, 0x94, 0xE7, 0x89, 0xA3, 0xC5, 0x09, 0xAA, 0x16]),
+    new Uint8Array([0xE6, 0x5A, 0xED, 0xB1, 0xC8, 0x31, 0x09, 0x7F, 0xC9, 0xC0, 0x34, 0xB3, 0x18, 0x8D, 0x3E, 0x17]),
+    new Uint8Array([0xD9, 0xEB, 0x5A, 0x3A, 0xE9, 0x0F, 0xFA, 0x58, 0x34, 0xCE, 0x20, 0x43, 0x69, 0x3D, 0x7E, 0x18]),
+    new Uint8Array([0xB7, 0x49, 0x2C, 0x48, 0x85, 0x47, 0x80, 0xE0, 0x69, 0xE9, 0x9D, 0x53, 0xB4, 0xB9, 0xEA, 0x19]),
+    new Uint8Array([0x05, 0x6C, 0xB6, 0xDE, 0x31, 0x9F, 0x0E, 0xEB, 0x8E, 0x80, 0x99, 0x63, 0x10, 0xF6, 0x95, 0x1A]),
+    new Uint8Array([0x6B, 0xCE, 0xC0, 0xAC, 0x5D, 0xD7, 0x74, 0x53, 0xD3, 0xA7, 0x24, 0x73, 0xCD, 0x72, 0x01, 0x1B]),
+    new Uint8Array([0xA2, 0x26, 0x41, 0x31, 0x9A, 0xEC, 0xD1, 0xFD, 0x83, 0x52, 0x91, 0x03, 0x9B, 0x68, 0x6B, 0x1C]),
+    new Uint8Array([0xCC, 0x84, 0x37, 0x43, 0xF6, 0xA4, 0xAB, 0x45, 0xDE, 0x75, 0x2C, 0x13, 0x46, 0xEC, 0xFF, 0x1D]),
+    new Uint8Array([0x7E, 0xA1, 0xAD, 0xD5, 0x42, 0x7C, 0x25, 0x4E, 0x39, 0x1C, 0x28, 0x23, 0xE2, 0xA3, 0x80, 0x1E]),
+    new Uint8Array([0x10, 0x03, 0xDB, 0xA7, 0x2E, 0x34, 0x5F, 0xF6, 0x64, 0x3B, 0x95, 0x33, 0x3F, 0x27, 0x14, 0x1F]),
+    new Uint8Array([0x5E, 0xA7, 0xD8, 0x58, 0x1E, 0x14, 0x9B, 0x61, 0xF1, 0x6A, 0xC1, 0x45, 0x9C, 0xED, 0xA8, 0x20])
+];

package/kuznyechik/index.d.ts

@@ -0,0 +1,12 @@
+import { type TArg, type TRet } from "@noble/curves/utils.js";
+import type { Cipher } from "../types.js";
+/** Kuznyechik (GOST R 34.12-2015) cipher */
+export declare class Kuznyechik implements Cipher {
+    readonly keySize = 32;
+    readonly blockSize = 16;
+    private roundKeys;
+    /** Kuznyechik (GOST R 34.12-2015) cipher */
+    constructor(key: TArg<Uint8Array>);
+    encrypt(plaintext: TArg<Uint8Array>): TRet<Uint8Array>;
+    decrypt(ciphertext: TArg<Uint8Array>): TRet<Uint8Array>;
+}

package/kuznyechik/index.js

@@ -0,0 +1,207 @@
+import { copyBytes } from "@noble/curves/utils.js";
+import { ITER, L, PI, PI_REV } from "./const.js";
+import { xorBytes } from "../utils.js";
+const BLOCKSIZE = 16, KEYSIZE = 32;
+const S = (input, pi = PI) => {
+    const result = new Uint8Array(BLOCKSIZE);
+    //for(let i = 0; i < BLOCKSIZE; i++) result[i] = pi[input[i]];
+    result[0] = pi[input[0]];
+    result[1] = pi[input[1]];
+    result[2] = pi[input[2]];
+    result[3] = pi[input[3]];
+    result[4] = pi[input[4]];
+    result[5] = pi[input[5]];
+    result[6] = pi[input[6]];
+    result[7] = pi[input[7]];
+    result[8] = pi[input[8]];
+    result[9] = pi[input[9]];
+    result[10] = pi[input[10]];
+    result[11] = pi[input[11]];
+    result[12] = pi[input[12]];
+    result[13] = pi[input[13]];
+    result[14] = pi[input[14]];
+    result[15] = pi[input[15]];
+    return result;
+};
+const gfMultiply = (a, b) => {
+    let result = 0;
+    let high_bit;
+    for (let i = 0; i < 8; i++) {
+        if ((b & 0b00000001) === 0b00000001)
+            result ^= a;
+        high_bit = a & 0b10000000;
+        a <<= 1;
+        if (high_bit == 0b10000000)
+            a ^= 0b11000011;
+        b >>= 1;
+    }
+    return result & 0xFF;
+};
+const R = (input) => {
+    const result = new Uint8Array(BLOCKSIZE);
+    result.set(input.slice(0, 15), 1);
+    result[0] = input[15];
+    //let temp = 0;
+    //for (let i = 0; i < BLOCKSIZE; i++) temp ^= gfMultiply(result[i], L[i]);
+    let temp = gfMultiply(result[0], L[0]);
+    temp ^= gfMultiply(result[1], L[1]);
+    temp ^= gfMultiply(result[2], L[2]);
+    temp ^= gfMultiply(result[3], L[3]);
+    temp ^= gfMultiply(result[4], L[4]);
+    temp ^= gfMultiply(result[5], L[5]);
+    temp ^= gfMultiply(result[6], L[6]);
+    temp ^= gfMultiply(result[7], L[7]);
+    temp ^= gfMultiply(result[8], L[8]);
+    temp ^= gfMultiply(result[9], L[9]);
+    temp ^= gfMultiply(result[10], L[10]);
+    temp ^= gfMultiply(result[11], L[11]);
+    temp ^= gfMultiply(result[12], L[12]);
+    temp ^= gfMultiply(result[13], L[13]);
+    temp ^= gfMultiply(result[14], L[14]);
+    temp ^= gfMultiply(result[15], L[15]);
+    result[0] = temp;
+    return result;
+};
+const Rr = (input) => {
+    const result = new Uint8Array(BLOCKSIZE);
+    //let temp = 0;
+    //for (let i = 0; i < BLOCKSIZE; i++) temp ^= gfMultiply(input[i], L[i]);
+    let temp = gfMultiply(input[0], L[0]);
+    temp ^= gfMultiply(input[1], L[1]);
+    temp ^= gfMultiply(input[2], L[2]);
+    temp ^= gfMultiply(input[3], L[3]);
+    temp ^= gfMultiply(input[4], L[4]);
+    temp ^= gfMultiply(input[5], L[5]);
+    temp ^= gfMultiply(input[6], L[6]);
+    temp ^= gfMultiply(input[7], L[7]);
+    temp ^= gfMultiply(input[8], L[8]);
+    temp ^= gfMultiply(input[9], L[9]);
+    temp ^= gfMultiply(input[10], L[10]);
+    temp ^= gfMultiply(input[11], L[11]);
+    temp ^= gfMultiply(input[12], L[12]);
+    temp ^= gfMultiply(input[13], L[13]);
+    temp ^= gfMultiply(input[14], L[14]);
+    temp ^= gfMultiply(input[15], L[15]);
+    result.set(input.slice(1));
+    result[15] = temp;
+    return result;
+};
+const LL = (input) => {
+    //let result = copyBytes(input);
+    //for(let i = 0; i < BLOCKSIZE; i++) result = R(result);
+    let result = R(copyBytes(input));
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    result = R(result);
+    return result;
+};
+const LLr = (input) => {
+    //let result = copyBytes(input);
+    //for(let i = 0; i < BLOCKSIZE; i++) result = Rr(result);
+    let result = Rr(copyBytes(input));
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    result = Rr(result);
+    return result;
+};
+const LLS = (block) => LL(S(block));
+const SLLr = (block) => S(LLr(block), PI_REV);
+const F = (in_key1, in_key2, iter_constant) => xorBytes(LLS(xorBytes(in_key1, iter_constant)), in_key2);
+/** Kuznyechik (GOST R 34.12-2015) cipher */
+export class Kuznyechik {
+    keySize = KEYSIZE;
+    blockSize = BLOCKSIZE;
+    roundKeys;
+    /** Kuznyechik (GOST R 34.12-2015) cipher */
+    constructor(key) {
+        if (key.length !== this.keySize)
+            throw new Error("Invalid key length");
+        const roundKeys = Array(10).fill(null).map(() => new Uint8Array(this.blockSize));
+        roundKeys[0] = key.slice(0, this.blockSize);
+        roundKeys[1] = key.slice(this.blockSize);
+        let temp1 = copyBytes(roundKeys[0]);
+        let temp2 = copyBytes(roundKeys[1]);
+        let temp3 = new Uint8Array(16);
+        let temp4 = new Uint8Array(16);
+        for (let i = 0; i < 4; i++) {
+            const baseIndex = i * 8;
+            temp3 = F(temp1, temp2, ITER[baseIndex]);
+            temp4 = copyBytes(temp1);
+            temp1 = F(temp3, temp4, ITER[baseIndex + 1]);
+            temp2 = copyBytes(temp3);
+            temp3 = F(temp1, temp2, ITER[baseIndex + 2]);
+            temp4 = copyBytes(temp1);
+            temp1 = F(temp3, temp4, ITER[baseIndex + 3]);
+            temp2 = copyBytes(temp3);
+            temp3 = F(temp1, temp2, ITER[baseIndex + 4]);
+            temp4 = copyBytes(temp1);
+            temp1 = F(temp3, temp4, ITER[baseIndex + 5]);
+            temp2 = copyBytes(temp3);
+            temp3 = F(temp1, temp2, ITER[baseIndex + 6]);
+            temp4 = copyBytes(temp1);
+            temp1 = F(temp3, temp4, ITER[baseIndex + 7]);
+            temp2 = copyBytes(temp3);
+            roundKeys[2 + 2 * i] = copyBytes(temp1);
+            roundKeys[3 + 2 * i] = copyBytes(temp2);
+        }
+        this.roundKeys = roundKeys;
+    }
+    encrypt(plaintext) {
+        if (plaintext.length !== this.blockSize)
+            throw new Error("Invalid block size");
+        //let currentBlock = copyBytes(plaintext);
+        //for (let i = 0; i < 9; i++) currentBlock = LLS(xorBytes(this.roundKeys[i], currentBlock));
+        let currentBlock = LLS(xorBytes(this.roundKeys[0], plaintext));
+        currentBlock = LLS(xorBytes(this.roundKeys[1], currentBlock));
+        currentBlock = LLS(xorBytes(this.roundKeys[2], currentBlock));
+        currentBlock = LLS(xorBytes(this.roundKeys[3], currentBlock));
+        currentBlock = LLS(xorBytes(this.roundKeys[4], currentBlock));
+        currentBlock = LLS(xorBytes(this.roundKeys[5], currentBlock));
+        currentBlock = LLS(xorBytes(this.roundKeys[6], currentBlock));
+        currentBlock = LLS(xorBytes(this.roundKeys[7], currentBlock));
+        currentBlock = LLS(xorBytes(this.roundKeys[8], currentBlock));
+        currentBlock = xorBytes(this.roundKeys[9], currentBlock);
+        return currentBlock;
+    }
+    decrypt(ciphertext) {
+        if (ciphertext.length !== this.blockSize)
+            throw new Error("Invalid block size");
+        let currentBlock = xorBytes(this.roundKeys[9], ciphertext);
+        //const reversedKeys = this.roundKeys.slice(0, 9).reverse();
+        //for (let i = 0; i < 9; i++) currentBlock = xorBytes(reversedKeys[i], SLLr(currentBlock));
+        currentBlock = xorBytes(this.roundKeys[8], SLLr(currentBlock));
+        currentBlock = xorBytes(this.roundKeys[7], SLLr(currentBlock));
+        currentBlock = xorBytes(this.roundKeys[6], SLLr(currentBlock));
+        currentBlock = xorBytes(this.roundKeys[5], SLLr(currentBlock));
+        currentBlock = xorBytes(this.roundKeys[4], SLLr(currentBlock));
+        currentBlock = xorBytes(this.roundKeys[3], SLLr(currentBlock));
+        currentBlock = xorBytes(this.roundKeys[2], SLLr(currentBlock));
+        currentBlock = xorBytes(this.roundKeys[1], SLLr(currentBlock));
+        currentBlock = xorBytes(this.roundKeys[0], SLLr(currentBlock));
+        return currentBlock;
+    }
+}

package/magma/const.d.ts

@@ -0,0 +1,62 @@
+/** S-Box from RFC 7836 */
+export declare const ID_TC26_GOST_28147_PARAM_Z: Uint8Array<ArrayBuffer>[];
+/** S-Box from RFC 4357 aka `CryptoPro Paramset A` */
+export declare const ID_GOST_28147_89_CRYPTO_PRO_A_PARAM_SET: Uint8Array<ArrayBuffer>[];
+/** S-Box from RFC 4357 aka `CryptoPro Paramset B` */
+export declare const ID_GOST_28147_89_CRYPTO_PRO_B_PARAM_SET: Uint8Array<ArrayBuffer>[];
+/** S-Box from RFC 4357 aka `CryptoPro Paramset C` */
+export declare const ID_GOST_28147_89_CRYPTO_PRO_C_PARAM_SET: Uint8Array<ArrayBuffer>[];
+/** S-Box from RFC 4357 aka `CryptoPro Paramset D` */
+export declare const ID_GOST_28147_89_CRYPTO_PRO_D_PARAM_SET: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_1: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_2: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_3: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_4: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_5: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_6: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_7: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_8: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_9: Uint8Array<ArrayBuffer>[];
+/** S-Box from Instruction no. 114 by State Special Communications Service of Ukraine */
+export declare const DSSZZI_UA_DKE_10: Uint8Array<ArrayBuffer>[];
+export declare const ID_GOST_28147_89_TEST_PARAM_SET: Uint8Array<ArrayBuffer>[];
+export declare const ID_GOSTR_3411_94_TEST_PARAM_SET: Uint8Array<ArrayBuffer>[];
+export declare const ID_GOSTR_3411_94_CRYPTOPRO_PARAM_SET: Uint8Array<ArrayBuffer>[];
+export declare const EAC_PARAM_SET: Uint8Array<ArrayBuffer>[];
+/** Implemented S-Boxes */
+export declare const magmaSboxes: {
+    ID_TC26_GOST_28147_PARAM_Z: Uint8Array<ArrayBuffer>[];
+    ID_GOST_28147_89_CRYPTO_PRO_A_PARAM_SET: Uint8Array<ArrayBuffer>[];
+    ID_GOST_28147_89_CRYPTO_PRO_B_PARAM_SET: Uint8Array<ArrayBuffer>[];
+    ID_GOST_28147_89_CRYPTO_PRO_C_PARAM_SET: Uint8Array<ArrayBuffer>[];
+    ID_GOST_28147_89_CRYPTO_PRO_D_PARAM_SET: Uint8Array<ArrayBuffer>[];
+    ID_GOST_28147_89_TEST_PARAM_SET: Uint8Array<ArrayBuffer>[];
+    ID_GOSTR_3411_94_TEST_PARAM_SET: Uint8Array<ArrayBuffer>[];
+    ID_GOSTR_3411_94_CRYPTOPRO_PARAM_SET: Uint8Array<ArrayBuffer>[];
+    EAC_PARAM_SET: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_1: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_2: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_3: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_4: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_5: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_6: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_7: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_8: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_9: Uint8Array<ArrayBuffer>[];
+    DSSZZI_UA_DKE_10: Uint8Array<ArrayBuffer>[];
+};
+/** Sequences of `K_i` S-Box applying */
+export declare const magmaKeySequences: {
+    ENCRYPT: number[];
+    DECRYPT: number[];
+    MAC: number[];
+};