Fix grasshopper-ctr reinitialization

Also, document why CTR IV size is now set to 16, so user is noted to set
IV appropriately to full extent (including counter). Basically, it's for
openssh (and alike) to make it copy IV from privilege separated process.

diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c
index 0bc449331d969f7d1fbf030bf17668042594dcbe..a1e2ce86f2f8dedd1b20012fd0bdb65da1f8694a 100644 (file)
--- a/gost_grasshopper_cipher.c
+++ b/gost_grasshopper_cipher.c
@@ -98,7 +98,10 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[5] = {
                 gost_grasshopper_cipher_destroy_ctr,
                 1,
                 sizeof(gost_grasshopper_cipher_ctx_ctr),
-                8,
+               /* IV size is set to match full block, to make it responsibility of
+                * user to assign correct values (IV || 0), and to make naive context
+                * copy possible (for software such as openssh) */
+                16,
                 false
         },
 };
@@ -137,7 +140,6 @@ static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ofb(gost_grasshop
 static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx* c) {
     gost_grasshopper_cipher_ctx_ctr* ctx = (gost_grasshopper_cipher_ctx_ctr*) c;
 
-    grasshopper_zero128(&ctx->iv_buffer);
     grasshopper_zero128(&ctx->partial_buffer);
 }
 
@@ -211,7 +213,6 @@ GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX* ctx, con
     c->c.type = GRASSHOPPER_CIPHER_CTR;
     ctx->num = 0;
 
-    grasshopper_zero128(&c->iv_buffer);
     grasshopper_zero128(&c->partial_buffer);
 
     return gost_grasshopper_cipher_init(ctx, key, iv, enc);
@@ -321,15 +322,15 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out,
     ctx->num = n;
     size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE;
 
-    memcpy(&c->iv_buffer, iv, 8);
+    grasshopper_w128_t* iv_buffer = (grasshopper_w128_t*) iv;
 
     // full parts
     for (i = 0; i < blocks; i++) {
         currentInputBlock = (grasshopper_w128_t*) current_in;
         currentOutputBlock = (grasshopper_w128_t*) current_out;
-        grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, currentOutputBlock, &c->c.buffer);
+        grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, currentOutputBlock, &c->c.buffer);
         grasshopper_append128(currentOutputBlock, currentInputBlock);
-        ctr128_inc(c->iv_buffer.b);
+        ctr128_inc(iv_buffer->b);
         current_in += GRASSHOPPER_BLOCK_SIZE;
         current_out += GRASSHOPPER_BLOCK_SIZE;
     }
@@ -339,12 +340,12 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out,
     if (lasted > 0) {
         currentInputBlock = (grasshopper_w128_t*) current_in;
         currentOutputBlock = (grasshopper_w128_t*) current_out;
-        grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, &c->partial_buffer, &c->c.buffer);
+        grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, &c->partial_buffer, &c->c.buffer);
         for (i = 0; i < lasted; i++) {
             currentOutputBlock->b[i] = c->partial_buffer.b[i] ^ currentInputBlock->b[i];
         }
        ctx->num = i;
-        ctr128_inc(c->iv_buffer.b);
+        ctr128_inc(iv_buffer->b);
     }
 
     return 1;

diff --git a/gost_grasshopper_cipher.h b/gost_grasshopper_cipher.h
index 2486e61d47e862fbbbd48f69a511ef1bb5108486..c8957a0cc07c729b41f4fc6ae415c7391c7ad974 100644 (file)
--- a/gost_grasshopper_cipher.h
+++ b/gost_grasshopper_cipher.h
@@ -31,7 +31,6 @@ typedef struct {
 
 typedef struct {
     gost_grasshopper_cipher_ctx c;
-    grasshopper_w128_t iv_buffer;
     grasshopper_w128_t partial_buffer;
 } gost_grasshopper_cipher_ctx_ctr;