Commit 24aba9a5 authored by Milan Broz's avatar Milan Broz

tcrypt: Support additional Veracrypt modes.

Add support for Camellia and Kuznyechik ciphers and Streebog hash functions,
introduced in recent Veracrypt.

Note, that Kuznyechik requires out-of-tree kernel module and Streebog
hash function is available only with gcrypt backend.
parent 90599375
......@@ -51,6 +51,8 @@ static const struct {
{ 0, 1, "pbkdf2", "sha256", 200000, 0, 2048 }, // boot only
{ 0, 1, "pbkdf2", "ripemd160", 655331, 15000, 1000 },
{ 0, 1, "pbkdf2", "ripemd160", 327661, 0, 2048 }, // boot only
{ 0, 1, "pbkdf2", "stribog512",500000, 15000, 1000 },
// { 0, 1, "pbkdf2", "stribog512",200000, 0, 2048 }, // boot only
{ 0, 0, NULL, NULL, 0, 0, 0 }
};
......@@ -98,6 +100,26 @@ static struct tcrypt_algs tcrypt_cipher[] = {
{0,2,128,"serpent-twofish","xts-plain64",
{{"serpent",64,16, 0,64,0},
{"twofish",64,16,32,96,0}}},
{0,1,64,"camellia","xts-plain64",
{{"camellia", 64,16,0,32,0}}},
{0,1,64,"kuznyechik","xts-plain64",
{{"kuznyechik", 64,16,0,32,0}}},
{0,2,128,"kuznyechik-camellia","xts-plain64",
{{"kuznyechik",64,16, 0,64,0},
{"camellia", 64,16,32,96,0}}},
{0,2,128,"twofish-kuznyechik","xts-plain64",
{{"twofish", 64,16, 0,64,0},
{"kuznyechik",64,16,32,96,0}}},
{0,2,128,"serpent-camellia","xts-plain64",
{{"serpent", 64,16, 0,64,0},
{"camellia", 64,16,32,96,0}}},
{0,2,128,"aes-kuznyechik","xts-plain64",
{{"aes", 64,16, 0,64,0},
{"kuznyechik",64,16,32,96,0}}},
{0,3,192,"camellia-serpent-kuznyechik","xts-plain64",
{{"camellia", 64,16, 0, 96,0},
{"serpent", 64,16,32,128,0},
{"kuznyechik",64,16,64,160,0}}},
/* LRW mode */
{0,1,48,"aes","lrw-benbi",
......
......@@ -13,9 +13,9 @@ PIM=1234
function remove_mapping()
{
[ -b /dev/mapper/$MAP ] && dmsetup remove $MAP
[ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove "$MAP"_1
[ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove "$MAP"_2
[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
[ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1
[ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2
}
function fail()
......@@ -35,7 +35,26 @@ function skip()
function test_one()
{
$CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip
$CRYPTSETUP benchmark -c "$1-$2" -s "$3" >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "$1-$2 [N/A]"
IMGS=$(ls $TST_DIR/[tv]c* | grep "$1")
[ -n "$IMGS" ] && rm $IMGS
else
echo "$1-$2 [OK]"
fi
}
function test_kdf()
{
$CRYPTSETUP benchmark -h "$1" >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "pbkdf2-$1 [N/A]"
IMGS=$(ls $TST_DIR/[tv]c* | grep "$1")
[ -n "$IMGS" ] && rm $IMGS
else
echo "pbkdf2-$1 [OK]"
fi
}
function test_required()
......@@ -43,37 +62,40 @@ function test_required()
which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."
echo "REQUIRED KDF TEST"
$CRYPTSETUP benchmark -h ripemd160 | grep "N/A" && skip
$CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip
test_kdf sha256
test_kdf sha512
test_kdf ripemd160
test_kdf whirlpool
test_kdf stribog512
echo "REQUIRED CIPHERS TEST"
echo "# Algorithm Key Encryption Decryption"
test_one aes cbc 256
test_one aes lrw 384
test_one aes xts 512
test_one aes-cbc 256
test_one aes-lrw 384
test_one aes-xts 512
test_one twofish cbc 256
test_one twofish lrw 384
test_one twofish xts 512
test_one twofish-cbc 256
test_one twofish-lrw 384
test_one twofish-xts 512
test_one serpent cbc 256
test_one serpent lrw 384
test_one serpent xts 512
test_one serpent-cbc 256
test_one serpent-lrw 384
test_one serpent-xts 512
test_one blowfish cbc 256
test_one blowfish-cbc 256
test_one des3_ede cbc 192
test_one cast5 cbc 128
test_one des3_ede-cbc 192
test_one cast5 128
test_one camellia xts 512
test_one kuznyechik xts 512
}
test_required
export LANG=C
[ ! -d $TST_DIR ] && tar xJf $srcdir/tcrypt-images.tar.xz --no-same-owner
test_required
echo "HEADER CHECK"
for file in $(ls $TST_DIR/[t]c_* $TST_DIR/vcpim_*) ; do
for file in $(ls $TST_DIR/[tv]c_* $TST_DIR/vcpim_*) ; do
echo -n " $file"
PIM_OPT=""
[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment