---

GoGOST ¶

Pure Go GOST cryptographic functions library. GOST is GOvernment STandard of Russian Federation (and Soviet Union). It is copylefted free software: licenced under GPLv3. You can read about GOST algorithms more.

Currently supported algorithms are:

• GOST 28147-89 (RFC 5830) block cipher with ECB, CNT (CTR), CFB, MAC, CBC (RFC 4357) modes of operation
• various 28147-89-related S-boxes included
• GOST R 34.11-94 hash function (RFC 5831)
• GOST R 34.11-2012 Стрибог (Streebog) hash function (RFC 6986)
• GOST R 34.10-2001 (RFC 5832) public key signature function
• GOST R 34.10-2012 (RFC 7091) public key signature function
• various 34.10 curve parameters included
• Coordinates conversion from twisted Edwards to Weierstrass form and vice versa
• VKO GOST R 34.10-2001 key agreement function (RFC 4357)
• VKO GOST R 34.10-2012 key agreement function (RFC 7836)
• KDF_GOSTR3411_2012_256 KDF function (RFC 7836)
• GOST R 34.12-2015 128-bit block cipher Кузнечик (Kuznechik) (RFC 7801)
• GOST R 34.12-2015 64-bit block cipher Магма (Magma)
• GOST R 34.13-2015 padding methods
• MGM AEAD mode for 64 and 128 bit ciphers (RFC 9058)
• TLSTREE keyscheduling function
• ESPTREE/IKETREE (IKE* is the same as ESP*) keyscheduling function
• PRF_IPSEC_PRFPLUS_GOSTR3411_2012_{256,512} and generic prf+ functions (Р 50.1.111-2016 with IKEv2 RFC 7296)

Probably you could be interested in Go’s support of GOST TLS 1.3.

Example 34.10-2012-256 keypair generation, signing and verifying:

import (
    "crypto/rand"
    "io"
    "go.cypherpunks.su/gogost/v6/gost3410"
    "go.cypherpunks.su/gogost/v6/gost34112012256"
)
func main() {
    data := []byte("data to be signed")
    hasher := gost34112012256.New()
    hasher.Write(data)
    dgst := hasher.Sum(nil)
    curve := gost3410.CurveIdtc26gost341012256paramSetB()
    prvRaw := make([]byte, curve.PointSize())
    rand.Read(prvRaw)
    prv, err := gost3410.NewPrivateKey(curve, prvRaw)
    pub, err := prv.PublicKey()
    pubRaw := pub.Raw()
    sign, err := prv.Sign(rand.Reader, dgst, nil)
    pub, err = gost3410.NewPublicKey(curve, pubRaw)
    isValid, err := pub.VerifyDigest(dgst, sign)
    if !isValid { panic("signature is invalid") }
}

Please send questions, bug reports and patches to gost mailing list. Announcements also go to this mailing list.

Copyright © 2015-2025 Sergey Matveev

• FAQ:
• News:
• Download:

Next: Frequently asked questions