@li0ard/gost 0.0.1 → 0.1.3

package/modes/ecb.js

@@ -0,0 +1,21 @@
+/**
+ * **EN:** Electronic Codebook (ECB) mode
+ *
+ * **RU:** Режим простой замены
+ */
+export const ecb = (cipher) => {
+    const encrypter = cipher.encrypt.bind(cipher);
+    const decrypter = cipher.decrypt.bind(cipher);
+    const core = (crypter, data) => {
+        if (data.length == 0 || data.length % cipher.blockSize !== 0)
+            throw new Error("Data not aligned");
+        const output = new Uint8Array(data.length);
+        for (let i = 0; i < data.length; i += cipher.blockSize)
+            output.set(crypter(data.subarray(i, i + cipher.blockSize)), i);
+        return output;
+    };
+    return {
+        encrypt: (plaintext) => core(encrypter, plaintext),
+        decrypt: (ciphertext) => core(decrypter, ciphertext),
+    };
+};

package/modes/index.d.ts

@@ -0,0 +1,8 @@
+export { cbc } from "./cbc.js";
+export { cfb } from "./cfb.js";
+export { ctr, cnt } from "./ctr.js";
+export { ecb } from "./ecb.js";
+export { mac, mac_legacy, omac_acpkm } from "./mac.js";
+export { mgm } from "./mgm.js";
+export { ofb } from "./ofb.js";
+export { kexp15, kwp } from "./wrap.js";

package/modes/index.js

@@ -0,0 +1,8 @@
+export { cbc } from "./cbc.js";
+export { cfb } from "./cfb.js";
+export { ctr, cnt } from "./ctr.js";
+export { ecb } from "./ecb.js";
+export { mac, mac_legacy, omac_acpkm } from "./mac.js";
+export { mgm } from "./mgm.js";
+export { ofb } from "./ofb.js";
+export { kexp15, kwp } from "./wrap.js";

package/modes/mac.d.ts

@@ -0,0 +1,21 @@
+import { type TArg } from "@noble/hashes/utils.js";
+import type { Cipher, MACMode } from "../types.js";
+import { Magma } from "../magma/index.js";
+/**
+ * **EN:** Message Authentication Code (MAC) mode
+ *
+ * **RU:** Режим выработки имитовставки
+ */
+export declare const mac: (cipher: Cipher) => MACMode;
+/**
+ * **EN:** Message Authentication Code (MAC) mode (GOST 28147-89)
+ *
+ * **RU:** Режим выработки имитовставки (ГОСТ 28147-89)
+ */
+export declare const mac_legacy: (cipher: Magma, iv?: TArg<Uint8Array>) => MACMode;
+/**
+ * **EN:** Message Authentication Code with Advance Cryptographic Prolongation of Key Material (OMAC-ACPKM) mode
+ *
+ * **RU:** Режим выработки имитовставки с преобразованием ключа (ACPKM)
+ */
+export declare const omac_acpkm: (cipher: Cipher) => MACMode;

package/modes/mac.js

@@ -0,0 +1,119 @@
+import {} from "@noble/hashes/utils.js";
+import { pad1, pad3, xorBytes } from "../utils.js";
+import { bytesToNumberBE, numberToVarBytesBE } from "@noble/curves/utils.js";
+import { magmaKeySequences, Magma } from "../magma/index.js";
+import { acpkm_master } from "./_keytransform.js";
+const Rb64 = 0b11011;
+const Rb128 = 0b10000111;
+/**
+ * **EN:** Message Authentication Code (MAC) mode
+ *
+ * **RU:** Режим выработки имитовставки
+ */
+export const mac = (cipher) => {
+    const encrypter = cipher.encrypt.bind(cipher);
+    const macShift = (data, xorLsb = 0) => numberToVarBytesBE((bytesToNumberBE(data) * BigInt(2)) ^ BigInt(xorLsb)).slice(-cipher.blockSize);
+    const macKs = () => {
+        const Rb = cipher.blockSize === 16 ? Rb128 : Rb64;
+        const l = encrypter(new Uint8Array(cipher.blockSize));
+        let k1;
+        if ((l[0] & 0x80) !== 0)
+            k1 = macShift(l, Rb);
+        else
+            k1 = macShift(l);
+        let k2;
+        if ((k1[0] & 0x80) !== 0)
+            k2 = macShift(k1, Rb);
+        else
+            k2 = macShift(k1);
+        return [k1, k2];
+    };
+    return {
+        compute: (msg) => {
+            const [k1, k2] = macKs();
+            let tailOffset;
+            if (msg.length % cipher.blockSize === 0)
+                tailOffset = msg.length - cipher.blockSize;
+            else
+                tailOffset = msg.length - (msg.length % cipher.blockSize);
+            let prev = new Uint8Array(cipher.blockSize);
+            for (let i = 0; i < tailOffset; i += cipher.blockSize)
+                prev = encrypter(xorBytes(msg.subarray(i, i + cipher.blockSize), prev));
+            const tail = msg.subarray(tailOffset);
+            const xorWithPrev = xorBytes(pad3(tail, cipher.blockSize), prev);
+            return encrypter(xorBytes(xorWithPrev, (tail.length === cipher.blockSize ? k1 : k2)));
+        }
+    };
+};
+/**
+ * **EN:** Message Authentication Code (MAC) mode (GOST 28147-89)
+ *
+ * **RU:** Режим выработки имитовставки (ГОСТ 28147-89)
+ */
+export const mac_legacy = (cipher, iv = new Uint8Array(cipher.blockSize)) => {
+    const split = (data) => [
+        (data[0] | data[1] << 8 | data[2] << 16 | data[3] << 24) >>> 0,
+        (data[4] | data[5] << 8 | data[6] << 16 | data[7] << 24) >>> 0
+    ];
+    const join = (ns) => new Uint8Array([
+        (ns[1] >> 0) & 0xFF, (ns[1] >> 8) & 0xFF, (ns[1] >> 16) & 0xFF, (ns[1] >> 24) & 0xFF,
+        (ns[0] >> 0) & 0xFF, (ns[0] >> 8) & 0xFF, (ns[0] >> 16) & 0xFF, (ns[0] >> 24) & 0xFF
+    ]);
+    return {
+        compute: (msg) => {
+            const paddedData = pad1(msg, cipher.blockSize);
+            let prev = split(iv).reverse();
+            for (let i = 0; i < paddedData.length; i += cipher.blockSize)
+                prev = split(Magma.reverseChunks(cipher.proceedBlock(Magma.reverseChunks(xorBytes(paddedData.subarray(i, i + cipher.blockSize), join(prev))), magmaKeySequences.MAC)));
+            return join(prev);
+        }
+    };
+};
+/**
+ * **EN:** Message Authentication Code with Advance Cryptographic Prolongation of Key Material (OMAC-ACPKM) mode
+ *
+ * **RU:** Режим выработки имитовставки с преобразованием ключа (ACPKM)
+ */
+export const omac_acpkm = (cipher) => {
+    const sectionSize = cipher.blockSize * 2;
+    return {
+        compute: (msg) => {
+            let encrypter = cipher.encrypt.bind(cipher);
+            let tail_offset = 0;
+            if (msg.length % cipher.blockSize == 0)
+                tail_offset = msg.length - cipher.blockSize;
+            else
+                tail_offset = msg.length - (msg.length % cipher.blockSize);
+            let prev = new Uint8Array(cipher.blockSize).fill(0);
+            let sections = msg.length;
+            if (msg.length % sectionSize != 0)
+                sections += 1;
+            let keymats = acpkm_master(cipher, (32 + cipher.blockSize) * sections);
+            let k1 = new Uint8Array(sectionSize);
+            for (let i = 0; i < tail_offset; i += cipher.blockSize) {
+                if (i % sectionSize == 0) {
+                    let keymat = keymats.slice(0, 32 + cipher.blockSize);
+                    keymats = keymats.slice(32 + cipher.blockSize);
+                    let key = keymat.slice(0, 32);
+                    k1 = keymat.slice(32);
+                    // @ts-ignore
+                    let cipher2 = new cipher.constructor(key);
+                    encrypter = cipher2.encrypt.bind(cipher2);
+                }
+                prev = encrypter(xorBytes(msg.slice(i, i + cipher.blockSize), prev));
+            }
+            const tail = msg.slice(tail_offset);
+            if (tail.length == cipher.blockSize) {
+                let key = keymats.slice(0, 32);
+                k1 = keymats.slice(32);
+                // @ts-ignore
+                let cipher2 = new cipher.constructor(key);
+                encrypter = cipher2.encrypt.bind(cipher2);
+            }
+            let k2 = numberToVarBytesBE(bytesToNumberBE(k1) << 1n);
+            if ((k1.slice()[0] & 0x80) != 0)
+                k2 = xorBytes(k2, numberToVarBytesBE(cipher.blockSize == 16 ? Rb128 : Rb64));
+            return encrypter(xorBytes(xorBytes(pad3(tail, cipher.blockSize), prev), (tail.length == cipher.blockSize) ? k1 : k2));
+        }
+    };
+};

package/modes/mgm.d.ts

@@ -0,0 +1,8 @@
+import { type TArg } from "@noble/hashes/utils.js";
+import type { AEADMode, Cipher } from "../types.js";
+/**
+ * **EN:** Multilinear Galois (MGM) mode (AEAD)
+ *
+ * **RU:** Режим шифрования с имитозащитой и ассоциированными данными (AEAD)
+ */
+export declare const mgm: (cipher: Cipher, nonce: TArg<Uint8Array>, tagSize?: number) => AEADMode;

package/modes/mgm.js

@@ -0,0 +1,90 @@
+import { concatBytes } from "@noble/hashes/utils.js";
+import { bytesToNumberBE, equalBytes, numberToBytesBE } from "@noble/curves/utils.js";
+import { pad1, xorBytes } from "../utils.js";
+/**
+ * **EN:** Multilinear Galois (MGM) mode (AEAD)
+ *
+ * **RU:** Режим шифрования с имитозащитой и ассоциированными данными (AEAD)
+ */
+export const mgm = (cipher, nonce, tagSize = cipher.blockSize) => {
+    const halfbs = cipher.blockSize / 2;
+    const _incr = (data) => numberToBytesBE(bytesToNumberBE(data) + 1n, halfbs);
+    const incr_r = (data) => concatBytes(data.subarray(0, halfbs), _incr(data.subarray(halfbs)));
+    const incr_l = (data) => concatBytes(_incr(data.subarray(0, halfbs)), data.subarray(halfbs));
+    if (tagSize < 4 || tagSize > cipher.blockSize)
+        throw new Error("Invalid tagSize");
+    const encrypter = cipher.encrypt.bind(cipher);
+    const maxSize = (1n << BigInt(cipher.blockSize * 4)) - 1n;
+    const r = (cipher.blockSize == 8 ? 0x1B : 0x87);
+    const validateSizes = (plaintext, additional) => {
+        if (plaintext.length == 0 && additional.length == 0)
+            throw new Error("At least one of plaintext or additional_data required");
+        if ((plaintext.length + additional.length) > maxSize)
+            throw new Error("plaintext+additional_data are too big");
+    };
+    const mul = (a, b) => {
+        let x = bytesToNumberBE(a);
+        let y = bytesToNumberBE(b);
+        let z = 0n;
+        const max_bit = 1n << (BigInt(cipher.blockSize) * 8n - 1n);
+        while (y > 0n) {
+            if ((y & 1n) == 1n)
+                z ^= x;
+            if ((x & max_bit) > 0n)
+                x = ((x ^ max_bit) << 1n) ^ BigInt(r);
+            else
+                x <<= 1n;
+            y >>= 1n;
+        }
+        return numberToBytesBE(z, cipher.blockSize);
+    };
+    const crypt = (icn, data) => {
+        icn[0] &= 0x7F;
+        let enc = encrypter(icn);
+        const res = [];
+        while (data.length > 0) {
+            res.push(xorBytes(encrypter(enc), data));
+            enc = incr_r(enc);
+            data = data.slice(cipher.blockSize);
+        }
+        return concatBytes(...res);
+    };
+    const auth = (icn, text, ad) => {
+        icn[0] |= 0x80;
+        let enc = encrypter(icn);
+        let _sum = new Uint8Array(cipher.blockSize);
+        const ad_len = ad.length;
+        const text_len = text.length;
+        while (ad.length > 0) {
+            _sum = xorBytes(_sum, mul(encrypter(enc), pad1(ad.slice(0, cipher.blockSize), cipher.blockSize)));
+            enc = incr_l(enc);
+            ad = ad.slice(cipher.blockSize);
+        }
+        while (text.length > 0) {
+            _sum = xorBytes(_sum, mul(encrypter(enc), pad1(text.slice(0, cipher.blockSize), cipher.blockSize)));
+            enc = incr_l(enc);
+            text = text.slice(cipher.blockSize);
+        }
+        _sum = xorBytes(_sum, mul(encrypter(enc), concatBytes(numberToBytesBE(ad_len * 8, halfbs), numberToBytesBE(text_len * 8, halfbs))));
+        return encrypter(_sum).slice(0, tagSize);
+    };
+    return {
+        seal: (plaintext, aad = new Uint8Array()) => {
+            validateSizes(plaintext, aad);
+            const icn = nonce.slice();
+            const ciphertext = crypt(icn, plaintext);
+            const tag = auth(icn, ciphertext, aad);
+            return concatBytes(ciphertext, tag);
+        },
+        open: (ciphertext, aad = new Uint8Array()) => {
+            validateSizes(ciphertext, aad);
+            const icn = nonce.slice();
+            const ct = ciphertext.slice(0, (ciphertext.length - tagSize));
+            const tag_expected = ciphertext.subarray((ciphertext.length - tagSize));
+            const tag = auth(icn, ct, aad);
+            if (!equalBytes(tag_expected, tag))
+                throw new Error("Invalid authentication tag");
+            return crypt(icn, ct);
+        }
+    };
+};

package/modes/ofb.d.ts

@@ -0,0 +1,8 @@
+import { type TArg } from "@noble/hashes/utils.js";
+import type { Cipher, StreamMode } from "../types.js";
+/**
+ * **EN:** Output Feedback (OFB) mode
+ *
+ * **RU:** Режим гаммирования с обратной связью по выходу
+ */
+export declare const ofb: (cipher: Cipher, iv: TArg<Uint8Array>) => StreamMode;

package/modes/ofb.js

@@ -0,0 +1,25 @@
+import { concatBytes } from "@noble/hashes/utils.js";
+import { xorBytes, getPadLength } from "../utils.js";
+/**
+ * **EN:** Output Feedback (OFB) mode
+ *
+ * **RU:** Режим гаммирования с обратной связью по выходу
+ */
+export const ofb = (cipher, iv) => {
+    if (iv.length == 0 || iv.length % cipher.blockSize !== 0)
+        throw new Error("Invalid IV size");
+    const encrypter = cipher.encrypt.bind(cipher);
+    return {
+        crypt: (msg) => {
+            let r = [];
+            for (let i = 0; i < iv.length; i += cipher.blockSize)
+                r.push(iv.slice(i, i + cipher.blockSize));
+            const result = [];
+            for (let i = 0; i < (msg.length + getPadLength(msg.length, cipher.blockSize)); i += cipher.blockSize) {
+                r = r.slice(1).concat(encrypter(r[0]));
+                result.push(xorBytes(r[r.length - 1], msg.subarray(i, i + cipher.blockSize)));
+            }
+            return concatBytes(...result);
+        }
+    };
+};

package/modes/wrap.d.ts

@@ -0,0 +1,14 @@
+import { type TArg } from "@noble/hashes/utils.js";
+import type { Cipher, WrapMode, WrapModeMagma } from "../types.js";
+/**
+ * **EN:** KExp15/KImp15 key wrapping
+ *
+ * **RU:** Режим обёртки ключей шифрования KExp15/KImp15
+ */
+export declare const kexp15: (cipherEnc: Cipher, cipherMac: Cipher, iv: TArg<Uint8Array>) => WrapMode;
+/**
+ * **EN:** GOST 28147-89 key wrapping
+ *
+ * **RU:** Режим обёртки ключей шифрования согласно ГОСТ 28147-89
+ */
+export declare const kwp: (kek: TArg<Uint8Array>, isCryptoPro?: boolean, sbox?: TArg<Uint8Array>[]) => WrapModeMagma;

package/modes/wrap.js

@@ -0,0 +1,57 @@
+import { concatBytes } from "@noble/hashes/utils.js";
+import { mac as _mac, mac_legacy } from "./mac.js";
+import { ctr } from "./ctr.js";
+import { equalBytes } from "@noble/curves/utils.js";
+import { ID_GOST_28147_89_CRYPTO_PRO_A_PARAM_SET } from "../magma/const";
+import { Magma } from "../magma/index.js";
+import { ecb } from "./ecb.js";
+import { cp_kek_diversify } from "./_keytransform.js";
+/**
+ * **EN:** KExp15/KImp15 key wrapping
+ *
+ * **RU:** Режим обёртки ключей шифрования KExp15/KImp15
+ */
+export const kexp15 = (cipherEnc, cipherMac, iv) => {
+    if (iv.length != (cipherEnc.blockSize / 2) || iv.length != (cipherMac.blockSize / 2))
+        throw new Error("Invalid IV size");
+    return {
+        wrap: (msg) => {
+            const mac = _mac(cipherMac).compute(concatBytes(iv, msg));
+            return ctr(cipherEnc, iv).crypt(concatBytes(msg, mac));
+        },
+        unwrap: (msg) => {
+            const key_and_key_mac = ctr(cipherEnc, iv).crypt(msg);
+            const key = key_and_key_mac.slice(0, -cipherEnc.blockSize), key_mac = key_and_key_mac.slice(-cipherEnc.blockSize);
+            const mac = _mac(cipherMac).compute(concatBytes(iv, key));
+            if (!equalBytes(key_mac, mac))
+                throw new Error("Invalid key MAC");
+            return key;
+        }
+    };
+};
+/**
+ * **EN:** GOST 28147-89 key wrapping
+ *
+ * **RU:** Режим обёртки ключей шифрования согласно ГОСТ 28147-89
+ */
+export const kwp = (kek, isCryptoPro = false, sbox = ID_GOST_28147_89_CRYPTO_PRO_A_PARAM_SET) => {
+    return {
+        wrap: (ukm, cek) => {
+            const cipher = new Magma(isCryptoPro ? cp_kek_diversify(kek, ukm, sbox) : kek, sbox, true);
+            const cek_mac = mac_legacy(cipher, ukm).compute(cek).subarray(0, 4);
+            const cek_enc = ecb(cipher).encrypt(cek);
+            return concatBytes(ukm, cek_enc, cek_mac);
+        },
+        unwrap: (wrapped) => {
+            if (wrapped.length !== 44 && wrapped.length !== 76)
+                throw new Error("Invalid data length");
+            const [ukm, cek_enc, cek_mac] = [wrapped.slice(0, 8), wrapped.slice(8, wrapped.length - 4), wrapped.slice(-4)];
+            const cipher = new Magma(isCryptoPro ? cp_kek_diversify(kek, ukm, sbox) : kek, sbox, true);
+            const cek = ecb(cipher).decrypt(cek_enc);
+            const mac_computed = mac_legacy(cipher, ukm).compute(cek).subarray(0, 4);
+            if (!equalBytes(cek_mac, mac_computed))
+                throw new Error("Invalid MAC");
+            return cek;
+        }
+    };
+};

package/package.json

@@ -1,10 +1,51 @@
 {
   "name": "@li0ard/gost",
-  "version": "0.0.1",
-  "description": "OIDC trusted publishing setup package for @li0ard/gost",
-  "keywords": [
-    "oidc",
-    "trusted-publishing",
-    "setup"
-  ]
+  "version": "0.1.3",
+  "main": "index.js",
+  "types": "index.d.ts",
+  "type": "module",
+  "exports": {
+    ".": "./index.js",
+    "./gost3410.js": "./gost3410/index.js",
+    "./gost341194.js": "./gost341194/index.js",
+    "./kuznyechik.js": "./kuznyechik/index.js",
+    "./magma.js": "./kuznyechik/magma.js",
+    "./modes.js": "./modes/index.js",
+    "./streebog.js": "./streebog/index.js",
+    "./hmac.js": "./hmac.js",
+    "./kdf.js": "./kdf.js",
+    "./types.js": "./types.js"
+  },
+  "author": "li0ard",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/li0ard/gost.git"
+  },
+  "bugs": {
+    "url": "https://github.com/li0ard/gost/issues"
+  },
+  "homepage": "https://github.com/li0ard/gost#readme",
+  "funding": "https://li0ard.rest/donate",
+  "description": "GOST cryptography algorithms in pure TypeScript",
+  "license": "MIT",
+  "scripts": {
+    "build": "rm -rf dist/ && tsc --project tsconfig.build.json",
+    "docs": "typedoc --options .config/typedoc/config.cjs"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "typedoc": "^0.28.19"
+  },
+  "peerDependencies": {
+    "typescript": "^5"
+  },
+  "dependencies": {
+    "@noble/curves": "^2.2.0",
+    "@noble/hashes": "^2.2.0"
+  },
+  "files": ["**/*.js", "**/*.d.ts"],
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": ["gost", "crypto", "magma", "kuznyechik", "streebog", "gost341194", "tc26"]
 }

package/streebog/const.d.ts

@@ -0,0 +1,4 @@
+import type { TArg } from "@noble/hashes/utils.js";
+export declare const TAU: Uint8Array;
+export declare const A: Uint32Array<ArrayBuffer>;
+export declare const C: TArg<Uint8Array>[];

package/streebog/const.js

@@ -0,0 +1,102 @@
+export const TAU = new Uint8Array([
+    0x00, 0x08, 0x10, 0x18, 0x20, 0x28, 0x30, 0x38,
+    0x01, 0x09, 0x11, 0x19, 0x21, 0x29, 0x31, 0x39,
+    0x02, 0x0a, 0x12, 0x1a, 0x22, 0x2a, 0x32, 0x3a,
+    0x03, 0x0b, 0x13, 0x1b, 0x23, 0x2b, 0x33, 0x3b,
+    0x04, 0x0c, 0x14, 0x1c, 0x24, 0x2c, 0x34, 0x3c,
+    0x05, 0x0d, 0x15, 0x1d, 0x25, 0x2d, 0x35, 0x3d,
+    0x06, 0x0e, 0x16, 0x1e, 0x26, 0x2e, 0x36, 0x3e,
+    0x07, 0x0f, 0x17, 0x1f, 0x27, 0x2f, 0x37, 0x3f,
+]);
+export const A = new Uint32Array([
+    0x8e20faa7, 0x2ba0b470, 0x47107ddd, 0x9b505a38, 0xad08b0e0, 0xc3282d1c, 0xd8045870, 0xef14980e,
+    0x6c022c38, 0xf90a4c07, 0x3601161c, 0xf205268d, 0x1b8e0b0e, 0x798c13c8, 0x83478b07, 0xb2468764,
+    0xa011d380, 0x818e8f40, 0x5086e740, 0xce47c920, 0x2843fd20, 0x67adea10, 0x14aff010, 0xbdd87508,
+    0x0ad97808, 0xd06cb404, 0x05e23c04, 0x68365a02, 0x8c711e02, 0x341b2d01, 0x46b60f01, 0x1a83988e,
+    0x90dab52a, 0x387ae76f, 0x486dd415, 0x1c3dfdb9, 0x24b86a84, 0x0e90f0d2, 0x125c3542, 0x07487869,
+    0x092e9421, 0x8d243cba, 0x8a174a9e, 0xc8121e5d, 0x4585254f, 0x64090fa0, 0xaccc9ca9, 0x328a8950,
+    0x9d4df05d, 0x5f661451, 0xc0a878a0, 0xa1330aa6, 0x60543c50, 0xde970553, 0x302a1e28, 0x6fc58ca7,
+    0x18150f14, 0xb9ec46dd, 0x0c84890a, 0xd27623e0, 0x0642ca05, 0x693b9f70, 0x0321658c, 0xba93c138,
+    0x86275df0, 0x9ce8aaa8, 0x439da078, 0x4e745554, 0xafc0503c, 0x273aa42a, 0xd960281e, 0x9d1d5215,
+    0xe230140f, 0xc0802984, 0x71180a89, 0x60409a42, 0xb60c05ca, 0x30204d21, 0x5b068c65, 0x1810a89e,
+    0x456c3488, 0x7a3805b9, 0xac361a44, 0x3d1c8cd2, 0x561b0d22, 0x900e4669, 0x2b838811, 0x480723ba,
+    0x9bcf4486, 0x248d9f5d, 0xc3e92243, 0x12c8c1a0, 0xeffa11af, 0x0964ee50, 0xf97d86d9, 0x8a327728,
+    0xe4fa2054, 0xa80b329c, 0x727d102a, 0x548b194e, 0x39b00815, 0x2acb8227, 0x92580484, 0x15eb419d,
+    0x492c0242, 0x84fbaec0, 0xaa160121, 0x42f35760, 0x550b8e9e, 0x21f7a530, 0xa48b474f, 0x9ef5dc18,
+    0x70a6a56e, 0x2440598e, 0x3853dc37, 0x1220a247, 0x1ca76e95, 0x091051ad, 0x0edd37c4, 0x8a08a6d8,
+    0x07e09562, 0x4504536c, 0x8d70c431, 0xac02a736, 0xc8386296, 0x5601dd1b, 0x641c314b, 0x2b8ee083,
+]);
+export const C = [
+    new Uint8Array([
+        0xb1, 0x08, 0x5b, 0xda, 0x1e, 0xca, 0xda, 0xe9, 0xeb, 0xcb, 0x2f, 0x81, 0xc0, 0x65, 0x7c, 0x1f,
+        0x2f, 0x6a, 0x76, 0x43, 0x2e, 0x45, 0xd0, 0x16, 0x71, 0x4e, 0xb8, 0x8d, 0x75, 0x85, 0xc4, 0xfc,
+        0x4b, 0x7c, 0xe0, 0x91, 0x92, 0x67, 0x69, 0x01, 0xa2, 0x42, 0x2a, 0x08, 0xa4, 0x60, 0xd3, 0x15,
+        0x05, 0x76, 0x74, 0x36, 0xcc, 0x74, 0x4d, 0x23, 0xdd, 0x80, 0x65, 0x59, 0xf2, 0xa6, 0x45, 0x07,
+    ]),
+    new Uint8Array([
+        0x6f, 0xa3, 0xb5, 0x8a, 0xa9, 0x9d, 0x2f, 0x1a, 0x4f, 0xe3, 0x9d, 0x46, 0x0f, 0x70, 0xb5, 0xd7,
+        0xf3, 0xfe, 0xea, 0x72, 0x0a, 0x23, 0x2b, 0x98, 0x61, 0xd5, 0x5e, 0x0f, 0x16, 0xb5, 0x01, 0x31,
+        0x9a, 0xb5, 0x17, 0x6b, 0x12, 0xd6, 0x99, 0x58, 0x5c, 0xb5, 0x61, 0xc2, 0xdb, 0x0a, 0xa7, 0xca,
+        0x55, 0xdd, 0xa2, 0x1b, 0xd7, 0xcb, 0xcd, 0x56, 0xe6, 0x79, 0x04, 0x70, 0x21, 0xb1, 0x9b, 0xb7,
+    ]),
+    new Uint8Array([
+        0xf5, 0x74, 0xdc, 0xac, 0x2b, 0xce, 0x2f, 0xc7, 0x0a, 0x39, 0xfc, 0x28, 0x6a, 0x3d, 0x84, 0x35,
+        0x06, 0xf1, 0x5e, 0x5f, 0x52, 0x9c, 0x1f, 0x8b, 0xf2, 0xea, 0x75, 0x14, 0xb1, 0x29, 0x7b, 0x7b,
+        0xd3, 0xe2, 0x0f, 0xe4, 0x90, 0x35, 0x9e, 0xb1, 0xc1, 0xc9, 0x3a, 0x37, 0x60, 0x62, 0xdb, 0x09,
+        0xc2, 0xb6, 0xf4, 0x43, 0x86, 0x7a, 0xdb, 0x31, 0x99, 0x1e, 0x96, 0xf5, 0x0a, 0xba, 0x0a, 0xb2,
+    ]),
+    new Uint8Array([
+        0xef, 0x1f, 0xdf, 0xb3, 0xe8, 0x15, 0x66, 0xd2, 0xf9, 0x48, 0xe1, 0xa0, 0x5d, 0x71, 0xe4, 0xdd,
+        0x48, 0x8e, 0x85, 0x7e, 0x33, 0x5c, 0x3c, 0x7d, 0x9d, 0x72, 0x1c, 0xad, 0x68, 0x5e, 0x35, 0x3f,
+        0xa9, 0xd7, 0x2c, 0x82, 0xed, 0x03, 0xd6, 0x75, 0xd8, 0xb7, 0x13, 0x33, 0x93, 0x52, 0x03, 0xbe,
+        0x34, 0x53, 0xea, 0xa1, 0x93, 0xe8, 0x37, 0xf1, 0x22, 0x0c, 0xbe, 0xbc, 0x84, 0xe3, 0xd1, 0x2e,
+    ]),
+    new Uint8Array([
+        0x4b, 0xea, 0x6b, 0xac, 0xad, 0x47, 0x47, 0x99, 0x9a, 0x3f, 0x41, 0x0c, 0x6c, 0xa9, 0x23, 0x63,
+        0x7f, 0x15, 0x1c, 0x1f, 0x16, 0x86, 0x10, 0x4a, 0x35, 0x9e, 0x35, 0xd7, 0x80, 0x0f, 0xff, 0xbd,
+        0xbf, 0xcd, 0x17, 0x47, 0x25, 0x3a, 0xf5, 0xa3, 0xdf, 0xff, 0x00, 0xb7, 0x23, 0x27, 0x1a, 0x16,
+        0x7a, 0x56, 0xa2, 0x7e, 0xa9, 0xea, 0x63, 0xf5, 0x60, 0x17, 0x58, 0xfd, 0x7c, 0x6c, 0xfe, 0x57,
+    ]),
+    new Uint8Array([
+        0xae, 0x4f, 0xae, 0xae, 0x1d, 0x3a, 0xd3, 0xd9, 0x6f, 0xa4, 0xc3, 0x3b, 0x7a, 0x30, 0x39, 0xc0,
+        0x2d, 0x66, 0xc4, 0xf9, 0x51, 0x42, 0xa4, 0x6c, 0x18, 0x7f, 0x9a, 0xb4, 0x9a, 0xf0, 0x8e, 0xc6,
+        0xcf, 0xfa, 0xa6, 0xb7, 0x1c, 0x9a, 0xb7, 0xb4, 0x0a, 0xf2, 0x1f, 0x66, 0xc2, 0xbe, 0xc6, 0xb6,
+        0xbf, 0x71, 0xc5, 0x72, 0x36, 0x90, 0x4f, 0x35, 0xfa, 0x68, 0x40, 0x7a, 0x46, 0x64, 0x7d, 0x6e,
+    ]),
+    new Uint8Array([
+        0xf4, 0xc7, 0x0e, 0x16, 0xee, 0xaa, 0xc5, 0xec, 0x51, 0xac, 0x86, 0xfe, 0xbf, 0x24, 0x09, 0x54,
+        0x39, 0x9e, 0xc6, 0xc7, 0xe6, 0xbf, 0x87, 0xc9, 0xd3, 0x47, 0x3e, 0x33, 0x19, 0x7a, 0x93, 0xc9,
+        0x09, 0x92, 0xab, 0xc5, 0x2d, 0x82, 0x2c, 0x37, 0x06, 0x47, 0x69, 0x83, 0x28, 0x4a, 0x05, 0x04,
+        0x35, 0x17, 0x45, 0x4c, 0xa2, 0x3c, 0x4a, 0xf3, 0x88, 0x86, 0x56, 0x4d, 0x3a, 0x14, 0xd4, 0x93,
+    ]),
+    new Uint8Array([
+        0x9b, 0x1f, 0x5b, 0x42, 0x4d, 0x93, 0xc9, 0xa7, 0x03, 0xe7, 0xaa, 0x02, 0x0c, 0x6e, 0x41, 0x41,
+        0x4e, 0xb7, 0xf8, 0x71, 0x9c, 0x36, 0xde, 0x1e, 0x89, 0xb4, 0x44, 0x3b, 0x4d, 0xdb, 0xc4, 0x9a,
+        0xf4, 0x89, 0x2b, 0xcb, 0x92, 0x9b, 0x06, 0x90, 0x69, 0xd1, 0x8d, 0x2b, 0xd1, 0xa5, 0xc4, 0x2f,
+        0x36, 0xac, 0xc2, 0x35, 0x59, 0x51, 0xa8, 0xd9, 0xa4, 0x7f, 0x0d, 0xd4, 0xbf, 0x02, 0xe7, 0x1e,
+    ]),
+    new Uint8Array([
+        0x37, 0x8f, 0x5a, 0x54, 0x16, 0x31, 0x22, 0x9b, 0x94, 0x4c, 0x9a, 0xd8, 0xec, 0x16, 0x5f, 0xde,
+        0x3a, 0x7d, 0x3a, 0x1b, 0x25, 0x89, 0x42, 0x24, 0x3c, 0xd9, 0x55, 0xb7, 0xe0, 0x0d, 0x09, 0x84,
+        0x80, 0x0a, 0x44, 0x0b, 0xdb, 0xb2, 0xce, 0xb1, 0x7b, 0x2b, 0x8a, 0x9a, 0xa6, 0x07, 0x9c, 0x54,
+        0x0e, 0x38, 0xdc, 0x92, 0xcb, 0x1f, 0x2a, 0x60, 0x72, 0x61, 0x44, 0x51, 0x83, 0x23, 0x5a, 0xdb,
+    ]),
+    new Uint8Array([
+        0xab, 0xbe, 0xde, 0xa6, 0x80, 0x05, 0x6f, 0x52, 0x38, 0x2a, 0xe5, 0x48, 0xb2, 0xe4, 0xf3, 0xf3,
+        0x89, 0x41, 0xe7, 0x1c, 0xff, 0x8a, 0x78, 0xdb, 0x1f, 0xff, 0xe1, 0x8a, 0x1b, 0x33, 0x61, 0x03,
+        0x9f, 0xe7, 0x67, 0x02, 0xaf, 0x69, 0x33, 0x4b, 0x7a, 0x1e, 0x6c, 0x30, 0x3b, 0x76, 0x52, 0xf4,
+        0x36, 0x98, 0xfa, 0xd1, 0x15, 0x3b, 0xb6, 0xc3, 0x74, 0xb4, 0xc7, 0xfb, 0x98, 0x45, 0x9c, 0xed,
+    ]),
+    new Uint8Array([
+        0x7b, 0xcd, 0x9e, 0xd0, 0xef, 0xc8, 0x89, 0xfb, 0x30, 0x02, 0xc6, 0xcd, 0x63, 0x5a, 0xfe, 0x94,
+        0xd8, 0xfa, 0x6b, 0xbb, 0xeb, 0xab, 0x07, 0x61, 0x20, 0x01, 0x80, 0x21, 0x14, 0x84, 0x66, 0x79,
+        0x8a, 0x1d, 0x71, 0xef, 0xea, 0x48, 0xb9, 0xca, 0xef, 0xba, 0xcd, 0x1d, 0x7d, 0x47, 0x6e, 0x98,
+        0xde, 0xa2, 0x59, 0x4a, 0xc0, 0x6f, 0xd8, 0x5d, 0x6b, 0xca, 0xa4, 0xcd, 0x81, 0xf3, 0x2d, 0x1b,
+    ]),
+    new Uint8Array([
+        0x37, 0x8e, 0xe7, 0x67, 0xf1, 0x16, 0x31, 0xba, 0xd2, 0x13, 0x80, 0xb0, 0x04, 0x49, 0xb1, 0x7a,
+        0xcd, 0xa4, 0x3c, 0x32, 0xbc, 0xdf, 0x1d, 0x77, 0xf8, 0x20, 0x12, 0xd4, 0x30, 0x21, 0x9f, 0x9b,
+        0x5d, 0x80, 0xef, 0x9d, 0x18, 0x91, 0xcc, 0x86, 0xe7, 0x1d, 0xa4, 0xaa, 0x88, 0xe1, 0x28, 0x52,
+        0xfa, 0xf4, 0x17, 0xd5, 0xd9, 0xb2, 0x1b, 0x99, 0x48, 0xbc, 0x92, 0x4a, 0xf1, 0x1b, 0xd7, 0x20,
+    ])
+];

package/streebog/index.d.ts

@@ -0,0 +1,66 @@
+import { type Hash, type TArg, type TRet } from "@noble/hashes/utils.js";
+/** Streebog (GOST R 34.11-2012) hash function */
+declare abstract class Streebog<T extends Streebog<T>> implements Hash<Streebog<T>> {
+    private is512;
+    readonly blockLen = 64;
+    readonly outputLen: number;
+    readonly canXOF = false;
+    protected buffer: Uint8Array;
+    abstract _cloneInto(to?: T): T;
+    abstract clone(): T;
+    /** Streebog (GOST R 34.11-2012) hash function */
+    constructor(is512: boolean);
+    destroy(): void;
+    update(data: TArg<Uint8Array>): this;
+    digest(): TRet<Uint8Array>;
+    digestInto(buf: TArg<Uint8Array>): void;
+}
+/** Streebog-256 (GOST R 34.11-2012) hash function */
+export declare class Streebog256 extends Streebog<Streebog256> {
+    /** Streebog-256 (GOST R 34.11-2012) hash function */
+    constructor();
+    /** Create hash instance */
+    static create(): Streebog256;
+    clone(): Streebog256;
+    _cloneInto(to?: Streebog256): Streebog256;
+}
+/** Streebog-512 (GOST R 34.11-2012) hash function */
+export declare class Streebog512 extends Streebog<Streebog512> {
+    /** Streebog-512 (GOST R 34.11-2012) hash function */
+    constructor();
+    /** Create hash instance */
+    static create(): Streebog512;
+    clone(): Streebog512;
+    _cloneInto(to?: Streebog512): Streebog512;
+}
+/** Streebog-256 (GOST R 34.11-2012) hash function */
+export declare const streebog256: {
+    outputLen: number;
+    blockLen: number;
+    canXOF: boolean;
+} & import("@noble/hashes/utils.js").HashInfo & {
+    (msg: TArg<Uint8Array>): TRet<Uint8Array>;
+    create(): Streebog256;
+} & ((msg: TArg<TArg<Uint8Array<ArrayBufferLike>>>) => Uint8Array<ArrayBufferLike> & Uint8Array<ArrayBuffer>) & {
+    outputLen: number;
+    blockLen: number;
+    canXOF: boolean;
+    oid?: TRet<Uint8Array> | undefined;
+    create: () => Streebog256;
+};
+/** Streebog-512 (GOST R 34.11-2012) hash function */
+export declare const streebog512: {
+    outputLen: number;
+    blockLen: number;
+    canXOF: boolean;
+} & import("@noble/hashes/utils.js").HashInfo & {
+    (msg: TArg<Uint8Array>): TRet<Uint8Array>;
+    create(): Streebog512;
+} & ((msg: TArg<TArg<Uint8Array<ArrayBufferLike>>>) => Uint8Array<ArrayBufferLike> & Uint8Array<ArrayBuffer>) & {
+    outputLen: number;
+    blockLen: number;
+    canXOF: boolean;
+    oid?: TRet<Uint8Array> | undefined;
+    create: () => Streebog512;
+};
+export {};