Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Camellia from libtomcrypt fails with some test vectors from openssl #22

Closed
karel-m opened this Issue · 5 comments

2 participants

@karel-m
Collaborator

This is the failing test vector taken from openssl (openssl-1.0.1e/test/evptests.txt):

CAMELLIA-256-ECB
key=603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
plaintext=F69F2445DF4F9B17AD2B417BE66C3710
ciphertext=7960109FB6DC42947FCFE59EA3C5EB6B

Interesting is that some of the other openssl's camellia test vectors pass.

But maybe I am just doing something wrong.

Karel

@karel-m
Collaborator

Here comes failing test code (I am running tests on MS Windows/32bit/gcc compiler)

#include <stdio.h>
#include <tomcrypt.h>

int main(void) {

  static const struct {
      int keylen;
      unsigned char key[32], pt[16], ct[16];
  } tests[] = {
    {  /* PASS EXAMPLE: CAMELLIA-256-ECB:key=0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff:plaintext=0123456789abcdeffedcba9876543210:ciphertext=9acc237dff16d76c20ef7c919e3a7509 */
       32,
       { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
       { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
       { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
    },
    {  /* FAIL EXAMPLE: CAMELLIA-256-ECB:key=603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:plaintext=F69F2445DF4F9B17AD2B417BE66C3710:ciphertext=7960109FB6DC42947FCFE59EA3C5EB6B */
       32,
       { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 },
       { 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17, 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 },
       { 0x79, 0x60, 0x10, 0x9F, 0xB6, 0xDC, 0x42, 0x94, 0x7F, 0xCF, 0xE5, 0x9E, 0xA3, 0xC5, 0xEB, 0x6B  },
    },
  };

  unsigned char buf[2][16];
  symmetric_key skey;
  int err, x;

  for (x = 0; x < 3; x++) {
     if ((err = camellia_setup(tests[x].key, tests[x].keylen, 0, &skey)) != CRYPT_OK) {
        fprintf(stderr, "FAIL[%d] camellia_setup\n", x);
        return err;
     }
     if ((err = camellia_ecb_encrypt(tests[x].pt, buf[0], &skey)) != CRYPT_OK) {
        camellia_done(&skey);
        fprintf(stderr, "FAIL[%d] camellia_ecb_encrypt\n", x);
        return err;
     }
     if ((err = camellia_ecb_decrypt(tests[x].ct, buf[1], &skey)) != CRYPT_OK) {
        camellia_done(&skey);
        fprintf(stderr, "FAIL[%d] camellia_ecb_decrypt\n", x);
        return err;
     }
     camellia_done(&skey);
     if (XMEMCMP(tests[x].ct, buf[0], 16) || XMEMCMP(tests[x].pt, buf[1], 16)) {
        fprintf(stderr, "FAIL[%d] XMEMCMP\n", x);
        return CRYPT_FAIL_TESTVECTOR;
     }
     fprintf(stderr, "PASS[%d]\n", x);
  }

  return 1;
}
@karel-m
Collaborator

The failure happens only during decrypt (so perhaps something related to camellia_ecb_decrypt):

plaintext1 --(encrypt)--> ciphertext --(decrypt)--> plaintext2

In the example above libtomcrypt produces plaintext2 which is different from plaintext1 (while ciphertext matches the expected value from the test vector)

I have check also other platforms (Linux/x64) and experienced the same failure.

@karel-m
Collaborator

The following hack fixed this problem

DCIT/perl-CryptX@50ad0dd

@sjaeckel
Owner

That looks good!
Thanks for hunting down that bug.

I'll add more testvectors and then your patch and close this issue afterwards.

@sjaeckel sjaeckel closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.