gost-crypto

April 8, 2026 · View on GitHub

CI Go Report Card GoDoc License: MIT Go Version codecov

Go library for Russian GOST cryptographic standards (GOST R 34.10-2012, GOST R 34.11-2012 Streebog, GOST R 34.12-2015 Kuznechik, GOST R 34.13-2015 MGM), powered by OpenSSL gost-engine. Digital signatures, hashing, encryption, key agreement, and key derivation with zero external Go dependencies.

API Reference | Examples | На русском | Contributing

Why gost-crypto?

  • OpenSSL backend — all cryptographic operations run through OpenSSL gost-engine, ensuring constant-time execution and FIPS-level implementation quality
  • Complete GOST toolkit — digital signatures, hashing, symmetric encryption, AEAD, key agreement, and key derivation in a single library
  • Standard Go interfaceshash.Hash, cipher.Block, cipher.AEAD — drop-in compatible with Go's crypto ecosystem
  • Zero Go dependenciesgo.mod has no require directives; only OpenSSL + CGO at build time
  • All 8 TC26 curves — both 256-bit and 512-bit elliptic curve parameter sets
  • HD key derivation — BIP32-style hierarchical deterministic keys for GOST curves

Features

StandardPackageDescriptionGo Interface
GOST R 34.10-2012pkg/gost3410Elliptic curve digital signatures
GOST R 34.11-2012pkg/gost3411Streebog hash (256/512-bit)hash.Hash
GOST R 34.12-2015pkg/gost3412Kuznechik block ciphercipher.Block
GOST R 34.13-2015pkg/gost3413MGM authenticated encryptioncipher.AEAD
RFC 7836pkg/gost3410VKO key agreement (ECDH)
R 50.1.113-2016pkg/kdfKDF_GOSTR3411, HKDF-Streebog
BIP-32 stylepkg/hdHD key derivation

Requirements

Installation

go get github.com/rekurt/gost-crypto

Quick Start

Sign and Verify

package main

import (
    "fmt"
    gostcrypto "github.com/rekurt/gost-crypto"
)

func main() {
    priv, err := gostcrypto.GenerateKey(gostcrypto.CurveTC26_256_A)
    if err != nil {
        panic(err)
    }
    defer priv.Zeroize()

    sig, err := gostcrypto.Sign(priv, []byte("Hello, GOST!"))
    if err != nil {
        panic(err)
    }

    ok, err := gostcrypto.Verify(priv.PublicKey(), []byte("Hello, GOST!"), sig)
    if err != nil {
        panic(err)
    }
    fmt.Println("valid:", ok) // valid: true
}

VKO Key Agreement

privA, _ := gostcrypto.GenerateKey(gostcrypto.CurveTC26_256_A)
privB, _ := gostcrypto.GenerateKey(gostcrypto.CurveTC26_256_A)
defer privA.Zeroize()
defer privB.Zeroize()

ukm := []byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}

// Shared secret is symmetric: Agree(A, pubB) == Agree(B, pubA)
secretAB, _ := gostcrypto.Agree(privA, privB.PublicKey(), ukm)
secretBA, _ := gostcrypto.Agree(privB, privA.PublicKey(), ukm)
// bytes.Equal(secretAB, secretBA) == true

Kuznechik Encryption (AEAD)

import "github.com/rekurt/gost-crypto/pkg/gost3413"

aead, _ := gost3413.NewMGMFromKey(key) // 32-byte key

nonce := make([]byte, aead.NonceSize())
rand.Read(nonce)

ciphertext := aead.Seal(nil, nonce, plaintext, additionalData)

More examples: docs/EXAMPLES.md | _examples/

Supported Curves

All 8 TC26 elliptic curve parameter sets are supported:

CurveSizeOIDNotes
CurveTC26_256_A256-bit1.2.643.7.1.2.1.1.1Recommended
CurveTC26_256_B256-bit1.2.643.2.2.35.1CryptoPro-A
CurveTC26_256_C256-bit1.2.643.2.2.35.2CryptoPro-B
CurveTC26_256_D256-bit1.2.643.2.2.35.3CryptoPro-C
CurveTC26_512_A512-bit1.2.643.7.1.2.1.2.1
CurveTC26_512_B512-bit1.2.643.7.1.2.1.2.2
CurveTC26_512_C512-bit1.2.643.7.1.2.1.2.3
CurveTC26_512_D512-bit1.2.643.7.1.2.1.2.0Test curve

Package Structure

gost-crypto/
├── gostcrypto.go       # High-level facade: Sign, Verify, HashSum, Agree
├── keys.go             # GenerateKey, LoadPrivKey, PrivKey/PubKey aliases
├── curves.go           # Curve type, TC26 constants, AllCurves
├── errors.go           # Re-exported sentinel errors
├── pkg/
│   ├── gost3410/       # GOST R 34.10-2012 signatures (OpenSSL backend)
│   ├── gost3411/       # GOST R 34.11-2012 Streebog hash (OpenSSL backend)
│   ├── gost3412/       # GOST R 34.12-2015 Kuznechik cipher
│   ├── gost3413/       # GOST R 34.13-2015 MGM AEAD
│   ├── hd/             # HD key derivation (HKDF, BIP32-style paths)
│   └── kdf/            # Key derivation functions (HKDF-Streebog, KDF_GOSTR3411)
├── internal/openssl/   # CGO bindings for OpenSSL gost-engine
└── _examples/          # Runnable examples

Documentation

DocumentDescription
API ReferenceComplete API for all packages
ExamplesValidated usage patterns
DeploymentOpenSSL + gost-engine setup
Migration v0 to v1Breaking changes and migration path
Threat ModelSecurity assumptions and limitations
Security PolicyVulnerability disclosure

Standards Compliance

This library implements the following Russian and international standards:

  • GOST R 34.10-2012 / RFC 7091 — Digital signature algorithm
  • GOST R 34.11-2012 / RFC 6986 — Streebog hash function
  • GOST R 34.12-2015 — Kuznechik block cipher
  • GOST R 34.13-2015 — MGM authenticated encryption mode
  • RFC 7836 — VKO key agreement
  • R 50.1.113-2016 — KDF_GOSTR3411 key derivation
  • TC26 — All 8 standardized elliptic curve parameter sets

Contributing

Contributions are welcome. See docs/CONTRIBUTING.md for guidelines.

License

MIT License. See LICENSE for details.