]> wagner.pp.ru Git - openssl-gost/engine.git/commitdiff
Fix grasshopper-ctr reinitialization 76/head
authorGleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
Thu, 19 Jul 2018 17:11:37 +0000 (20:11 +0300)
committerGleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
Mon, 20 Aug 2018 12:24:36 +0000 (15:24 +0300)
Also, document why CTR IV size is now set to 16, so user is noted to set
IV appropriately to full extent (including counter). Basically, it's for
openssh (and alike) to make it copy IV from privilege separated process.

(cherry picked from commit 74d13288e0a664f2615014d441087792eabc5cfa)

gost_grasshopper_cipher.c
gost_grasshopper_cipher.h

index 8ee8481a09640702604694a443e5b5c20b668296..92be9917be27660f4e3559731e337b9fa355a6aa 100644 (file)
@@ -97,7 +97,10 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[5] = {
                 gost_grasshopper_cipher_destroy_ctr,
                 1,
                 sizeof(gost_grasshopper_cipher_ctx_ctr),
-                8,
+               /* IV size is set to match full block, to make it responsibility of
+                * user to assign correct values (IV || 0), and to make naive context
+                * copy possible (for software such as openssh) */
+                16,
                 false
         },
 };
@@ -136,7 +139,6 @@ static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ofb(gost_grasshop
 static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx* c) {
     gost_grasshopper_cipher_ctx_ctr* ctx = (gost_grasshopper_cipher_ctx_ctr*) c;
 
-    grasshopper_zero128(&ctx->iv_buffer);
     grasshopper_zero128(&ctx->partial_buffer);
 }
 
@@ -210,7 +212,6 @@ GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX* ctx, con
     c->c.type = GRASSHOPPER_CIPHER_CTR;
     EVP_CIPHER_CTX_set_num(ctx, 0);
 
-    grasshopper_zero128(&c->iv_buffer);
     grasshopper_zero128(&c->partial_buffer);
 
     return gost_grasshopper_cipher_init(ctx, key, iv, enc);
@@ -315,15 +316,15 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out,
     EVP_CIPHER_CTX_set_num(ctx, n);
     size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
 
-    memcpy(&c->iv_buffer, iv, 8);
+    grasshopper_w128_t* iv_buffer = (grasshopper_w128_t*) iv;
 
     // full parts
     for (i = 0; i < blocks; i++) {
         currentInputBlock = (grasshopper_w128_t*) current_in;
         currentOutputBlock = (grasshopper_w128_t*) current_out;
-        grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, currentOutputBlock, &c->c.buffer);
+        grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, currentOutputBlock, &c->c.buffer);
         grasshopper_append128(currentOutputBlock, currentInputBlock);
-        ctr128_inc(c->iv_buffer.b);
+        ctr128_inc(iv_buffer->b);
         current_in += GRASSHOPPER_BLOCK_SIZE;
         current_out += GRASSHOPPER_BLOCK_SIZE;
     }
@@ -333,12 +334,12 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out,
     if (lasted > 0) {
         currentInputBlock = (grasshopper_w128_t*) current_in;
         currentOutputBlock = (grasshopper_w128_t*) current_out;
-        grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, &c->partial_buffer, &c->c.buffer);
+        grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, &c->partial_buffer, &c->c.buffer);
         for (i = 0; i < lasted; i++) {
             currentOutputBlock->b[i] = c->partial_buffer.b[i] ^ currentInputBlock->b[i];
         }
        EVP_CIPHER_CTX_set_num(ctx, i);
-        ctr128_inc(c->iv_buffer.b);
+        ctr128_inc(iv_buffer->b);
     }
 
     return 1;
index 34bf8cc2b8f7a76fbf83caa795004162aef1141a..3a8531f454d577382cd9ced9767f956e4f8c03a7 100644 (file)
@@ -31,7 +31,6 @@ typedef struct {
 
 typedef struct {
     gost_grasshopper_cipher_ctx c;
-    grasshopper_w128_t iv_buffer;
     grasshopper_w128_t partial_buffer;
     uint64_t counter;
 } gost_grasshopper_cipher_ctx_ctr;