diff options
Diffstat (limited to 'src/Common/Tests.c')
| -rw-r--r-- | src/Common/Tests.c | 541 |
1 files changed, 358 insertions, 183 deletions
diff --git a/src/Common/Tests.c b/src/Common/Tests.c index cf0c8699..1f4178c6 100644 --- a/src/Common/Tests.c +++ b/src/Common/Tests.c @@ -5,9 +5,9 @@ governed by the TrueCrypt License 3.0, also from the source code of Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux and which is governed by the 'License Agreement for Encryption for the Masses' Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2016 IDRIX + and all other portions of this file are Copyright (c) 2013-2017 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -274,11 +274,9 @@ BOOL XTSAesTest (PCRYPTO_INFO ci) if (EAInit (ci->ea, XTS_vectors[i].key1, ci->ks) != ERR_SUCCESS) return FALSE; - memcpy (&ci->k2, XTS_vectors[i].key2, sizeof (XTS_vectors[i].key2)); - - if (!EAInitMode (ci)) + if (!EAInitMode (ci, XTS_vectors[i].key2)) return FALSE; memcpy (p, XTS_vectors[i].plaintext, sizeof (p)); @@ -312,8 +310,11 @@ AES_TEST aes_ecb_vectors[AES_TEST_COUNT] = { 0x8e,0xa2,0xb7,0xca,0x51,0x67,0x45,0xbf,0xea,0xfc,0x49,0x90,0x4b,0x49,0x60,0x89 }; + +#ifndef WOLFCRYPT_BACKEND + // Serpent ECB test vectors #define SERPENT_TEST_COUNT 1 @@ -375,29 +376,8 @@ CAMELLIA_TEST camellia_vectors[CAMELLIA_TEST_COUNT] = { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84, 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 } }; -#if defined(CIPHER_GOST89) -// GOST89 ECB test vectors -#define GOST89_TEST_COUNT 1 - -typedef struct { - unsigned char key[32]; - unsigned char plaintext[16]; - unsigned char ciphertext[16]; - } GOST89_TEST; - -GOST89_TEST gost89_vectors[GOST89_TEST_COUNT] = { -{ - 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, - 0x33, 0x22, 0x11, 0x00, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, - 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0xFE, 0xDC, 0xBA, 0x98, - 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, - 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF, - 0x02, 0x9D, 0xBD, 0x9F -} -}; -#endif // Kuznyechik ECB test vectors #define KUZNYECHIK_TEST_COUNT 4 @@ -441,8 +421,9 @@ KUZNYECHIK_TEST kuznyechik_vectors[KUZNYECHIK_TEST_COUNT] = { 0xAA, 0x8A, 0xDA, 0x98 } }; +#endif /* Test vectors from FIPS 198a, RFC 4231, RFC 2104, RFC 2202, and other sources. */ char *hmac_sha256_test_keys[] = @@ -504,24 +485,36 @@ char *hmac_sha512_test_vectors[] = "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8\xb4\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8\xf3\x52\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d\x6a\x1e\x52\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98\x5d\x78\x65\x98", "\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58", }; -char *hmac_ripemd160_test_keys[] = +char *hmac_blake2s_test_keys[] = { - "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x01\x23\x45\x67", - "\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10\x00\x11\x22\x33", + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", + "Jefe", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", }; -char *hmac_ripemd160_test_data[] = +char *hmac_blake2s_test_data[] = { - "message digest", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + "Hi There", + "what do ya want for nothing?", + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", + "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd", + "Test Using Larger Than Block-Size Key - Hash Key First", + "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", }; -char *hmac_ripemd160_test_vectors[] = +char *hmac_blake2s_test_vectors[] = { - "\xf8\x36\x62\xcc\x8d\x33\x9c\x22\x7e\x60\x0f\xcd\x63\x6c\x57\xd2\x57\x1b\x1c\x34", - "\x85\xf1\x64\x70\x3e\x61\xa6\x31\x31\xbe\x7e\x45\x95\x8e\x07\x94\x12\x39\x04\xf9", + "\x65\xa8\xb7\xc5\xcc\x91\x36\xd4\x24\xe8\x2c\x37\xe2\x70\x7e\x74\xe9\x13\xc0\x65\x5b\x99\xc7\x5f\x40\xed\xf3\x87\x45\x3a\x32\x60", + "\x90\xb6\x28\x1e\x2f\x30\x38\xc9\x05\x6a\xf0\xb4\xa7\xe7\x63\xca\xe6\xfe\x5d\x9e\xb4\x38\x6a\x0e\xc9\x52\x37\x89\x0c\x10\x4f\xf0", + "\xfc\xc4\xf5\x95\x29\x50\x2e\x34\xc3\xd8\xda\x3f\xfd\xab\x82\x96\x6a\x2c\xb6\x37\xff\x5e\x9b\xd7\x01\x13\x5c\x2e\x94\x69\xe7\x90", + "\x46\x44\x34\xdc\xbe\xce\x09\x5d\x45\x6a\x1d\x62\xd6\xec\x56\xf8\x98\xe6\x25\xa3\x9e\x5c\x52\xbd\xf9\x4d\xaf\x11\x1b\xad\x83\xaa", + "\xd2\x3d\x79\x39\x4f\x53\xd5\x36\xa0\x96\xe6\x51\x44\x47\xee\xaa\xbb\x05\xde\xd0\x1b\xe3\x2c\x19\x37\xda\x6a\x8f\x71\x03\xbc\x4e", + "\xcb\x60\xf6\xa7\x91\xf1\x40\xbf\x8a\xa2\xe5\x1f\xf3\x58\xcd\xb2\xcc\x5c\x03\x33\x04\x5b\x7f\xb7\x7a\xba\x7a\xb3\xb0\xcf\xb2\x37", }; char *hmac_whirlpool_test_key = { @@ -573,21 +566,15 @@ unsigned long HexStringToByteArray(const char* hexStr, unsigned char* pbData) } return count; } -BOOL RunHashTest (HashFunction fn, HashTestVector* vector, BOOL bUseSSE) +BOOL RunHashTest (HashFunction fn, HashTestVector* vector) { CRYPTOPP_ALIGN_DATA (16) unsigned char input[256]; unsigned char output[64]; unsigned char digest[64]; unsigned long i = 0, inputLen, outputLen, digestLen; BOOL bRet = TRUE; -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - KFLOATING_SAVE floatingPointState; - NTSTATUS saveStatus = STATUS_SUCCESS; - if (bUseSSE && (HasSSE2() || HasSSE41())) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif while (vector[i].hexInput && vector[i].hexOutput) { inputLen = HexStringToByteArray (vector[i].hexInput, input); outputLen = HexStringToByteArray (vector[i].hexOutput, output); @@ -599,13 +586,8 @@ BOOL RunHashTest (HashFunction fn, HashTestVector* vector, BOOL bUseSSE) } i++; } -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - if (NT_SUCCESS (saveStatus) && bUseSSE && (HasSSE2() || HasSSE41())) - KeRestoreFloatingPointState (&floatingPointState); -#endif - return bRet; } @@ -629,11 +611,37 @@ HashTestVector Streebog512TestVectors[] = { }, {NULL, NULL} }; +/* https://github.com/openssl/openssl/blob/2d0b44126763f989a4cbffbffe9d0c7518158bb7/test/evptests.txt */ +HashTestVector Blake2sTestVectors[] = { + {"", + "69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9" + }, + {"61", + "4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90" + }, + {"616263", + "508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982" + }, + {"6d65737361676520646967657374", + "fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c" + }, + {"6162636465666768696a6b6c6d6e6f707172737475767778797a", + "bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12" + }, + {"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839", + "c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b" + }, + {"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930", + "fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66" + }, + {NULL, NULL} +}; + unsigned char ks_tmp[MAX_EXPANDED_KEY]; -void CipherInit2(int cipher, void* key, void* ks, int key_len) +void CipherInit2(int cipher, void* key, void* ks) { switch (cipher) { @@ -651,13 +659,8 @@ void CipherInit2(int cipher, void* key, void* ks, int key_len) case CAMELLIA: CipherInit(cipher,key,ks); break; -#if defined(CIPHER_GOST89) - case GOST89: - CipherInit(cipher,key,ks); - break; -#endif // defined(CIPHER_GOST89) case KUZNYECHIK: CipherInit(cipher, key, ks); break; default: @@ -684,8 +687,9 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26, 0x62, 0x49, 0x77, 0x57, 0x24, 0x70, 0x93, 0x69, 0x99, 0x59, 0x57, 0x49, 0x66, 0x96, 0x76, 0x27, 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95, 0x02, 0x88, 0x41, 0x97, 0x16, 0x93, 0x99, 0x37, 0x51, 0x05, 0x82, 0x09, 0x74, 0x94, 0x45, 0x92, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }; + CRYPTOPP_ALIGN_DATA(16) unsigned __int8 key2[MASTER_KEYDATA_SIZE]; /* Encryption/decryption of data units (typically, volume data sectors) */ @@ -707,21 +711,24 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) { if (!EAIsModeSupported (ci->ea, ci->mode)) continue; - EAGetName (name, ci->ea, 0); + EAGetName (name, ARRAYSIZE(name), ci->ea, 0); if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS) return FALSE; - for (i = 0; i < sizeof (ci->k2); i++) - ci->k2[i] = (unsigned char) i; + for (i = 0; i < sizeof (key2); i++) + key2[i] = (unsigned char) i; - memcpy (&ci->k2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2)); + memcpy (key2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2)); - if (!EAInitMode (ci)) + if (!EAInitMode (ci, key2)) return FALSE; + if (IsRamEncryptionEnabled ()) + VcProtectKeys (ci, VcGetEncryptionID (ci)); + // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) { memcpy ((unsigned char *) buf + i * ENCRYPTION_DATA_UNIT_SIZE, @@ -767,8 +774,9 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) nTestsPerformed++; break; } } + #ifndef WOLFCRYPT_BACKEND else if (wcscmp (name, L"Serpent") == 0) { switch (testCase) { @@ -845,36 +853,8 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) nTestsPerformed++; break; } } -#if defined(CIPHER_GOST89) - else if (wcscmp (name, L"GOST89") == 0) - { - switch (testCase) - { - case 0: - if (crc != 0x12194ef5) - return FALSE; - nTestsPerformed++; - break; - case 1: - if (crc != 0xda8d429b) - return FALSE; - nTestsPerformed++; - break; - case 2: - if (crc != 0xdbf0b12e) - return FALSE; - nTestsPerformed++; - break; - case 3: - if (crc != 0xb986eb4a) - return FALSE; - nTestsPerformed++; - break; - } - } -#endif else if (wcscmp (name, L"Kuznyechik") == 0) { switch (testCase) { @@ -1029,9 +1009,139 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) nTestsPerformed++; break; } } - + else if (wcscmp (name, L"Camellia-Kuznyechik") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0x4ea34e89) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0xb3ad8559) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0xde361313) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0x519d2bf9) + return FALSE; + nTestsPerformed++; + break; + } + } + else if (wcscmp (name, L"Kuznyechik-Twofish") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0x748f8631) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0x8a4b0888) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0xe0310188) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0xfc2b6b45) + return FALSE; + nTestsPerformed++; + break; + } + } + else if (wcscmp (name, L"Camellia-Serpent") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0x10569a42) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0x4de95152) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0xe17b5fe7) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0xdbf993fa) + return FALSE; + nTestsPerformed++; + break; + } + } + else if (wcscmp (name, L"Kuznyechik-AES") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0xc479f95d) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0x58eaf88d) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0xbe300cc2) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0x9b681c2e) + return FALSE; + nTestsPerformed++; + break; + } + } + else if (wcscmp (name, L"Kuznyechik-Serpent-Camellia") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0x9d8ac7ee) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0x5d7d347f) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0x884b62ee) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0x5c6c3997) + return FALSE; + nTestsPerformed++; + break; + } + } + #endif if (crc == 0x9f5edd58) return FALSE; DecryptDataUnits (buf, &unitNo, nbrUnits, ci); @@ -1053,16 +1163,16 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) { if (!EAIsModeSupported (ci->ea, ci->mode)) continue; - EAGetName (name, ci->ea, 0); + EAGetName (name, ARRAYSIZE(name), ci->ea, 0); if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS) return FALSE; - memcpy (&ci->k2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2)); + memcpy (key2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2)); - if (!EAInitMode (ci)) + if (!EAInitMode (ci, key2)) return FALSE; // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) @@ -1081,8 +1191,9 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) if (crc != 0x33b91fab) return FALSE; nTestsPerformed++; } + #ifndef WOLFCRYPT_BACKEND else if (wcscmp (name, L"Serpent") == 0) { if (crc != 0x3494d480) return FALSE; @@ -1099,16 +1210,8 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) if (crc != 0x8176b223) return FALSE; nTestsPerformed++; } -#if defined(CIPHER_GOST89) - else if (wcscmp (name, L"GOST89") == 0) - { - if (crc != 0x9e8653cb) - return FALSE; - nTestsPerformed++; - } -#endif else if (wcscmp (name, L"Kuznyechik") == 0) { if (crc != 0xd6d39cdb) return FALSE; @@ -1143,9 +1246,39 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) if (crc != 0xbe78cec1) return FALSE; nTestsPerformed++; } - + else if (wcscmp (name, L"Camellia-Kuznyechik") == 0) + { + if (crc != 0xe69d680d) + return FALSE; + nTestsPerformed++; + } + else if (wcscmp (name, L"Kuznyechik-Twofish") == 0) + { + if (crc != 0xe0aef0d1) + return FALSE; + nTestsPerformed++; + } + else if (wcscmp (name, L"Camellia-Serpent") == 0) + { + if (crc != 0x58aad727) + return FALSE; + nTestsPerformed++; + } + else if (wcscmp (name, L"Kuznyechik-AES") == 0) + { + if (crc != 0x4641234a) + return FALSE; + nTestsPerformed++; + } + else if (wcscmp (name, L"Kuznyechik-Serpent-Camellia") == 0) + { + if (crc != 0x755dad72) + return FALSE; + nTestsPerformed++; + } + #endif if (crc == 0x9f5edd58) return FALSE; DecryptBuffer (buf, sizeof (buf), ci); @@ -1154,19 +1287,15 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) return FALSE; nTestsPerformed++; } -#if defined(CIPHER_GOST89) - return (nTestsPerformed == 110); -#else - return (nTestsPerformed == 105); -#endif + return (nTestsPerformed == 150); } static BOOL DoAutoTestAlgorithms (void) { PCRYPTO_INFO ci; - CRYPTOPP_ALIGN_DATA(16) char key[32]; + CRYPTOPP_ALIGN_DATA(16) unsigned char key[32]; unsigned char tmp[16]; BOOL bFailed = FALSE; int i; @@ -1197,15 +1326,14 @@ static BOOL DoAutoTestAlgorithms (void) bFailed = TRUE; // AES EncipherBlocks()/DecipherBlocks() { - byte testData[1024]; + uint8 testData[1024]; uint32 origCrc; - size_t i; for (i = 0; i < sizeof (testData); ++i) { - testData[i] = (byte) i; + testData[i] = (uint8) i; } origCrc = GetCrc32 (testData, sizeof (testData)); @@ -1220,8 +1348,9 @@ static BOOL DoAutoTestAlgorithms (void) if (origCrc != GetCrc32 (testData, sizeof (testData))) bFailed = TRUE; } + #ifndef WOLFCRYPT_BACKEND /* Serpent */ for (i = 0; i < SERPENT_TEST_COUNT; i++) { @@ -1300,30 +1429,9 @@ static BOOL DoAutoTestAlgorithms (void) break; } if (i != KUZNYECHIK_TEST_COUNT) bFailed = TRUE; - -#if defined(CIPHER_GOST89) - /* GOST89 */ - - for (i = 0; i < GOST89_TEST_COUNT; i++) - { - int cipher = GOST89; - memcpy(key, gost89_vectors[i].key, 32); - memcpy(tmp, gost89_vectors[i].plaintext, 16); - gost_set_key(key, (gost_kds*)ks_tmp, 0); - - EncipherBlock(cipher, tmp, ks_tmp); - if (memcmp(gost89_vectors[i].ciphertext, tmp, 16) != 0) - break; - - DecipherBlock(cipher, tmp, ks_tmp); - if (memcmp(gost89_vectors[i].plaintext, tmp, 16) != 0) - break; - } - if (i != GOST89_TEST_COUNT) - bFailed = TRUE; -#endif + #endif /* PKCS #5 and HMACs */ if (!test_pkcs5 ()) bFailed = TRUE; @@ -1354,20 +1462,47 @@ static BOOL DoAutoTestAlgorithms (void) BOOL AutoTestAlgorithms (void) { BOOL result = TRUE; BOOL hwEncryptionEnabled = IsHwEncryptionEnabled(); +#if defined (_MSC_VER) && !defined (_UEFI) + BOOL exceptionCatched = FALSE; + __try + { +#endif + EnableHwEncryption (FALSE); - EnableHwEncryption (FALSE); + if (!DoAutoTestAlgorithms()) + result = FALSE; - if (!DoAutoTestAlgorithms()) - result = FALSE; + EnableHwEncryption (TRUE); - EnableHwEncryption (TRUE); + if (!DoAutoTestAlgorithms()) + result = FALSE; - if (!DoAutoTestAlgorithms()) - result = FALSE; + EnableHwEncryption (hwEncryptionEnabled); +#if defined (_MSC_VER) && !defined (_UEFI) + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + exceptionCatched = TRUE; + } - EnableHwEncryption (hwEncryptionEnabled); + if (exceptionCatched) + { + /* unexepected exception raised. Disable all CPU extended feature and try again */ + EnableHwEncryption (hwEncryptionEnabled); + DisableCPUExtendedFeatures (); + __try + { + result = DoAutoTestAlgorithms(); + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + /* exception still occuring. Report failure. */ + result = FALSE; + } + } +#endif return result; } BOOL test_hmac_sha256 () @@ -1376,15 +1511,23 @@ BOOL test_hmac_sha256 () int nTestsPerformed = 0; for (i = 0; i < sizeof (hmac_sha256_test_data) / sizeof(char *); i++) { - char digest[1024]; /* large enough to hold digets and test vector inputs */ - memcpy (digest, hmac_sha256_test_data[i], strlen (hmac_sha256_test_data[i])); - hmac_sha256 (hmac_sha256_test_keys[i], (int) strlen (hmac_sha256_test_keys[i]), digest, (int) strlen (hmac_sha256_test_data[i])); - if (memcmp (digest, hmac_sha256_test_vectors[i], SHA256_DIGESTSIZE) != 0) - return FALSE; + unsigned char digest[1024]; /* large enough to hold digets and test vector inputs */ + size_t dataLen = strlen (hmac_sha256_test_data[i]); + if (dataLen <= sizeof(digest)) + { + memcpy (digest, hmac_sha256_test_data[i], dataLen); + hmac_sha256 ((unsigned char*) hmac_sha256_test_keys[i], (int) strlen (hmac_sha256_test_keys[i]), digest, (int) dataLen); + if (memcmp (digest, hmac_sha256_test_vectors[i], SHA256_DIGESTSIZE) != 0) + return FALSE; + else + nTestsPerformed++; + } else - nTestsPerformed++; + { + return FALSE; + } } return (nTestsPerformed == 6); } @@ -1395,50 +1538,74 @@ BOOL test_hmac_sha512 () int nTestsPerformed = 0; for (i = 0; i < sizeof (hmac_sha512_test_data) / sizeof(char *); i++) { - char digest[1024]; /* large enough to hold digets and test vector inputs */ - memcpy (digest, hmac_sha512_test_data[i], (int) strlen (hmac_sha512_test_data[i])); - hmac_sha512 (hmac_sha512_test_keys[i], (int) strlen (hmac_sha512_test_keys[i]), digest, (int) strlen (hmac_sha512_test_data[i])); - if (memcmp (digest, hmac_sha512_test_vectors[i], SHA512_DIGESTSIZE) != 0) - return FALSE; + unsigned char digest[1024]; /* large enough to hold digets and test vector inputs */ + size_t dataLen = strlen (hmac_sha512_test_data[i]); + if (dataLen <= sizeof(digest)) + { + memcpy (digest, hmac_sha512_test_data[i], dataLen ); + hmac_sha512 ((unsigned char*) hmac_sha512_test_keys[i], (int) strlen (hmac_sha512_test_keys[i]), digest, (int) dataLen); + if (memcmp (digest, hmac_sha512_test_vectors[i], SHA512_DIGESTSIZE) != 0) + return FALSE; + else + nTestsPerformed++; + } else - nTestsPerformed++; + { + return FALSE; + } } return (nTestsPerformed == 6); } -BOOL test_hmac_ripemd160 () +#ifndef WOLFCRYPT_BACKEND +BOOL test_hmac_blake2s () { - int nTestsPerformed = 0; unsigned int i; + int nTestsPerformed = 0; - for (i = 0; i < sizeof (hmac_ripemd160_test_data) / sizeof(char *); i++) + for (i = 0; i < sizeof (hmac_blake2s_test_data) / sizeof(char *); i++) { - char digest[1024]; /* large enough to hold digets and test vector inputs */ - memcpy (digest, hmac_ripemd160_test_data[i], strlen (hmac_ripemd160_test_data[i])); - hmac_ripemd160 (hmac_ripemd160_test_keys[i], RIPEMD160_DIGESTSIZE, digest, (int) strlen (hmac_ripemd160_test_data[i])); - if (memcmp (digest, hmac_ripemd160_test_vectors[i], RIPEMD160_DIGESTSIZE) != 0) - return FALSE; + unsigned char digest[1024]; /* large enough to hold digets and test vector inputs */ + size_t dataLen = strlen (hmac_blake2s_test_data[i]); + if (dataLen <= sizeof(digest)) + { + memcpy (digest, hmac_blake2s_test_data[i], dataLen); + hmac_blake2s ((unsigned char*)(unsigned char*)hmac_blake2s_test_keys[i], (int) strlen (hmac_blake2s_test_keys[i]), digest, (int) dataLen); + if (memcmp (digest, hmac_blake2s_test_vectors[i], BLAKE2S_DIGESTSIZE) != 0) + return FALSE; + else + nTestsPerformed++; + } else - nTestsPerformed++; + { + return FALSE; + } } - return (nTestsPerformed == 2); + return (nTestsPerformed == 6); +} + +int __cdecl Blake2sHash (unsigned char* input, unsigned long inputLen, unsigned char* output) +{ + blake2s(output, input, (size_t) inputLen); + return BLAKE2S_DIGESTSIZE; } BOOL test_hmac_whirlpool () { unsigned char digest[1024]; /* large enough to hold digets and test vector inputs */ memcpy (digest, hmac_whirlpool_test_data, strlen (hmac_whirlpool_test_data)); - hmac_whirlpool (hmac_whirlpool_test_key, 64, digest, (int) strlen (hmac_whirlpool_test_data)); + hmac_whirlpool ((unsigned char*) hmac_whirlpool_test_key, 64, digest, (int) strlen (hmac_whirlpool_test_data)); if (memcmp (digest, hmac_whirlpool_test_vectors, WHIRLPOOL_DIGESTSIZE) != 0) return FALSE; return TRUE; } +#endif /* http://www.tc26.ru/methods/recommendation/%D0%A2%D0%9A26%D0%90%D0%9B%D0%93.pdf */ /* https://tools.ietf.org/html/draft-smyshlyaev-gost-usage-00 */ /* https://datatracker.ietf.org/doc/rfc7836/?include_text=1 */ @@ -1461,14 +1628,15 @@ static const unsigned char gost3411_2012_hmac_r1[] = { 0x66, 0xC2, 0x51, 0xE6 }; +#ifndef WOLFCRYPT_BACKEND BOOL test_hmac_streebog () { - CRYPTOPP_ALIGN_DATA(16) char digest[64]; /* large enough to hold digets and test vector inputs */ + CRYPTOPP_ALIGN_DATA(16) unsigned char digest[64]; /* large enough to hold digets and test vector inputs */ memcpy (digest, gost3411_2012_hmac_m1, sizeof (gost3411_2012_hmac_m1)); - hmac_streebog ((char*) gost3411_2012_hmac_k1, sizeof(gost3411_2012_hmac_k1), digest, (int) sizeof (gost3411_2012_hmac_m1)); + hmac_streebog ((unsigned char*) gost3411_2012_hmac_k1, sizeof(gost3411_2012_hmac_k1), digest, (int) sizeof (gost3411_2012_hmac_m1)); if (memcmp (digest, gost3411_2012_hmac_r1, STREEBOG_DIGESTSIZE) != 0) return FALSE; return TRUE; @@ -1481,12 +1649,13 @@ int __cdecl StreebogHash (unsigned char* input, unsigned long inputLen, unsigned STREEBOG_add (&ctx, input, inputLen); STREEBOG_finalize (&ctx, output); return STREEBOG_DIGESTSIZE; } +#endif BOOL test_pkcs5 () { - char dk[144]; + unsigned char dk[144]; /* HMAC-SHA-256 tests */ if (!test_hmac_sha256()) return FALSE; @@ -1494,10 +1663,15 @@ BOOL test_pkcs5 () /* HMAC-SHA-512 tests */ if (!test_hmac_sha512()) return FALSE; - /* HMAC-RIPEMD-160 tests */ - if (test_hmac_ripemd160() == FALSE) +#ifndef WOLFCRYPT_BACKEND + /* HMAC-BLAKE2s tests */ + if (test_hmac_blake2s() == FALSE) + return FALSE; + + /* Blake2s hash tests */ + if (RunHashTest (Blake2sHash, Blake2sTestVectors) == FALSE) return FALSE; /* HMAC-Whirlpool tests */ if (test_hmac_whirlpool() == FALSE) @@ -1507,70 +1681,71 @@ BOOL test_pkcs5 () if (test_hmac_streebog() == FALSE) return FALSE; /* STREEBOG hash tests */ - if (RunHashTest (StreebogHash, Streebog512TestVectors, TRUE) == FALSE) + if (RunHashTest (StreebogHash, Streebog512TestVectors) == FALSE) return FALSE; - +#endif /* PKCS-5 test 1 with HMAC-SHA-256 used as the PRF (https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00) */ - derive_key_sha256 ("passwd", 6, "\x73\x61\x6C\x74", 4, 1, dk, 64); + derive_key_sha256 ((unsigned char*) "passwd", 6, (unsigned char*) "\x73\x61\x6C\x74", 4, 1, dk, 64); if (memcmp (dk, "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5\x09\x11\x20\x41\xd3\xa1\x97\x83", 64) != 0) return FALSE; /* PKCS-5 test 2 with HMAC-SHA-256 used as the PRF (https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors) */ - derive_key_sha256 ("password", 8, "\x73\x61\x6C\x74", 4, 2, dk, 32); + derive_key_sha256 ((unsigned char*) "password", 8, (unsigned char*) "\x73\x61\x6C\x74", 4, 2, dk, 32); if (memcmp (dk, "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32) != 0) return FALSE; /* PKCS-5 test 3 with HMAC-SHA-256 used as the PRF (MS CryptoAPI) */ - derive_key_sha256 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); + derive_key_sha256 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4); if (memcmp (dk, "\xf2\xa0\x4f\xb2", 4) != 0) return FALSE; /* PKCS-5 test 4 with HMAC-SHA-256 used as the PRF (MS CryptoAPI) */ - derive_key_sha256 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 144); + derive_key_sha256 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 144); if (memcmp (dk, "\xf2\xa0\x4f\xb2\xd3\xe9\xa5\xd8\x51\x0b\x5c\x06\xdf\x70\x8e\x24\xe9\xc7\xd9\x15\x3d\x22\xcd\xde\xb8\xa6\xdb\xfd\x71\x85\xc6\x99\x32\xc0\xee\x37\x27\xf7\x24\xcf\xea\xa6\xac\x73\xa1\x4c\x4e\x52\x9b\x94\xf3\x54\x06\xfc\x04\x65\xa1\x0a\x24\xfe\xf0\x98\x1d\xa6\x22\x28\xeb\x24\x55\x74\xce\x6a\x3a\x28\xe2\x04\x3a\x59\x13\xec\x3f\xf2\xdb\xcf\x58\xdd\x53\xd9\xf9\x17\xf6\xda\x74\x06\x3c\x0b\x66\xf5\x0f\xf5\x58\xa3\x27\x52\x8c\x5b\x07\x91\xd0\x81\xeb\xb6\xbc\x30\x69\x42\x71\xf2\xd7\x18\x42\xbe\xe8\x02\x93\x70\x66\xad\x35\x65\xbc\xf7\x96\x8e\x64\xf1\xc6\x92\xda\xe0\xdc\x1f\xb5\xf4", 144) != 0) return FALSE; /* PKCS-5 test 1 with HMAC-SHA-512 used as the PRF */ - derive_key_sha512 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); + derive_key_sha512 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4); if (memcmp (dk, "\x13\x64\xae\xf8", 4) != 0) return FALSE; /* PKCS-5 test 2 with HMAC-SHA-512 used as the PRF (derives a key longer than the underlying hash output size and block size) */ - derive_key_sha512 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 144); + derive_key_sha512 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 144); if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0) return FALSE; - /* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */ - derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); - if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0) +#ifndef WOLFCRYPT_BACKEND + /* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */ + derive_key_blake2s ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4); + if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0) return FALSE; - /* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */ - derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48); - if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0) + /* PKCS-5 test 2 with HMAC-BLAKE2s used as the PRF (derives a key longer than the underlying hash) */ + derive_key_blake2s ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 48); + if (memcmp (dk, "\x8d\x51\xfa\x31\x46\x25\x37\x67\xa3\x29\x6b\x3c\x6b\xc1\x5d\xb2\xee\xe1\x6c\x28\x00\x26\xea\x08\x65\x9c\x12\xf1\x07\xde\x0d\xb9\x9b\x4f\x39\xfa\xc6\x80\x26\xb1\x8f\x8e\x48\x89\x85\x2d\x24\x2d", 48) != 0) return FALSE; /* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */ - derive_key_whirlpool ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); + derive_key_whirlpool ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4); if (memcmp (dk, "\x50\x7c\x36\x6f", 4) != 0) return FALSE; /* PKCS-5 test 2 with HMAC-Whirlpool used as the PRF (derives a key longer than the underlying hash) */ - derive_key_whirlpool ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 96); + derive_key_whirlpool ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 96); if (memcmp (dk, "\x50\x7c\x36\x6f\xee\x10\x2e\x9a\xe2\x8a\xd5\x82\x72\x7d\x27\x0f\xe8\x4d\x7f\x68\x7a\xcf\xb5\xe7\x43\x67\xaa\x98\x93\x52\x2b\x09\x6e\x42\xdf\x2c\x59\x4a\x91\x6d\x7e\x10\xae\xb2\x1a\x89\x8f\xb9\x8f\xe6\x31\xa9\xd8\x9f\x98\x26\xf4\xda\xcd\x7d\x65\x65\xde\x10\x95\x91\xb4\x84\x26\xae\x43\xa1\x00\x5b\x1e\xb8\x38\x97\xa4\x1e\x4b\xd2\x65\x64\xbc\xfa\x1f\x35\x85\xdb\x4f\x97\x65\x6f\xbd\x24", 96) != 0) return FALSE; /* PKCS-5 test 1 with HMAC-STREEBOG used as the PRF */ - derive_key_streebog ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); + derive_key_streebog ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4); if (memcmp (dk, "\xd0\x53\xa2\x30", 4) != 0) return FALSE; /* PKCS-5 test 2 with HMAC-STREEBOG used as the PRF (derives a key longer than the underlying hash) */ - derive_key_streebog ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 96); + derive_key_streebog ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 96); if (memcmp (dk, "\xd0\x53\xa2\x30\x6f\x45\x81\xeb\xbc\x06\x81\xc5\xe7\x53\xa8\x5d\xc7\xf1\x23\x33\x1e\xbe\x64\x2c\x3b\x0f\x26\xd7\x00\xe1\x95\xc9\x65\x26\xb1\x85\xbe\x1e\xe2\xf4\x9b\xfc\x6b\x14\x84\xda\x24\x61\xa0\x1b\x9e\x79\x5c\xee\x69\x6e\xf9\x25\xb1\x1d\xca\xa0\x31\xba\x02\x6f\x9e\x99\x0f\xdb\x25\x01\x5b\xf1\xc7\x10\x19\x53\x3b\x29\x3f\x18\x00\xd6\xfc\x85\x03\xdc\xf2\xe5\xe9\x5a\xb1\x1e\x61\xde", 96) != 0) return FALSE; - +#endif return TRUE; } |