Stribog fails on a BE system

[claudioandre-br]

Testing: Stribog-256, raw Streebog [GOST R 34.11-2012 64/64]... (4xOMP) FAILED (cmp_all(4096))
Testing: Stribog-512, raw Streebog [GOST R 34.11-2012 64/64]... (4xOMP) FAILED (cmp_all(4096))
[...]
2 out of 399 tests have FAILED
 FAILED: -test-full=0 --format=cpu

Target CPU ......................................... s390x, 64-bit BE
AES-NI support ..................................... no
Target OS .......................................... linux-gnu
Cross compiling .................................... no
Legacy arch header ................................. autoconf_arch.h

Version: 1.9.0-jumbo-1+bleeding-3238f8f 2022-07-11 13:23:10 +0200
Build: linux-gnu 64-bit s390x  AC OMP
System-wide exec: /snap/john-the-ripper/current/run
System-wide home: /snap/john-the-ripper/current/run
Private home: ~/.john
OMP fallback binary: john-non-omp
$JOHN is /snap/john-the-ripper/current/run/
Format interface version: 14
Max. number of reported tunable costs: 4
Rec file version: REC4
Charset file version: CHR3
CHARSET_MIN: 1 (0x01)
CHARSET_MAX: 255 (0xff)
CHARSET_LENGTH: 24
SALT_HASH_SIZE: 1048576
SINGLE_IDX_MAX: 32768
SINGLE_BUF_MAX: 4294967295
Effective limit: Max. KPC 32768
Max. Markov mode level: 400
Max. Markov mode password length: 30
gcc version: 7.5.0
GNU libc version: 2.27 (loaded: 2.27)
Crypto library: OpenSSL
OpenSSL library version: 01010100f
OpenSSL 1.1.1  11 Sep 2018
GMP library version: 6.1.2
File locking: fcntl()
fseek(): fseek
ftell(): ftell
fopen(): fopen
memmem(): System's
times(2) sysconf(_SC_CLK_TCK) is 100
Using times(2) for timers, resolution 10 ms
HR timer: clock_gettime(), latency 24 ns
Total physical host memory: 8033 MiB
Available physical host memory: 7849 MiB
Terminal locale string: C.UTF-8
Parsed terminal locale: UTF-8

:1st_place_medal: :thumbsup:

[magnumripper]

Ouch. I presume it worked prior to 3238f8f2f?

Ah, no - those formats were disabled then because the old code required SSE 4.1.

[magnumripper]

Can you try this? I noticed it looked strange for big endian.

diff --git a/src/gost3411-2012-core_plug.c b/src/gost3411-2012-core_plug.c
index 324a93236..231f046b2 100644
--- a/src/gost3411-2012-core_plug.c
+++ b/src/gost3411-2012-core_plug.c
@@ -98,7 +98,7 @@ add512(const uint512_u *x, const uint512_u *y, uint512_u *r)
 #else
     const unsigned char *xp, *yp;
     unsigned char *rp;
-    unsigned int i;
+    int i;
     int buf;

     xp = (const unsigned char *) &x[0];
@@ -106,7 +106,7 @@ add512(const uint512_u *x, const uint512_u *y, uint512_u *r)
     rp = (unsigned char *) &r[0];

     buf = 0;
-    for (i = 0; i < 64; i++)
+    for (i = 63; i >= 0; i--)
     {
         buf = xp[i] + yp[i] + (buf >> 8);
         rp[i] = (unsigned char) buf & 0xFF;

EDIT: Apparently that doesn't matter - this code path works fine for LE either way. I can't understand why - it should end up totally different?! buf is actually the carry and adding with carry from the other direction shouldn't produce the same result.

EDIT2: Maybe it would make a difference for BE - I'm not sure whether we're supposed to treat all 512 bits as BE, or as 8 64-bit BE words in LE order, or whatever other combinations there are 😵

[magnumripper]

Last resort fix 😢

diff --git a/src/stribog_fmt_plug.c b/src/stribog_fmt_plug.c
index 047b722a1..9a6dad6b9 100644
--- a/src/stribog_fmt_plug.c
+++ b/src/stribog_fmt_plug.c
@@ -8,6 +8,8 @@

 #include "arch.h"

+#if ARCH_LITTLE_ENDIAN
+
 #if FMT_EXTERNS_H
 extern struct fmt_main fmt_stribog_256;
 extern struct fmt_main fmt_stribog_512;
@@ -467,3 +469,13 @@ struct fmt_main fmt_stribog_512 = {
 };

 #endif /* plugin stanza */
+
+#else
+#if !defined(FMT_EXTERNS_H) && !defined(FMT_REGISTERS_H)
+#ifdef __GNUC__
+#warning Stribog-256 and Stribog-512 formats require little-endian, formats disabled
+#elif _MSC_VER
+#pragma message(": warning Stribog-256 and Stribog-512 formats require little-endian, formats disabled:")
+#endif
+#endif
+#endif /* ARCH_LITTLE_ENDIAN */

[claudioandre-br]

Still failing.

So if no other ideas are available, we shoud use the "last resort fix".