- Overview
- Historical Background
- Mathematics Behind GOST
- Modes of Operation
- Key Sizes Supported
- C and C++ Variants
- Usage Examples (C)
- Usage Examples (C++)
- Security Notes and Disclaimer
- Performance
- License
- References
This repository provides C and C++ implementations of the GOST Block Cipher, a symmetric-key cryptographic algorithm standardized in the former Soviet Union and Russia.
Both implementations offer support for multiple modes of operation and conversion utilities.
This project is intended for educational and research purposes only.
Repository: MrkFrcsl98/GOST_Algorithm
Author: MrkFrcsl98
GOST 28147-89 was developed in the Soviet Union in 1989 and standardized as a national encryption standard for decades.
It features a Feistel network structure with 32 rounds and a 256-bit key.
- Block size: 64 bits (8 bytes)
- Number of rounds: 32
- Key size: 256 bits (32 bytes)
GOST is notable for its simplicity, custom S-boxes, and flexibility, and has influenced several modern block ciphers.
GOST is a 32-round Feistel cipher:
- Round Function:
Each round uses modular addition, 8 custom 4-bit S-boxes, and a cyclic left rotation. - Key Schedule:
The 256-bit key is split into eight 32-bit subkeys, repeated in a fixed pattern.
Encryption round:
- Add subkey to left word (mod 2^32)
- Substitute result using S-boxes
- Circular left shift by 11 bits
- XOR with right word, swap halves
Decryption reverses this process with subkeys in reverse order.
Both C and C++ implementations support the following standard block cipher modes:
| Mode Name | Description | Padding Needed? | IV/Nonce Required? | Secure for Messages Larger Than Block? |
|---|---|---|---|---|
| ECB | Electronic Codebook | Yes (PKCS#7) | No | ❌ (not recommended) |
| CBC | Cipher Block Chaining | Yes (PKCS#7) | Yes (IV) | ✔️ |
| CFB | Cipher Feedback | No | Yes (IV) | ✔️ |
| OFB | Output Feedback | No | Yes (IV) | ✔️ |
| CTR | Counter | No | Yes (Nonce) | ✔️ |
Note:
- IVs/Nonces must be unique and random for each encryption in CBC/CFB/OFB/CTR.
- ECB mode should only be used for single-block messages or educational demos.
| Option | Symbol | Key Length (bytes) | Key Length (bits) |
|---|---|---|---|
| 256 bits | GOST_KEY_SIZE |
32 | 256 |
This repository contains two main implementations:
-
C version:
Files:gost.c,gost.h
This version is portable, standard C, suitable for integration with C projects and for educational study. -
C++ version:
File:gost.hpp
This version uses modern C++ and offers a class-based, header-only design for ease of use in C++ projects, with utility functions and result wrappers.
You can use either implementation independently, depending on your project needs.
#include "gost.h"
// All functions are prefixed with gost_uint8_t key[GOST_KEY_SIZE];
uint8_t iv[GOST_BLOCK_SIZE];
gost_generate_key(key);
gost_generate_iv(iv, GOST_BLOCK_SIZE);const char* plaintext = "Hello, GOST block cipher!";
size_t pt_len = strlen(plaintext);
uint8_t* ciphertext = NULL;
size_t ciphertext_len = 0;
gost_ecb_encrypt((const uint8_t*)plaintext, pt_len, key, &ciphertext, &ciphertext_len);
uint8_t* decrypted = NULL;
size_t decrypted_len = 0;
gost_ecb_decrypt(ciphertext, ciphertext_len, key, &decrypted, &decrypted_len);
char* hexstr = gost_to_hex(ciphertext, ciphertext_len);
printf("Ciphertext (hex): %s\n", hexstr);
printf("Decrypted: %.*s\n", (int)decrypted_len, (char*)decrypted);
free(ciphertext);
free(decrypted);
free(hexstr);uint8_t* cbc_cipher = NULL;
size_t cbc_cipher_len = 0;
gost_cbc_encrypt((const uint8_t*)plaintext, pt_len, key, iv, &cbc_cipher, &cbc_cipher_len);
uint8_t* cbc_plain = NULL;
size_t cbc_plain_len = 0;
gost_cbc_decrypt(cbc_cipher, cbc_cipher_len, key, iv, &cbc_plain, &cbc_plain_len);
// Don't forget to free!
free(cbc_cipher);
free(cbc_plain);uint8_t* cfb_cipher = NULL;
gost_cfb_encrypt((const uint8_t*)plaintext, pt_len, key, iv, &cfb_cipher);
uint8_t* ofb_cipher = NULL;
gost_ofb_crypt((const uint8_t*)plaintext, pt_len, key, iv, &ofb_cipher);
uint8_t* ctr_cipher = NULL;
gost_ctr_crypt((const uint8_t*)plaintext, pt_len, key, iv, &ctr_cipher);
// Free after use
free(cfb_cipher); free(ofb_cipher); free(ctr_cipher);char* hexstr = gost_to_hex(ciphertext, ciphertext_len);
size_t outlen;
uint8_t* fromhex = gost_from_hex(hexstr, &outlen);
char* b64 = gost_to_base64(ciphertext, ciphertext_len);
uint8_t* fromb64 = gost_from_base64(b64, &outlen);
free(hexstr); free(fromhex); free(b64); free(fromb64);#include "gost.hpp"
using gost256 = GOST<GOST_KEY_SIZE::BITS_256>;std::string key = GOSTKeyIVGenerator::generateKey(GOST_KEY_SIZE::BITS_256);
std::string iv = GOSTKeyIVGenerator::generateIV(); // 8 bytesstd::string plaintext = "Hello, GOST block cipher!";
auto ciphertext = gost256::ECB::Encrypt(plaintext, key);
// To hex
std::cout << "Ciphertext (hex): " << ciphertext.toHex().asString() << "\n";
auto decrypted = gost256::ECB::Decrypt(ciphertext.asString(), key);
std::cout << "Decrypted: " << decrypted.asString() << std::endl;auto cbc_cipher = gost256::CBC::Encrypt(plaintext, key, iv);
auto cbc_plain = gost256::CBC::Decrypt(cbc_cipher.asString(), key, iv);
auto cfb_cipher = gost256::CFB::Encrypt(plaintext, key, iv);
auto cfb_plain = gost256::CFB::Decrypt(cfb_cipher.asString(), key, iv);
auto ofb_cipher = gost256::OFB::Encrypt(plaintext, key, iv);
auto ofb_plain = gost256::OFB::Decrypt(ofb_cipher.asString(), key, iv);
auto ctr_cipher = gost256::CTR::Encrypt(plaintext, key, iv); // IV acts as nonce
auto ctr_plain = gost256::CTR::Decrypt(ctr_cipher.asString(), key, iv);auto base64 = ciphertext.toBase64().asString();
auto from64 = GOSTResult(base64).fromBase64().asString();
auto hexstr = ciphertext.toHex().asString();
auto orig = GOSTResult(hexstr).fromHex().asString();
⚠️ Educational Use Only!
- This code is provided for learning, academic, and research purposes.
- It has not been security audited or tested for use in production.
- Cryptographic code is easy to get wrong.
- Do NOT use this implementation to protect sensitive or confidential data.
- Use only after a full, independent security review.
- Written in portable standard C and modern C++.
- Simple and clear for study and experimentation.
- Not optimized for high-throughput production use.
This project is licensed under the MIT License.
- Wikipedia: GOST (block cipher)
- GOST 28147-89 Standard (RFC 5830)
- GOST Algorithm (Rosstandart)
- Cryptography Stack Exchange: GOST
- Feistel Network
- Block Cipher Modes
- Serpent Algorithm by MrkFrcsl98