VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Common/Crypto.c2
-rw-r--r--src/Common/Tests.c178
-rw-r--r--src/Crypto/GostCipher.c42
-rw-r--r--src/Crypto/GostCipher.h2
-rw-r--r--src/Volume/Cipher.cpp23
-rw-r--r--src/Volume/Cipher.h1
-rw-r--r--src/Volume/EncryptionAlgorithm.cpp4
-rw-r--r--src/Volume/EncryptionTest.cpp116
8 files changed, 338 insertions, 30 deletions
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 43f287d3..cae705b6 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -158,7 +158,7 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
#if !defined(TC_WINDOWS_BOOT)
#if defined(CIPHER_GOST89)
case GOST89:
- gost_set_key(key, (gost_kds*)ks);
+ gost_set_key(key, (gost_kds*)ks, 1);
break;
#endif // && defined(CIPHER_GOST89)
case KUZNYECHIK:
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index bd159137..cf0c8699 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -376,6 +376,71 @@ CAMELLIA_TEST camellia_vectors[CAMELLIA_TEST_COUNT] = {
0xAD, 0x5C, 0x4D, 0x84
}
};
+#if defined(CIPHER_GOST89)
+// GOST89 ECB test vectors
+#define GOST89_TEST_COUNT 1
+
+typedef struct {
+ unsigned char key[32];
+ unsigned char plaintext[16];
+ unsigned char ciphertext[16];
+ } GOST89_TEST;
+
+GOST89_TEST gost89_vectors[GOST89_TEST_COUNT] = {
+{
+ 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44,
+ 0x33, 0x22, 0x11, 0x00, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
+ 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0xFE, 0xDC, 0xBA, 0x98,
+ 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88,
+ 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF,
+ 0x02, 0x9D, 0xBD, 0x9F
+}
+};
+#endif
+
+// Kuznyechik ECB test vectors
+#define KUZNYECHIK_TEST_COUNT 4
+
+typedef struct {
+ unsigned char key[32];
+ unsigned char plaintext[16];
+ unsigned char ciphertext[16];
+ } KUZNYECHIK_TEST;
+
+KUZNYECHIK_TEST kuznyechik_vectors[KUZNYECHIK_TEST_COUNT] = {
+{
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33,
+ 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x11, 0x22, 0x33, 0x44,
+ 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88,
+ 0x7F, 0x67, 0x9D, 0x90, 0xBE, 0xBC, 0x24, 0x30, 0x5A, 0x46, 0x8D, 0x42,
+ 0xB9, 0xD4, 0xED, 0xCD
+},
+{
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33,
+ 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x00, 0x11, 0x22, 0x33,
+ 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A,
+ 0xB4, 0x29, 0x91, 0x2C, 0x6E, 0x00, 0x32, 0xF9, 0x28, 0x54, 0x52, 0xD7,
+ 0x67, 0x18, 0xD0, 0x8B
+},
+{
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33,
+ 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x11, 0x22, 0x33, 0x44,
+ 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00,
+ 0xF0, 0xCA, 0x33, 0x54, 0x9D, 0x24, 0x7C, 0xEE, 0xF3, 0xF5, 0xA5, 0x31,
+ 0x3B, 0xD4, 0xB1, 0x57
+},
+{
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33,
+ 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, 0x11,
+ 0xD0, 0xB0, 0x9C, 0xCD, 0xE8, 0x30, 0xB9, 0xEB, 0x3A, 0x02, 0xC4, 0xC5,
+ 0xAA, 0x8A, 0xDA, 0x98
+}
+};
/* Test vectors from FIPS 198a, RFC 4231, RFC 2104, RFC 2202, and other sources. */
@@ -781,6 +846,60 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
break;
}
}
+#if defined(CIPHER_GOST89)
+ else if (wcscmp (name, L"GOST89") == 0)
+ {
+ switch (testCase)
+ {
+ case 0:
+ if (crc != 0x12194ef5)
+ return FALSE;
+ nTestsPerformed++;
+ break;
+ case 1:
+ if (crc != 0xda8d429b)
+ return FALSE;
+ nTestsPerformed++;
+ break;
+ case 2:
+ if (crc != 0xdbf0b12e)
+ return FALSE;
+ nTestsPerformed++;
+ break;
+ case 3:
+ if (crc != 0xb986eb4a)
+ return FALSE;
+ nTestsPerformed++;
+ break;
+ }
+ }
+#endif
+ else if (wcscmp (name, L"Kuznyechik") == 0)
+ {
+ switch (testCase)
+ {
+ case 0:
+ if (crc != 0x6b86e72e)
+ return FALSE;
+ nTestsPerformed++;
+ break;
+ case 1:
+ if (crc != 0xa4f8637d)
+ return FALSE;
+ nTestsPerformed++;
+ break;
+ case 2:
+ if (crc != 0xfd83e76d)
+ return FALSE;
+ nTestsPerformed++;
+ break;
+ case 3:
+ if (crc != 0xb24fc47b)
+ return FALSE;
+ nTestsPerformed++;
+ break;
+ }
+ }
else if (wcscmp (name, L"AES-Twofish") == 0)
{
switch (testCase)
@@ -981,6 +1100,20 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
return FALSE;
nTestsPerformed++;
}
+#if defined(CIPHER_GOST89)
+ else if (wcscmp (name, L"GOST89") == 0)
+ {
+ if (crc != 0x9e8653cb)
+ return FALSE;
+ nTestsPerformed++;
+ }
+#endif
+ else if (wcscmp (name, L"Kuznyechik") == 0)
+ {
+ if (crc != 0xd6d39cdb)
+ return FALSE;
+ nTestsPerformed++;
+ }
else if (wcscmp (name, L"AES-Twofish") == 0)
{
if (crc != 0x14ce7385)
@@ -1023,9 +1156,9 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
nTestsPerformed++;
}
#if defined(CIPHER_GOST89)
- return (nTestsPerformed == 100);
+ return (nTestsPerformed == 110);
#else
- return (nTestsPerformed == 95);
+ return (nTestsPerformed == 105);
#endif
}
@@ -1149,6 +1282,47 @@ static BOOL DoAutoTestAlgorithms (void)
if (i != CAMELLIA_TEST_COUNT)
bFailed = TRUE;
+ /* Kuznyechik */
+
+ for (i = 0; i < KUZNYECHIK_TEST_COUNT; i++)
+ {
+ int cipher = KUZNYECHIK;
+ memcpy(key, kuznyechik_vectors[i].key, 32);
+ memcpy(tmp, kuznyechik_vectors[i].plaintext, 16);
+ CipherInit(cipher, key, ks_tmp);
+
+ EncipherBlock(cipher, tmp, ks_tmp);
+ if (memcmp(kuznyechik_vectors[i].ciphertext, tmp, 16) != 0)
+ break;
+
+ DecipherBlock(cipher, tmp, ks_tmp);
+ if (memcmp(kuznyechik_vectors[i].plaintext, tmp, 16) != 0)
+ break;
+ }
+ if (i != KUZNYECHIK_TEST_COUNT)
+ bFailed = TRUE;
+
+#if defined(CIPHER_GOST89)
+ /* GOST89 */
+
+ for (i = 0; i < GOST89_TEST_COUNT; i++)
+ {
+ int cipher = GOST89;
+ memcpy(key, gost89_vectors[i].key, 32);
+ memcpy(tmp, gost89_vectors[i].plaintext, 16);
+ gost_set_key(key, (gost_kds*)ks_tmp, 0);
+
+ EncipherBlock(cipher, tmp, ks_tmp);
+ if (memcmp(gost89_vectors[i].ciphertext, tmp, 16) != 0)
+ break;
+
+ DecipherBlock(cipher, tmp, ks_tmp);
+ if (memcmp(gost89_vectors[i].plaintext, tmp, 16) != 0)
+ break;
+ }
+ if (i != GOST89_TEST_COUNT)
+ bFailed = TRUE;
+#endif
/* PKCS #5 and HMACs */
if (!test_pkcs5 ())
diff --git a/src/Crypto/GostCipher.c b/src/Crypto/GostCipher.c
index b84fd4ed..4d7e5070 100644
--- a/src/Crypto/GostCipher.c
+++ b/src/Crypto/GostCipher.c
@@ -69,7 +69,6 @@ void gost_prepare_kds(gost_kds* kds) {
}
-#ifdef GOST_DYNAMIC_SBOXES
static void xor_s_box(byte s_box[8][16], byte *seed)
{
int i;
@@ -85,38 +84,35 @@ static void xor_s_box(byte s_box[8][16], byte *seed)
s_box[7][i] ^= (seed[ (i * 4) + 3 ]>>4) & 0xF;
}
}
-#endif
-void gost_set_key(const byte *key, gost_kds *ks)
+void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox)
{
-#ifdef GOST_DYNAMIC_SBOXES
- STREEBOG_CTX sctx;
- byte sbox_seed[64];
-#if defined (DEVICE_DRIVER) && !defined (_WIN64)
- KFLOATING_SAVE floatingPointState;
- NTSTATUS saveStatus = STATUS_SUCCESS;
- if (HasSSE2() || HasSSE41())
- saveStatus = KeSaveFloatingPointState (&floatingPointState);
-#endif
-#endif
-
memcpy(ks->key, key, GOST_KEYSIZE);
memcpy(ks->sbox, S_TC26, sizeof(ks->sbox));
-#ifdef GOST_DYNAMIC_SBOXES
- //Generate pseudorandom data based on the key
- STREEBOG_init(&sctx);
- STREEBOG_add(&sctx, key, 32);
- STREEBOG_finalize(&sctx, sbox_seed);
-
+ if (useDynamicSbox)
+ {
+ STREEBOG_CTX sctx;
+ byte sbox_seed[64];
#if defined (DEVICE_DRIVER) && !defined (_WIN64)
- if (NT_SUCCESS (saveStatus) && (HasSSE2() || HasSSE41()))
- KeRestoreFloatingPointState (&floatingPointState);
+ KFLOATING_SAVE floatingPointState;
+ NTSTATUS saveStatus = STATUS_SUCCESS;
+ if (HasSSE2() || HasSSE41())
+ saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
+ //Generate pseudorandom data based on the key
+ STREEBOG_init(&sctx);
+ STREEBOG_add(&sctx, key, 32);
+ STREEBOG_finalize(&sctx, sbox_seed);
- xor_s_box(ks->sbox, sbox_seed);
+#if defined (DEVICE_DRIVER) && !defined (_WIN64)
+ if (NT_SUCCESS (saveStatus) && (HasSSE2() || HasSSE41()))
+ KeRestoreFloatingPointState (&floatingPointState);
#endif
+ xor_s_box(ks->sbox, sbox_seed);
+ }
+
gost_prepare_kds(ks);
}
diff --git a/src/Crypto/GostCipher.h b/src/Crypto/GostCipher.h
index 40962073..36afb777 100644
--- a/src/Crypto/GostCipher.h
+++ b/src/Crypto/GostCipher.h
@@ -56,7 +56,7 @@ typedef struct gost_kds
void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count);
void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count);
-void gost_set_key(const byte *key, gost_kds *ks);
+void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox);
#else
#define GOST_KS (0)
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp
index 69449088..3363f640 100644
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@@ -286,7 +286,28 @@ namespace VeraCrypt
void CipherGost89::SetCipherKey (const byte *key)
{
- gost_set_key (key, (gost_kds *) ScheduledKey.Ptr());
+ gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 1);
+ }
+
+ // GOST89 with static SBOX
+ void CipherGost89StaticSBOX::Decrypt (byte *data) const
+ {
+ gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
+ }
+
+ void CipherGost89StaticSBOX::Encrypt (byte *data) const
+ {
+ gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
+ }
+
+ size_t CipherGost89StaticSBOX::GetScheduledKeySize () const
+ {
+ return GOST_KS;
+ }
+
+ void CipherGost89StaticSBOX::SetCipherKey (const byte *key)
+ {
+ gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 0);
}
// Kuznyechik
diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h
index 28e0bd7f..1805229e 100644
--- a/src/Volume/Cipher.h
+++ b/src/Volume/Cipher.h
@@ -108,6 +108,7 @@ namespace VeraCrypt
TC_CIPHER (Twofish, 16, 32);
TC_CIPHER (Camellia, 16, 32);
TC_CIPHER (Gost89, 16, 32);
+ TC_CIPHER (Gost89StaticSBOX, 16, 32);
TC_CIPHER (Kuznyechik, 16, 32);
#undef TC_CIPHER
diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp
index df8afec5..79e27fe0 100644
--- a/src/Volume/EncryptionAlgorithm.cpp
+++ b/src/Volume/EncryptionAlgorithm.cpp
@@ -298,8 +298,10 @@ namespace VeraCrypt
// GOST89
- GOST89::GOST89 () : Deprecated (true)
+ GOST89::GOST89 ()
{
+ Deprecated = true;
+
Ciphers.push_back (shared_ptr <Cipher> (new CipherGost89()));
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp
index eed8bd15..9b68bb31 100644
--- a/src/Volume/EncryptionTest.cpp
+++ b/src/Volume/EncryptionTest.cpp
@@ -123,6 +123,50 @@ namespace VeraCrypt
}
}
};
+
+ static const CipherTestVector GOST89TestVectors[] =
+ {
+ {
+ {
+ 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
+ 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
+ },
+ {
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88
+ },
+ {
+ 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF, 0x02, 0x9D, 0xBD, 0x9F
+ }
+ }
+ };
+
+ static const CipherTestVector KuznyechikTestVectors[] =
+ {
+ {
+ {
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
+ },
+ {
+ 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88
+ },
+ {
+ 0x7F, 0x67, 0x9D, 0x90, 0xBE, 0xBC, 0x24, 0x30, 0x5A, 0x46, 0x8D, 0x42, 0xB9, 0xD4, 0xED, 0xCD
+ }
+ },
+ {
+ {
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
+ },
+ {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A
+ },
+ {
+ 0xB4, 0x29, 0x91, 0x2C, 0x6E, 0x00, 0x32, 0xF9, 0x28, 0x54, 0x52, 0xD7, 0x67, 0x18, 0xD0, 0x8B
+ }
+ }
+ };
static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount)
{
@@ -170,6 +214,12 @@ namespace VeraCrypt
CipherCamellia camellia;
TestCipher (camellia, CamelliaTestVectors, array_capacity (CamelliaTestVectors));
+
+ CipherGost89StaticSBOX gost89;
+ TestCipher (gost89, GOST89TestVectors, array_capacity (GOST89TestVectors));
+
+ CipherKuznyechik kuznyechik;
+ TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors));
}
const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] =
@@ -603,6 +653,58 @@ namespace VeraCrypt
break;
}
}
+ else if (typeid (ea) == typeid (GOST89))
+ {
+ switch (testCase)
+ {
+ case 0:
+ if (crc != 0x12194ef5)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ break;
+ case 1:
+ if (crc != 0xda8d429b)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ break;
+ case 2:
+ if (crc != 0xdbf0b12e)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ break;
+ case 3:
+ if (crc != 0xb986eb4a)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ break;
+ }
+ }
+ else if (typeid (ea) == typeid (Kuznyechik))
+ {
+ switch (testCase)
+ {
+ case 0:
+ if (crc != 0x6b86e72e)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ break;
+ case 1:
+ if (crc != 0xa4f8637d)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ break;
+ case 2:
+ if (crc != 0xfd83e76d)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ break;
+ case 3:
+ if (crc != 0xb24fc47b)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ break;
+ }
+ }
else if (typeid (ea) == typeid (AESTwofish))
{
switch (testCase)
@@ -805,6 +907,18 @@ namespace VeraCrypt
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
+ else if (typeid (ea) == typeid (GOST89))
+ {
+ if (crc != 0x9e8653cb)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ }
+ else if (typeid (ea) == typeid (Kuznyechik))
+ {
+ if (crc != 0xd6d39cdb)
+ throw TestFailed (SRC_POS);
+ nTestsPerformed++;
+ }
else if (typeid (ea) == typeid (AESTwofish))
{
if (crc != 0x14ce7385)
@@ -847,7 +961,7 @@ namespace VeraCrypt
nTestsPerformed++;
}
- if (nTestsPerformed != 100)
+ if (nTestsPerformed != 110)
throw TestFailed (SRC_POS);
}