From e90e24b30b379752bf6531c663085de1d2a653d7 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 9 Aug 2016 14:25:52 +0200 Subject: Windows: Add support for Streebog (hash) and kuznyechik (encryption) --- src/Volume/Cipher.cpp | 44 ++++++++++++++++++++++++++++++++++++++ src/Volume/Cipher.h | 2 ++ src/Volume/EncryptionAlgorithm.cpp | 19 ++++++++++++++++ src/Volume/EncryptionAlgorithm.h | 2 ++ src/Volume/EncryptionTest.cpp | 12 ++++++++++- src/Volume/Hash.cpp | 25 ++++++++++++++++++++++ src/Volume/Hash.h | 23 ++++++++++++++++++++ src/Volume/Pkcs5Kdf.cpp | 13 +++++++++++ src/Volume/Pkcs5Kdf.h | 34 +++++++++++++++++++++++++++++ src/Volume/Volume.make | 3 +++ src/Volume/VolumeLayout.cpp | 12 +++++++++++ 11 files changed, 188 insertions(+), 1 deletion(-) (limited to 'src/Volume') diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp index a90b3c46..69449088 100644 --- a/src/Volume/Cipher.cpp +++ b/src/Volume/Cipher.cpp @@ -16,6 +16,8 @@ #include "Crypto/Serpent.h" #include "Crypto/Twofish.h" #include "Crypto/Camellia.h" +#include "Crypto/GostCipher.h" +#include "Crypto/kuznyechik.h" #ifdef TC_AES_HW_CPU # include "Crypto/Aes_hw_cpu.h" @@ -80,6 +82,8 @@ namespace VeraCrypt l.push_back (shared_ptr (new CipherSerpent ())); l.push_back (shared_ptr (new CipherTwofish ())); l.push_back (shared_ptr (new CipherCamellia ())); + l.push_back (shared_ptr (new CipherGost89 ())); + l.push_back (shared_ptr (new CipherKuznyechik ())); return l; } @@ -264,6 +268,46 @@ namespace VeraCrypt camellia_set_key (key, ScheduledKey.Ptr()); } + // GOST89 + void CipherGost89::Decrypt (byte *data) const + { + gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); + } + + void CipherGost89::Encrypt (byte *data) const + { + gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); + } + + size_t CipherGost89::GetScheduledKeySize () const + { + return GOST_KS; + } + + void CipherGost89::SetCipherKey (const byte *key) + { + gost_set_key (key, (gost_kds *) ScheduledKey.Ptr()); + } + // Kuznyechik + void CipherKuznyechik::Decrypt (byte *data) const + { + kuznyechik_decrypt_block (data, data, (kuznyechik_kds *) ScheduledKey.Ptr()); + } + + void CipherKuznyechik::Encrypt (byte *data) const + { + kuznyechik_encrypt_block (data, data, (kuznyechik_kds *) ScheduledKey.Ptr()); + } + + size_t CipherKuznyechik::GetScheduledKeySize () const + { + return KUZNYECHIK_KS; + } + + void CipherKuznyechik::SetCipherKey (const byte *key) + { + kuznyechik_set_key (key, (kuznyechik_kds *) ScheduledKey.Ptr()); + } bool Cipher::HwSupportEnabled = true; } diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h index 522142b5..28e0bd7f 100644 --- a/src/Volume/Cipher.h +++ b/src/Volume/Cipher.h @@ -107,6 +107,8 @@ namespace VeraCrypt TC_CIPHER (Serpent, 16, 32); TC_CIPHER (Twofish, 16, 32); TC_CIPHER (Camellia, 16, 32); + TC_CIPHER (Gost89, 16, 32); + TC_CIPHER (Kuznyechik, 16, 32); #undef TC_CIPHER diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp index 589db9b8..119b5539 100644 --- a/src/Volume/EncryptionAlgorithm.cpp +++ b/src/Volume/EncryptionAlgorithm.cpp @@ -65,6 +65,8 @@ namespace VeraCrypt l.push_back (shared_ptr (new Serpent ())); l.push_back (shared_ptr (new Twofish ())); l.push_back (shared_ptr (new Camellia ())); + l.push_back (shared_ptr (new GOST89 ())); + l.push_back (shared_ptr (new Kuznyechik ())); l.push_back (shared_ptr (new AESTwofish ())); l.push_back (shared_ptr (new AESTwofishSerpent ())); l.push_back (shared_ptr (new SerpentAES ())); @@ -293,4 +295,21 @@ namespace VeraCrypt SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); } + + + // GOST89 + GOST89::GOST89 () + { + Ciphers.push_back (shared_ptr (new CipherGost89())); + + SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); + } + + // Kuznyechik + Kuznyechik::Kuznyechik () + { + Ciphers.push_back (shared_ptr (new CipherKuznyechik())); + + SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); + } } diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h index 8ebbea29..ff1b128f 100644 --- a/src/Volume/EncryptionAlgorithm.h +++ b/src/Volume/EncryptionAlgorithm.h @@ -86,6 +86,8 @@ namespace VeraCrypt TC_ENCRYPTION_ALGORITHM (TwofishSerpent); TC_ENCRYPTION_ALGORITHM (SerpentTwofishAES); TC_ENCRYPTION_ALGORITHM (Camellia); + TC_ENCRYPTION_ALGORITHM (GOST89); + TC_ENCRYPTION_ALGORITHM (Kuznyechik); #undef TC_ENCRYPTION_ALGORITHM } diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp index f874de8e..eed8bd15 100644 --- a/src/Volume/EncryptionTest.cpp +++ b/src/Volume/EncryptionTest.cpp @@ -847,7 +847,7 @@ namespace VeraCrypt nTestsPerformed++; } - if (nTestsPerformed != 90) + if (nTestsPerformed != 100) throw TestFailed (SRC_POS); } @@ -872,5 +872,15 @@ namespace VeraCrypt pkcs5HmacWhirlpool.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\x50\x7c\x36\x6f", 4) != 0) throw TestFailed (SRC_POS); + + Pkcs5HmacSha256 pkcs5HmacSha256; + pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\xf2\xa0\x4f\xb2", 4) != 0) + throw TestFailed (SRC_POS); + + Pkcs5HmacStreebog pkcs5HmacStreebog; + pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0) + throw TestFailed (SRC_POS); } } diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp index 225176a8..ea3517e5 100644 --- a/src/Volume/Hash.cpp +++ b/src/Volume/Hash.cpp @@ -15,6 +15,7 @@ #include "Crypto/Rmd160.h" #include "Crypto/Sha2.h" #include "Crypto/Whirlpool.h" +#include "Crypto/Streebog.h" namespace VeraCrypt { @@ -138,4 +139,28 @@ namespace VeraCrypt if_debug (ValidateDataParameters (data)); WHIRLPOOL_add (data.Get(), (int) data.Size(), (WHIRLPOOL_CTX *) Context.Ptr()); } + + // Streebog + Streebog::Streebog () + { + Context.Allocate (sizeof (STREEBOG_CTX)); + Init(); + } + + void Streebog::GetDigest (const BufferPtr &buffer) + { + if_debug (ValidateDigestParameters (buffer)); + STREEBOG_finalize ((STREEBOG_CTX *) Context.Ptr(), buffer); + } + + void Streebog::Init () + { + STREEBOG_init ((STREEBOG_CTX *) Context.Ptr()); + } + + void Streebog::ProcessData (const ConstBufferPtr &data) + { + if_debug (ValidateDataParameters (data)); + STREEBOG_add (data.Get(), (int) data.Size(), (STREEBOG_CTX *) Context.Ptr()); + } } diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h index 139924c0..9cef9de7 100644 --- a/src/Volume/Hash.h +++ b/src/Volume/Hash.h @@ -139,6 +139,29 @@ namespace VeraCrypt Whirlpool (const Whirlpool &); Whirlpool &operator= (const Whirlpool &); }; + + // Streebog + class Streebog : public Hash + { + public: + Streebog (); + virtual ~Streebog () { } + + virtual void GetDigest (const BufferPtr &buffer); + virtual size_t GetBlockSize () const { return 64; } + virtual size_t GetDigestSize () const { return 512 / 8; } + virtual wstring GetName () const { return L"Streebog"; } + virtual wstring GetAltName () const { return L"Streebog"; } + virtual shared_ptr GetNew () const { return shared_ptr (new Streebog); } + virtual void Init (); + virtual void ProcessData (const ConstBufferPtr &data); + + protected: + + private: + Streebog (const Streebog &); + Streebog &operator= (const Streebog &); + }; } #endif // TC_HEADER_Encryption_Hash diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp index d56fe029..1e229d10 100644 --- a/src/Volume/Pkcs5Kdf.cpp +++ b/src/Volume/Pkcs5Kdf.cpp @@ -66,6 +66,7 @@ namespace VeraCrypt l.push_back (shared_ptr (new Pkcs5HmacWhirlpool (false))); l.push_back (shared_ptr (new Pkcs5HmacSha256 ())); l.push_back (shared_ptr (new Pkcs5HmacRipemd160 (false))); + l.push_back (shared_ptr (new Pkcs5HmacStreebog ())); } return l; @@ -112,4 +113,16 @@ namespace VeraCrypt ValidateParameters (key, password, salt, iterationCount); derive_key_whirlpool ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } + + void Pkcs5HmacStreebog::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const + { + ValidateParameters (key, password, salt, iterationCount); + derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + } + + void Pkcs5HmacStreebog_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const + { + ValidateParameters (key, password, salt, iterationCount); + derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + } } diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h index d92a3301..c10efaf3 100644 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -152,6 +152,40 @@ namespace VeraCrypt Pkcs5HmacWhirlpool (const Pkcs5HmacWhirlpool &); Pkcs5HmacWhirlpool &operator= (const Pkcs5HmacWhirlpool &); }; + + class Pkcs5HmacStreebog : public Pkcs5Kdf + { + public: + Pkcs5HmacStreebog () : Pkcs5Kdf(false) { } + virtual ~Pkcs5HmacStreebog () { } + + virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; + virtual shared_ptr GetHash () const { return shared_ptr (new Streebog); } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); } + virtual wstring GetName () const { return L"HMAC-Streebog"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacStreebog(m_truecryptMode); } + + private: + Pkcs5HmacStreebog (const Pkcs5HmacStreebog &); + Pkcs5HmacStreebog &operator= (const Pkcs5HmacStreebog &); + }; + + class Pkcs5HmacStreebog_Boot : public Pkcs5Kdf + { + public: + Pkcs5HmacStreebog_Boot () : Pkcs5Kdf(false) { } + virtual ~Pkcs5HmacStreebog_Boot () { } + + virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; + virtual shared_ptr GetHash () const { return shared_ptr (new Streebog); } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : pim * 2048; } + virtual wstring GetName () const { return L"HMAC-Streebog"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacStreebog_Boot(m_truecryptMode); } + + private: + Pkcs5HmacStreebog_Boot (const Pkcs5HmacStreebog_Boot &); + Pkcs5HmacStreebog_Boot &operator= (const Pkcs5HmacStreebog_Boot &); + }; } #endif // TC_HEADER_Encryption_Pkcs5 diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make index 2888db78..855e5f60 100644 --- a/src/Volume/Volume.make +++ b/src/Volume/Volume.make @@ -52,6 +52,9 @@ OBJS += ../Crypto/Sha2.o OBJS += ../Crypto/Twofish.o OBJS += ../Crypto/Whirlpool.o OBJS += ../Crypto/Camellia.o +OBJS += ../Crypto/GostCipher.o +OBJS += ../Crypto/Streebog.o +OBJS += ../Crypto/kuznyechik.o OBJS += ../Common/Crc.o OBJS += ../Common/Endian.o diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp index 623d2b82..69981a09 100644 --- a/src/Volume/VolumeLayout.cpp +++ b/src/Volume/VolumeLayout.cpp @@ -100,6 +100,8 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Camellia ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new GOST89 ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofishSerpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentAES ())); @@ -139,6 +141,8 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Camellia ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new GOST89 ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofishSerpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentAES ())); @@ -185,6 +189,8 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Camellia ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new GOST89 ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofishSerpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentAES ())); @@ -210,6 +216,12 @@ namespace VeraCrypt if (!truecryptMode) l.push_back (shared_ptr (new Pkcs5HmacSha256_Boot ())); l.push_back (shared_ptr (new Pkcs5HmacRipemd160_1000 (truecryptMode))); + if (!truecryptMode) + { + l.push_back (shared_ptr (new Pkcs5HmacSha512 (false))); + l.push_back (shared_ptr (new Pkcs5HmacWhirlpool (false))); + l.push_back (shared_ptr (new Pkcs5HmacStreebog ())); + } return l; } } -- cgit v1.2.3