Merge branch 'gost-selfcheck' into 'master'

Selftests for symmetric GOST algorithms See merge request gnutls/gnutls!787
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-10-28 16:41:18 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-10-28 16:41:18 +0000
commit: 60e4138e97731ccea98d864b949ca740e53a5b30 (patch)
tree: 2b822921ad513e6e08ecac15347af20ecae5e01e
parent: fd3a880a9b701e17047871d86281751837e5afcd (diff)
parent: a266e0027a7fd295be9b5d90407083c99660de36 (diff)
download: gnutls-60e4138e97731ccea98d864b949ca740e53a5b30.tar.gz
3 files changed, 204 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index d6f73255d8..652845d1b1 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,10 @@ See the end for copying conditions.
 ** p11tool: fix initialization of security officer's PIN with the --initialize-so-pin
    option (#561)
 
+** In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
+   have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
+   S-BOXes). They are fixed now.
+
 ** API and ABI modifications:
 GNUTLS_AUTO_REAUTH: Added
 GNUTLS_CIPHER_AES_128_CFB8: Added
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
index 19b8210b4e..ba1de66f6a 100644
--- a/lib/crypto-selftests.c
+++ b/lib/crypto-selftests.c
@@ -420,6 +420,85 @@ const struct cipher_vectors_st aes256_cfb8_vectors[] = { /* NIST 800-38a */
 	 },
 };
 
+/* GOST 28147-89 vectors come from the testsuite contributed to OpenSSL by
+ * Sergey E. Leontiev. CryptoPro-B test vector is just truncated.
+ * TC26Z is calculated using Nettle */
+const struct cipher_vectors_st gost28147_cpa_cfb_vectors[] = {
+	{
+	 STR(key, key_size,
+	     "\x8d\x5a\x2c\x83\xa7\xc7\x0a\x61\xd6\x1b\x34\xb5\x1f\xdf\x42\x68"
+	     "\x66\x71\xa3\x5d\x87\x4c\xfd\x84\x99\x36\x63\xb6\x1e\xd6\x0d\xad"),
+	 STR(plaintext, plaintext_size,
+	     "\xd2\xfd\xf8\x3a\xc1\xb4\x39\x23\x2e\xaa\xcc\x98\x0a\x02\xda\x33"),
+	 .ciphertext = (uint8_t *)
+		 "\x88\xb7\x75\x16\x74\xa5\xee\x2d\x14\xfe\x91\x67\xd0\x5c\xcc\x40",
+	 STR(iv, iv_size,
+	     "\x46\x60\x6f\x0d\x88\x34\x23\x5a"),
+	},
+};
+
+const struct cipher_vectors_st gost28147_cpb_cfb_vectors[] = {
+	{
+	 STR(key, key_size,
+	     "\x48\x0c\x74\x1b\x02\x6b\x55\xd5\xb6\x6d\xd7\x1d\x40\x48\x05\x6b"
+	     "\x6d\xeb\x3c\x29\x0f\x84\x80\x23\xee\x0d\x47\x77\xe3\xfe\x61\xc9"),
+	 STR(plaintext, plaintext_size,
+	     "\x8c\x9c\x44\x35\xfb\xe9\xa5\xa3\xa0\xae\x28\x56\x91\x10\x8e\x1e"
+	     "\xd2\xbb\x18\x53\x81\x27\x0d\xa6\x68\x59\x36\xc5\x81\x62\x9a\x8e"
+	     "\x7d\x50\xf1\x6f\x97\x62\x29\xec\x80\x51\xe3\x7d\x6c\xc4\x07\x95"
+	     "\x28\x63\xdc\xb4\xb9\x2d\xb8\x13\xb1\x05\xb5\xf9\xeb\x75\x37"),
+	 .ciphertext = (uint8_t *)
+		 "\x23\xc6\x7f\x20\xa1\x23\x58\xbc\x7b\x05\xdb\x21\x15\xcf\x96\x41"
+		 "\xc7\x88\xef\x76\x5c\x49\xdb\x42\xbf\xf3\xc0\xf5\xbd\x5d\xd9\x8e"
+		 "\xaf\x3d\xf4\xe4\xda\x88\xbd\xbc\x47\x5d\x76\x07\xc9\x5f\x54\x1d"
+		 "\x1d\x6a\xa1\x2e\x18\xd6\x60\x84\x02\x18\x37\x92\x92\x15\xab",
+	 STR(iv, iv_size,
+	     "\x1f\x3f\x82\x1e\x0d\xd8\x1e\x22"),
+	},
+};
+
+const struct cipher_vectors_st gost28147_cpc_cfb_vectors[] = {
+	{
+	 STR(key, key_size,
+	     "\x77\xc3\x45\x8e\xf6\x42\xe7\x04\x8e\xfc\x08\xe4\x70\x96\xd6\x05"
+	     "\x93\x59\x02\x6d\x6f\x97\xca\xe9\xcf\x89\x44\x4b\xde\x6c\x22\x1d"),
+	 STR(plaintext, plaintext_size,
+	     "\x07\x9c\x91\xbe"),
+	 .ciphertext = (uint8_t *)
+		 "\x19\x35\x81\x34",
+	 STR(iv, iv_size,
+	     "\x43\x7c\x3e\x8e\x2f\x2a\x00\x98"),
+	},
+};
+
+const struct cipher_vectors_st gost28147_cpd_cfb_vectors[] = {
+	{
+	 STR(key, key_size,
+	     "\x38\x9f\xe8\x37\xff\x9c\x5d\x29\xfc\x48\x55\xa0\x87\xea\xe8\x40"
+	     "\x20\x87\x5b\xb2\x01\x15\x55\xa7\xe3\x2d\xcb\x3d\xd6\x59\x04\x73"),
+	 STR(plaintext, plaintext_size,
+	     "\x2f\x31\xd8\x83\xb4\x20\xe8\x6e\xda"),
+	 .ciphertext = (uint8_t *)
+		 "\x6d\xa4\xed\x40\x08\x88\x71\xad\x16",
+	 STR(iv, iv_size,
+	     "\xc5\xa2\xd2\x1f\x2f\xdf\xb8\xeb"),
+	},
+};
+
+const struct cipher_vectors_st gost28147_tc26z_cfb_vectors[] = {
+	{
+	 STR(key, key_size,
+	     "\x8d\x5a\x2c\x83\xa7\xc7\x0a\x61\xd6\x1b\x34\xb5\x1f\xdf\x42\x68"
+	     "\x66\x71\xa3\x5d\x87\x4c\xfd\x84\x99\x36\x63\xb6\x1e\xd6\x0d\xad"),
+	 STR(plaintext, plaintext_size,
+	     "\xd2\xfd\xf8\x3a\xc1\xb4\x39\x23\x2e\xaa\xcc\x98\x0a\x02\xda\x33"),
+	 .ciphertext = (uint8_t *)
+		 "\xed\xa7\xf1\x41\x01\x9c\xbd\xcd\x44\x6b\x00\x96\x87\xf7\xc7\xe6",
+	 STR(iv, iv_size,
+	     "\x46\x60\x6f\x0d\x88\x34\x23\x5a"),
+	},
+};
+
 static int test_cipher(gnutls_cipher_algorithm_t cipher,
 		       const struct cipher_vectors_st *vectors,
 		       size_t vectors_size, unsigned flags)
@@ -1136,6 +1215,47 @@ const struct hash_vectors_st sha3_512_vectors[] = {
 	 },
 };
 
+const struct hash_vectors_st gostr_94_vectors[] = {
+	{
+	 STR(plaintext, plaintext_size,
+	     "The quick brown fox jumps over the lazy dog"),
+	 STR(output, output_size,
+	     "\x90\x04\x29\x4a\x36\x1a\x50\x8c\x58\x6f\xe5\x3d\x1f\x1b\x02\x74\x67\x65\xe7\x1b\x76\x54\x72\x78\x6e\x47\x70\xd5\x65\x83\x0a\x76"),
+	},
+};
+
+/* GOST R 34.11-2012 */
+const struct hash_vectors_st streebog_512_vectors[] = {
+	{
+            STR(plaintext, plaintext_size,
+		"\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee"
+		"\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20"
+		"\xf1\x20\xec\xee\xf0\xff\x20\xf1\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20"
+		"\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0\xfb\xff\x20\xef\xeb\xfa\xea\xfb"
+		"\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb"),
+            STR(output, output_size,
+		"\x1e\x88\xe6\x22\x26\xbf\xca\x6f\x99\x94\xf1\xf2\xd5\x15\x69\xe0"
+		"\xda\xf8\x47\x5a\x3b\x0f\xe6\x1a\x53\x00\xee\xe4\x6d\x96\x13\x76"
+		"\x03\x5f\xe8\x35\x49\xad\xa2\xb8\x62\x0f\xcd\x7c\x49\x6c\xe5\xb3"
+		"\x3f\x0c\xb9\xdd\xdc\x2b\x64\x60\x14\x3b\x03\xda\xba\xc9\xfb\x28"),
+	},
+};
+
+/* GOST R 34.11-2012 */
+const struct hash_vectors_st streebog_256_vectors[] = {
+	{
+            STR(plaintext, plaintext_size,
+		"\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee"
+		"\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20"
+		"\xf1\x20\xec\xee\xf0\xff\x20\xf1\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20"
+		"\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0\xfb\xff\x20\xef\xeb\xfa\xea\xfb"
+		"\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb"),
+            STR(output, output_size,
+		"\x9d\xd2\xfe\x4e\x90\x40\x9e\x5d\xa8\x7f\x53\x97\x6d\x74\x05\xb0"
+		"\xc0\xca\xc6\x28\xfc\x66\x9a\x74\x1d\x50\x06\x3c\x55\x7e\x8f\x50"),
+	},
+};
+
 #define HASH_DATA_SIZE 64
 
 /* SHA1 and other hashes */
@@ -1261,6 +1381,50 @@ const struct mac_vectors_st hmac_sha512_vectors[] = {
 	 },
 };
 
+/* Calculated */
+const struct mac_vectors_st hmac_gostr_94_vectors[] = {
+	{
+	 STR(key, key_size,
+	     "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+	     "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"),
+	 STR(plaintext, plaintext_size,
+	     "\x01\x26\xbd\xb8\x78\x00\xaf\x21\x43\x41\x45\x65\x63\x78\x01\x00"),
+	 STR(output, output_size,
+	     "\xba\xd7\x0b\x61\xc4\x10\x95\xbc\x47\xe1\x14\x1c\xfa\xed\x42\x72"
+	     "\x6a\x5c\xee\xbd\x62\xce\x75\xdb\xbb\x9a\xd7\x6c\xda\x9f\x72\xf7"),
+	},
+};
+
+/* RFC 7836 */
+const struct mac_vectors_st hmac_streebog_512_vectors[] = {
+	{
+	 STR(key, key_size,
+	     "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+	     "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"),
+	 STR(plaintext, plaintext_size,
+	     "\x01\x26\xbd\xb8\x78\x00\xaf\x21\x43\x41\x45\x65\x63\x78\x01\x00"),
+	 STR(output, output_size,
+	     "\xa5\x9b\xab\x22\xec\xae\x19\xc6\x5f\xbd\xe6\xe5\xf4\xe9\xf5\xd8"
+	     "\x54\x9d\x31\xf0\x37\xf9\xdf\x9b\x90\x55\x00\xe1\x71\x92\x3a\x77"
+	     "\x3d\x5f\x15\x30\xf2\xed\x7e\x96\x4c\xb2\xee\xdc\x29\xe9\xad\x2f"
+	     "\x3a\xfe\x93\xb2\x81\x4f\x79\xf5\x00\x0f\xfc\x03\x66\xc2\x51\xe6"),
+	},
+};
+
+/* RFC 7836 */
+const struct mac_vectors_st hmac_streebog_256_vectors[] = {
+	{
+	 STR(key, key_size,
+	     "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+	     "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"),
+	 STR(plaintext, plaintext_size,
+	     "\x01\x26\xbd\xb8\x78\x00\xaf\x21\x43\x41\x45\x65\x63\x78\x01\x00"),
+	 STR(output, output_size,
+	     "\xa1\xaa\x5f\x7d\xe4\x02\xd7\xb3\xd3\x23\xf2\x99\x1c\x8d\x45\x34"
+	     "\x01\x31\x37\x01\x0a\x83\x75\x4f\xd0\xaf\x6d\x7c\xd4\x92\x2e\xd9"),
+	},
+};
+
 static int test_mac(gnutls_mac_algorithm_t mac,
 		    const struct mac_vectors_st *vectors,
 		    size_t vectors_size, unsigned flags)
@@ -1395,6 +1559,23 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher)
 		FALLTHROUGH;
 		CASE(GNUTLS_CIPHER_AES_256_CFB8, test_cipher,
 		     aes256_cfb8_vectors);
+#if ENABLE_GOST
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_CIPHER_GOST28147_CPA_CFB, test_cipher,
+			      gost28147_cpa_cfb_vectors);
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_CIPHER_GOST28147_CPB_CFB, test_cipher,
+			      gost28147_cpb_cfb_vectors);
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_CIPHER_GOST28147_CPC_CFB, test_cipher,
+			      gost28147_cpc_cfb_vectors);
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_CIPHER_GOST28147_CPD_CFB, test_cipher,
+			      gost28147_cpd_cfb_vectors);
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_CIPHER_GOST28147_TC26Z_CFB, test_cipher,
+			      gost28147_tc26z_cfb_vectors);
+#endif
 		break;
 	default:
 		return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
@@ -1434,6 +1615,14 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac)
 		CASE(GNUTLS_MAC_SHA384, test_mac, hmac_sha384_vectors);
 		FALLTHROUGH;
 		CASE(GNUTLS_MAC_SHA512, test_mac, hmac_sha512_vectors);
+#if ENABLE_GOST
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_MAC_GOSTR_94, test_mac, hmac_gostr_94_vectors);
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_MAC_STREEBOG_512, test_mac, hmac_streebog_512_vectors);
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_MAC_STREEBOG_256, test_mac, hmac_streebog_256_vectors);
+#endif
 
 		break;
 	default:
@@ -1484,6 +1673,14 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest)
 		FALLTHROUGH;
 		CASE(GNUTLS_DIG_SHA3_512, test_digest, sha3_512_vectors);
 #endif
+#if ENABLE_GOST
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_DIG_GOSTR_94, test_digest, gostr_94_vectors);
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_DIG_STREEBOG_512, test_digest, streebog_512_vectors);
+		FALLTHROUGH;
+		NON_FIPS_CASE(GNUTLS_DIG_STREEBOG_256, test_digest, streebog_256_vectors);
+#endif
 		break;
 	default:
 		return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST);
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index eab1a03588..e28c39038c 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -176,21 +176,21 @@ static void
 _gost28147_set_key_cpb(void *ctx, const uint8_t *key)
 {
 	gost28147_set_key(ctx, key);
-	gost28147_set_param(ctx, &gost28147_param_CryptoPro_A);
+	gost28147_set_param(ctx, &gost28147_param_CryptoPro_B);
 }
 
 static void
 _gost28147_set_key_cpc(void *ctx, const uint8_t *key)
 {
 	gost28147_set_key(ctx, key);
-	gost28147_set_param(ctx, &gost28147_param_CryptoPro_A);
+	gost28147_set_param(ctx, &gost28147_param_CryptoPro_C);
 }
 
 static void
 _gost28147_set_key_cpd(void *ctx, const uint8_t *key)
 {
 	gost28147_set_key(ctx, key);
-	gost28147_set_param(ctx, &gost28147_param_CryptoPro_A);
+	gost28147_set_param(ctx, &gost28147_param_CryptoPro_D);
 }
 #endif
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-10-28 16:41:18 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-10-28 16:41:18 +0000
commit	60e4138e97731ccea98d864b949ca740e53a5b30 (patch)
tree	2b822921ad513e6e08ecac15347af20ecae5e01e
parent	fd3a880a9b701e17047871d86281751837e5afcd (diff)
parent	a266e0027a7fd295be9b5d90407083c99660de36 (diff)
download	gnutls-60e4138e97731ccea98d864b949ca740e53a5b30.tar.gz