From b65eabe23d5910a26d741439b1f5ea45ba4a0777 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 25 Sep 2016 22:37:45 +0200 Subject: Add test vectors for Kuznyechik and GOST89 (the later is deprecated) --- src/Common/Crypto.c | 2 +- src/Common/Tests.c | 178 ++++++++++++++++++++++++++++++++++++- src/Crypto/GostCipher.c | 42 ++++----- src/Crypto/GostCipher.h | 2 +- src/Volume/Cipher.cpp | 23 ++++- src/Volume/Cipher.h | 1 + src/Volume/EncryptionAlgorithm.cpp | 4 +- src/Volume/EncryptionTest.cpp | 116 +++++++++++++++++++++++- 8 files changed, 338 insertions(+), 30 deletions(-) diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c index 43f287d3..cae705b6 100644 --- a/src/Common/Crypto.c +++ b/src/Common/Crypto.c @@ -158,7 +158,7 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks) #if !defined(TC_WINDOWS_BOOT) #if defined(CIPHER_GOST89) case GOST89: - gost_set_key(key, (gost_kds*)ks); + gost_set_key(key, (gost_kds*)ks, 1); break; #endif // && defined(CIPHER_GOST89) case KUZNYECHIK: diff --git a/src/Common/Tests.c b/src/Common/Tests.c index bd159137..cf0c8699 100644 --- a/src/Common/Tests.c +++ b/src/Common/Tests.c @@ -376,6 +376,71 @@ CAMELLIA_TEST camellia_vectors[CAMELLIA_TEST_COUNT] = { 0xAD, 0x5C, 0x4D, 0x84 } }; +#if defined(CIPHER_GOST89) +// GOST89 ECB test vectors +#define GOST89_TEST_COUNT 1 + +typedef struct { + unsigned char key[32]; + unsigned char plaintext[16]; + unsigned char ciphertext[16]; + } GOST89_TEST; + +GOST89_TEST gost89_vectors[GOST89_TEST_COUNT] = { +{ + 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, + 0x33, 0x22, 0x11, 0x00, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, + 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0xFE, 0xDC, 0xBA, 0x98, + 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, + 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF, + 0x02, 0x9D, 0xBD, 0x9F +} +}; +#endif + +// Kuznyechik ECB test vectors +#define KUZNYECHIK_TEST_COUNT 4 + +typedef struct { + unsigned char key[32]; + unsigned char plaintext[16]; + unsigned char ciphertext[16]; + } KUZNYECHIK_TEST; + +KUZNYECHIK_TEST kuznyechik_vectors[KUZNYECHIK_TEST_COUNT] = { +{ + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, + 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x11, 0x22, 0x33, 0x44, + 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, + 0x7F, 0x67, 0x9D, 0x90, 0xBE, 0xBC, 0x24, 0x30, 0x5A, 0x46, 0x8D, 0x42, + 0xB9, 0xD4, 0xED, 0xCD +}, +{ + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, + 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x00, 0x11, 0x22, 0x33, + 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, + 0xB4, 0x29, 0x91, 0x2C, 0x6E, 0x00, 0x32, 0xF9, 0x28, 0x54, 0x52, 0xD7, + 0x67, 0x18, 0xD0, 0x8B +}, +{ + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, + 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x11, 0x22, 0x33, 0x44, + 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, + 0xF0, 0xCA, 0x33, 0x54, 0x9D, 0x24, 0x7C, 0xEE, 0xF3, 0xF5, 0xA5, 0x31, + 0x3B, 0xD4, 0xB1, 0x57 +}, +{ + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, + 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, 0x11, + 0xD0, 0xB0, 0x9C, 0xCD, 0xE8, 0x30, 0xB9, 0xEB, 0x3A, 0x02, 0xC4, 0xC5, + 0xAA, 0x8A, 0xDA, 0x98 +} +}; /* Test vectors from FIPS 198a, RFC 4231, RFC 2104, RFC 2202, and other sources. */ @@ -781,6 +846,60 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) break; } } +#if defined(CIPHER_GOST89) + else if (wcscmp (name, L"GOST89") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0x12194ef5) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0xda8d429b) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0xdbf0b12e) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0xb986eb4a) + return FALSE; + nTestsPerformed++; + break; + } + } +#endif + else if (wcscmp (name, L"Kuznyechik") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0x6b86e72e) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0xa4f8637d) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0xfd83e76d) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0xb24fc47b) + return FALSE; + nTestsPerformed++; + break; + } + } else if (wcscmp (name, L"AES-Twofish") == 0) { switch (testCase) @@ -981,6 +1100,20 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) return FALSE; nTestsPerformed++; } +#if defined(CIPHER_GOST89) + else if (wcscmp (name, L"GOST89") == 0) + { + if (crc != 0x9e8653cb) + return FALSE; + nTestsPerformed++; + } +#endif + else if (wcscmp (name, L"Kuznyechik") == 0) + { + if (crc != 0xd6d39cdb) + return FALSE; + nTestsPerformed++; + } else if (wcscmp (name, L"AES-Twofish") == 0) { if (crc != 0x14ce7385) @@ -1023,9 +1156,9 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) nTestsPerformed++; } #if defined(CIPHER_GOST89) - return (nTestsPerformed == 100); + return (nTestsPerformed == 110); #else - return (nTestsPerformed == 95); + return (nTestsPerformed == 105); #endif } @@ -1149,6 +1282,47 @@ static BOOL DoAutoTestAlgorithms (void) if (i != CAMELLIA_TEST_COUNT) bFailed = TRUE; + /* Kuznyechik */ + + for (i = 0; i < KUZNYECHIK_TEST_COUNT; i++) + { + int cipher = KUZNYECHIK; + memcpy(key, kuznyechik_vectors[i].key, 32); + memcpy(tmp, kuznyechik_vectors[i].plaintext, 16); + CipherInit(cipher, key, ks_tmp); + + EncipherBlock(cipher, tmp, ks_tmp); + if (memcmp(kuznyechik_vectors[i].ciphertext, tmp, 16) != 0) + break; + + DecipherBlock(cipher, tmp, ks_tmp); + if (memcmp(kuznyechik_vectors[i].plaintext, tmp, 16) != 0) + break; + } + if (i != KUZNYECHIK_TEST_COUNT) + bFailed = TRUE; + +#if defined(CIPHER_GOST89) + /* GOST89 */ + + for (i = 0; i < GOST89_TEST_COUNT; i++) + { + int cipher = GOST89; + memcpy(key, gost89_vectors[i].key, 32); + memcpy(tmp, gost89_vectors[i].plaintext, 16); + gost_set_key(key, (gost_kds*)ks_tmp, 0); + + EncipherBlock(cipher, tmp, ks_tmp); + if (memcmp(gost89_vectors[i].ciphertext, tmp, 16) != 0) + break; + + DecipherBlock(cipher, tmp, ks_tmp); + if (memcmp(gost89_vectors[i].plaintext, tmp, 16) != 0) + break; + } + if (i != GOST89_TEST_COUNT) + bFailed = TRUE; +#endif /* PKCS #5 and HMACs */ if (!test_pkcs5 ()) diff --git a/src/Crypto/GostCipher.c b/src/Crypto/GostCipher.c index b84fd4ed..4d7e5070 100644 --- a/src/Crypto/GostCipher.c +++ b/src/Crypto/GostCipher.c @@ -69,7 +69,6 @@ void gost_prepare_kds(gost_kds* kds) { } -#ifdef GOST_DYNAMIC_SBOXES static void xor_s_box(byte s_box[8][16], byte *seed) { int i; @@ -85,38 +84,35 @@ static void xor_s_box(byte s_box[8][16], byte *seed) s_box[7][i] ^= (seed[ (i * 4) + 3 ]>>4) & 0xF; } } -#endif -void gost_set_key(const byte *key, gost_kds *ks) +void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox) { -#ifdef GOST_DYNAMIC_SBOXES - STREEBOG_CTX sctx; - byte sbox_seed[64]; -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - KFLOATING_SAVE floatingPointState; - NTSTATUS saveStatus = STATUS_SUCCESS; - if (HasSSE2() || HasSSE41()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif -#endif - memcpy(ks->key, key, GOST_KEYSIZE); memcpy(ks->sbox, S_TC26, sizeof(ks->sbox)); -#ifdef GOST_DYNAMIC_SBOXES - //Generate pseudorandom data based on the key - STREEBOG_init(&sctx); - STREEBOG_add(&sctx, key, 32); - STREEBOG_finalize(&sctx, sbox_seed); - + if (useDynamicSbox) + { + STREEBOG_CTX sctx; + byte sbox_seed[64]; #if defined (DEVICE_DRIVER) && !defined (_WIN64) - if (NT_SUCCESS (saveStatus) && (HasSSE2() || HasSSE41())) - KeRestoreFloatingPointState (&floatingPointState); + KFLOATING_SAVE floatingPointState; + NTSTATUS saveStatus = STATUS_SUCCESS; + if (HasSSE2() || HasSSE41()) + saveStatus = KeSaveFloatingPointState (&floatingPointState); #endif + //Generate pseudorandom data based on the key + STREEBOG_init(&sctx); + STREEBOG_add(&sctx, key, 32); + STREEBOG_finalize(&sctx, sbox_seed); - xor_s_box(ks->sbox, sbox_seed); +#if defined (DEVICE_DRIVER) && !defined (_WIN64) + if (NT_SUCCESS (saveStatus) && (HasSSE2() || HasSSE41())) + KeRestoreFloatingPointState (&floatingPointState); #endif + xor_s_box(ks->sbox, sbox_seed); + } + gost_prepare_kds(ks); } diff --git a/src/Crypto/GostCipher.h b/src/Crypto/GostCipher.h index 40962073..36afb777 100644 --- a/src/Crypto/GostCipher.h +++ b/src/Crypto/GostCipher.h @@ -56,7 +56,7 @@ typedef struct gost_kds void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count); void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count); -void gost_set_key(const byte *key, gost_kds *ks); +void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox); #else #define GOST_KS (0) diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp index 69449088..3363f640 100644 --- a/src/Volume/Cipher.cpp +++ b/src/Volume/Cipher.cpp @@ -286,7 +286,28 @@ namespace VeraCrypt void CipherGost89::SetCipherKey (const byte *key) { - gost_set_key (key, (gost_kds *) ScheduledKey.Ptr()); + gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 1); + } + + // GOST89 with static SBOX + void CipherGost89StaticSBOX::Decrypt (byte *data) const + { + gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); + } + + void CipherGost89StaticSBOX::Encrypt (byte *data) const + { + gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); + } + + size_t CipherGost89StaticSBOX::GetScheduledKeySize () const + { + return GOST_KS; + } + + void CipherGost89StaticSBOX::SetCipherKey (const byte *key) + { + gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 0); } // Kuznyechik diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h index 28e0bd7f..1805229e 100644 --- a/src/Volume/Cipher.h +++ b/src/Volume/Cipher.h @@ -108,6 +108,7 @@ namespace VeraCrypt TC_CIPHER (Twofish, 16, 32); TC_CIPHER (Camellia, 16, 32); TC_CIPHER (Gost89, 16, 32); + TC_CIPHER (Gost89StaticSBOX, 16, 32); TC_CIPHER (Kuznyechik, 16, 32); #undef TC_CIPHER diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp index df8afec5..79e27fe0 100644 --- a/src/Volume/EncryptionAlgorithm.cpp +++ b/src/Volume/EncryptionAlgorithm.cpp @@ -298,8 +298,10 @@ namespace VeraCrypt // GOST89 - GOST89::GOST89 () : Deprecated (true) + GOST89::GOST89 () { + Deprecated = true; + Ciphers.push_back (shared_ptr (new CipherGost89())); SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp index eed8bd15..9b68bb31 100644 --- a/src/Volume/EncryptionTest.cpp +++ b/src/Volume/EncryptionTest.cpp @@ -123,6 +123,50 @@ namespace VeraCrypt } } }; + + static const CipherTestVector GOST89TestVectors[] = + { + { + { + 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, + 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF + }, + { + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88 + }, + { + 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF, 0x02, 0x9D, 0xBD, 0x9F + } + } + }; + + static const CipherTestVector KuznyechikTestVectors[] = + { + { + { + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF + }, + { + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88 + }, + { + 0x7F, 0x67, 0x9D, 0x90, 0xBE, 0xBC, 0x24, 0x30, 0x5A, 0x46, 0x8D, 0x42, 0xB9, 0xD4, 0xED, 0xCD + } + }, + { + { + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF + }, + { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A + }, + { + 0xB4, 0x29, 0x91, 0x2C, 0x6E, 0x00, 0x32, 0xF9, 0x28, 0x54, 0x52, 0xD7, 0x67, 0x18, 0xD0, 0x8B + } + } + }; static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount) { @@ -170,6 +214,12 @@ namespace VeraCrypt CipherCamellia camellia; TestCipher (camellia, CamelliaTestVectors, array_capacity (CamelliaTestVectors)); + + CipherGost89StaticSBOX gost89; + TestCipher (gost89, GOST89TestVectors, array_capacity (GOST89TestVectors)); + + CipherKuznyechik kuznyechik; + TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors)); } const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] = @@ -603,6 +653,58 @@ namespace VeraCrypt break; } } + else if (typeid (ea) == typeid (GOST89)) + { + switch (testCase) + { + case 0: + if (crc != 0x12194ef5) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 1: + if (crc != 0xda8d429b) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 2: + if (crc != 0xdbf0b12e) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 3: + if (crc != 0xb986eb4a) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + } + } + else if (typeid (ea) == typeid (Kuznyechik)) + { + switch (testCase) + { + case 0: + if (crc != 0x6b86e72e) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 1: + if (crc != 0xa4f8637d) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 2: + if (crc != 0xfd83e76d) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 3: + if (crc != 0xb24fc47b) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + } + } else if (typeid (ea) == typeid (AESTwofish)) { switch (testCase) @@ -805,6 +907,18 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } + else if (typeid (ea) == typeid (GOST89)) + { + if (crc != 0x9e8653cb) + throw TestFailed (SRC_POS); + nTestsPerformed++; + } + else if (typeid (ea) == typeid (Kuznyechik)) + { + if (crc != 0xd6d39cdb) + throw TestFailed (SRC_POS); + nTestsPerformed++; + } else if (typeid (ea) == typeid (AESTwofish)) { if (crc != 0x14ce7385) @@ -847,7 +961,7 @@ namespace VeraCrypt nTestsPerformed++; } - if (nTestsPerformed != 100) + if (nTestsPerformed != 110) throw TestFailed (SRC_POS); } -- cgit v1.2.3