libgcrypt integration into OSS-Fuzz differential cryptography fuzzer
Jussi Kivilinna
jussi.kivilinna at iki.fi
Thu May 9 18:17:54 CEST 2019
Hello,
On 9.5.2019 14.52, Guido Vranken wrote:
> It found a difference with Veracrypt's Stribog. This is libgcrypt with the carry overflow bug fix incorporated (commit da6cd4fea30f79cf9d8f9b2f1c6daf3aea39fa9c)
>
> Operation:
> operation name: Digest
> digest: STREEBOG-256
> cleartext: {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
> 0xff, 0xff, 0xff, 0x80, 0xbc, 0x6b, 0xa8, 0xb3, 0x68, 0xb9, 0x68, 0xbb, 0x53, 0x80, 0xe1, 0x06,
> 0x90} (65 bytes)
>
> Module libgcrypt result:
>
> {0x0f, 0xbe, 0x0b, 0x3f, 0x89, 0x8d, 0x49, 0x22, 0xe8, 0x77, 0xc5, 0x1f, 0xfd, 0x4b, 0xef, 0x76,
> 0xc6, 0x34, 0x03, 0x04, 0x00, 0xd0, 0x0c, 0x43, 0x06, 0x5a, 0xed, 0xc5, 0x74, 0x72, 0x34, 0x7b} (32 bytes)
>
> Module Veracrypt result:
>
> {0xbf, 0x49, 0x33, 0x72, 0x84, 0x00, 0x45, 0xa6, 0x9f, 0x21, 0xff, 0xc7, 0xa2, 0x07, 0x02, 0x99,
> 0x8d, 0x76, 0x62, 0xf0, 0xb7, 0x2c, 0x02, 0x19, 0x9e, 0xf6, 0x72, 0xf8, 0x4b, 0x14, 0xc8, 0xb3} (32 bytes)
Maybe it is carry-bit overflow handling difference in Veracrypt's Streebog.c:add512:
https://www.veracrypt.fr/code/VeraCrypt/tree/src/Crypto/Streebog.c#n1868
It also looks like that function handles carry overflow differently for big-endian vs little-endian.
-Jussi
More information about the Gcrypt-devel
mailing list