NEWS

7.0.0
    Changed namespace because of domain expiration:
        go.cypherpunks.su -> go.stargrave.org

6.1.0
    * Fixed workability with Go 1.24's subtle.XORBytes
    * Go 1.24 is required now because of crypto/hkdf and crypto/pbkdf2

6.0.2
    Minor trivial changes.

6.0.1
    Minor trivial changes.

6.0.0
    Changed namespace because of domain expiration:
        go.cypherpunks.ru/gogost/v5 -> go.cypherpunks.su/gogost/v6

5.15.0
    Optimised Streebog implementation with precalculated tables.

5.14.1
    * Forgotten Version raise
    * Streebog-512 PBKDF2 test vectors

5.14.0
    28147-89 and CryptoPro key wrapping support
    => RFC 4357

5.13.0
    gost3410.NewPublicKeyLE, gost3410.PublicKey.RawLE,
    gost3410.NewPublicKeyBE, gost3410.PublicKey.RawBE,
    gost3410.NewPrivateKeyLE, gost3410.PrivateKey.RawLE,
    gost3410.NewPrivateKeyBE, gost3410.PrivateKey.RawBE,
    functions appeared, to simplify dealing with different
    endianness keys serialisation.
    gost3410.PublicKeyReverseDigest and
    gost3410.PublicKeyReverseDigestAndSignature wrappers appeared.

5.12.0
    Updated dependencies.

5.11.0
    You can check if public key is on curve with
    gost3410.Curve.Contains method now.

5.10.0
    * mgm.MGM.Open returns mgm.InvalidTag for failed authentication
    * Example cmd/cer-dane-hash and cmd/cer-selfsigned-example
      utilities appeared

5.9.1
    Updated and cleaned up go.sum.

5.9.0
    gost3410 is more thread-safe.

5.8.0
    Faster Kuznechik and ~3x faster Kuznechik-MGM.

5.7.0
    Go 1.17 requires gost3410.PublicKey to have Equal method.

5.6.0
    Add gost3410.CurveIdtc26gost341012512paramSetTest curve. More curve aliases:
    CurveIdGostR34102001CryptoProAParamSet -> CurveIdtc26gost341012256paramSetB
    CurveIdGostR34102001CryptoProBParamSet -> CurveIdtc26gost341012256paramSetC
    CurveIdGostR34102001CryptoProCParamSet -> CurveIdtc26gost341012256paramSetD
    CurveIdGostR34102001CryptoProXchAParamSet -> CurveIdGostR34102001CryptoProAParamSet
    CurveIdGostR34102001CryptoProXchBParamSet -> CurveIdGostR34102001CryptoProCParamSet
    CurveIdtc26gost34102012256paramSetA -> CurveIdtc26gost341012256paramSetA
    CurveIdtc26gost34102012256paramSetB -> CurveIdtc26gost341012256paramSetB
    CurveIdtc26gost34102012256paramSetC -> CurveIdtc26gost341012256paramSetC
    CurveIdtc26gost34102012256paramSetD -> CurveIdtc26gost341012256paramSetD
    CurveIdtc26gost34102012512paramSetTest -> CurveIdtc26gost341012512paramSetTest
    CurveIdtc26gost34102012512paramSetA -> CurveIdtc26gost341012512paramSetA
    CurveIdtc26gost34102012512paramSetB -> CurveIdtc26gost341012512paramSetB
    CurveIdtc26gost34102012512paramSetC -> CurveIdtc26gost341012512paramSetC

5.5.0
    gost3410.PrivateKey is in gost3410.Curve.Q now.
    That makes them more friendly with some implementations.

5.4.0
    Even slightly less allocations in Streebog.

5.3.0
    ~16x speedup of Streebog, ~15x speedup of Kuznechik.

5.2.0
    MGM does not panic when short (tagless) message is verified.

5.1.1
    Tarball uses vendoring, instead of GOPATH overriding.
    As minimal Go version is 1.12 for a long time, it supports modules.

5.1.0
    gost3410/KEK* functions do not alter ukm argument.
    It is safe to reuse now.

5.0.0
    Backward incompatible remove of excess misleading gost3410.Mode
    from all related functions. Point/key sizes are determined by
    looking at curve's parameters size.

4.3.0
    *Fixed* nasty bug with Edwards curves using in 34.10-VKO
    functions: curve's cofactor has not been used.

4.2.4
    gost3410.PrivateKeyReverseDigest reversed digests and
    PrivateKeyReverseDigestAndSignature with also reversed
    signatures signers appeared for convenience.

4.2.3
    Panic on all possible hash Write errors.

4.2.2
    More 34.10-2012 test vectors.

4.2.1
    Dummy release. More nicer tarballs.

4.2.0
    * PRF_IPSEC_PRFPLUS_GOSTR3411_2012_{256,512} implementation
    * Generic prf+ function (taken from IKEv2 (RFC 7296))

4.1.0
    * ESPTREE/IKETREE implementation
    * CurveIdtc26gost34102012256paramSetB,
      CurveIdtc26gost34102012256paramSetC,
      CurveIdtc26gost34102012256paramSetD curve aliases
    * Forbid any later GNU GPL version autousage
        (project's licence now is GNU GPLv3 only)
    * Project now is "go get"-able and uses go.cypherpunks.ru namespace:
        go get go.cypherpunks.ru/gogost
        go get go.cypherpunks.ru/gogost/cmd/streebog{256,512}

4.0
    * Backward incompatible change: all keys passing to encryption
      functions are slices now, not the fixed arrays. That heavily
      simplifies the library usage
    * Fix bug with overwriting IVs memory in gost28147.CFB*crypter
    * TLSTREE, used in TLS 1.[23], implementation
    * gost3410.KEK2012* can be used with any curves, not only 512-bit ones
    * gost3410.PrivateKey satisfies crypto.Signer interface
    * gost34112012* hashes satisfy encoding.Binary(Un)Marshaler
    * Streebog256 HKDF test vectors

3.0
    * Multilinear Galois Mode (MGM) block cipher mode for
      64 and 128 bit ciphers
    * KDF_GOSTR3411_2012_256 KDF
    * 34.12-2015 64-bit block cipher Магма (Magma)
    * Additional EAC 28147-89 Sbox
    * 34.10-2012 TC26 twisted Edwards curve related parameters
    * Coordinates conversion from twisted Edwards to Weierstrass
      form and vice versa
    * Fixed gost3410.PrivateKey's length validation
    * Backward incompatible change: gost3410.NewCurve takes big.Int,
      instead of encoded integers
    * Backward incompatible Sbox and curves parameters renaming, to
      comply with OIDs identifying them:
        Gost2814789_TestParamSet       -> SboxIdGost2814789TestParamSet
        Gost28147_CryptoProParamSetA   -> SboxIdGost2814789CryptoProAParamSet
        Gost28147_CryptoProParamSetB   -> SboxIdGost2814789CryptoProBParamSet
        Gost28147_CryptoProParamSetC   -> SboxIdGost2814789CryptoProCParamSet
        Gost28147_CryptoProParamSetD   -> SboxIdGost2814789CryptoProDParamSet
        GostR3411_94_TestParamSet      -> SboxIdGostR341194TestParamSet
        Gost28147_tc26_ParamZ          -> SboxIdtc26gost28147paramZ
        GostR3411_94_CryptoProParamSet -> SboxIdGostR341194CryptoProParamSet
        EACParamSet                    -> SboxEACParamSet

        CurveParamsGostR34102001cc            -> CurveGostR34102001ParamSetcc
        CurveParamsGostR34102001Test          -> CurveIdGostR34102001TestParamSet
        CurveParamsGostR34102001CryptoProA    -> CurveIdGostR34102001CryptoProAParamSet
        CurveParamsGostR34102001CryptoProB    -> CurveIdGostR34102001CryptoProBParamSet
        CurveParamsGostR34102001CryptoProC    -> CurveIdGostR34102001CryptoProCParamSet
        CurveParamsGostR34102001CryptoProXchA -> CurveIdGostR34102001CryptoProXchAParamSet
        CurveParamsGostR34102001CryptoProXchB -> CurveIdGostR34102001CryptoProXchBParamSet
        CurveParamsGostR34102012TC26ParamSetA -> CurveIdtc26gost341012512paramSetA
        CurveParamsGostR34102012TC26ParamSetB -> CurveIdtc26gost341012512paramSetB
    * Various additional test vectors
    * go modules friendliness

2.0
    * 34.11-2012 is split on two different modules:
      gost34112012256 and gost34112012512
    * 34.11-94's digest is reversed. Now it is compatible with TC26's
      HMAC and PBKDF2 test vectors
    * gogost-streebog is split to streebog256 and streebog512
      correspondingly by analogy with sha* utilities
    * added VKO 34.10-2012 support with corresponding test vectors
    * gost3410.DigestSizeX is renamed to gost3410.ModeX because it is
      not related to digest size, but parameters and key sizes
    * KEK functions take big.Int UKM value. Use NewUKM to unmarshal raw
      binary UKM

1.1
    * gogost-streebog is able to use either 256 or 512 bits digest size
    * 34.13-2015 padding methods
    * 28147-89 CBC mode of operation