From: Gleb Fotengauer-Malinovskiy Date: Thu, 19 Jul 2018 17:11:37 +0000 (+0300) Subject: Fix grasshopper-ctr reinitialization X-Git-Tag: v3.0.0~402 X-Git-Url: http://wagner.pp.ru/gitweb/?a=commitdiff_plain;h=74d13288e0a664f2615014d441087792eabc5cfa;p=openssl-gost%2Fengine.git Fix grasshopper-ctr reinitialization Also, document why CTR IV size is now set to 16, so user is noted to set IV appropriately to full extent (including counter). Basically, it's for openssh (and alike) to make it copy IV from privilege separated process. --- diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index 0bc4493..a1e2ce8 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -98,7 +98,10 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[5] = { gost_grasshopper_cipher_destroy_ctr, 1, sizeof(gost_grasshopper_cipher_ctx_ctr), - 8, + /* IV size is set to match full block, to make it responsibility of + * user to assign correct values (IV || 0), and to make naive context + * copy possible (for software such as openssh) */ + 16, false }, }; @@ -137,7 +140,6 @@ static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ofb(gost_grasshop static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx* c) { gost_grasshopper_cipher_ctx_ctr* ctx = (gost_grasshopper_cipher_ctx_ctr*) c; - grasshopper_zero128(&ctx->iv_buffer); grasshopper_zero128(&ctx->partial_buffer); } @@ -211,7 +213,6 @@ GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX* ctx, con c->c.type = GRASSHOPPER_CIPHER_CTR; ctx->num = 0; - grasshopper_zero128(&c->iv_buffer); grasshopper_zero128(&c->partial_buffer); return gost_grasshopper_cipher_init(ctx, key, iv, enc); @@ -321,15 +322,15 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, ctx->num = n; size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE; - memcpy(&c->iv_buffer, iv, 8); + grasshopper_w128_t* iv_buffer = (grasshopper_w128_t*) iv; // full parts for (i = 0; i < blocks; i++) { currentInputBlock = (grasshopper_w128_t*) current_in; currentOutputBlock = (grasshopper_w128_t*) current_out; - grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, currentOutputBlock, &c->c.buffer); + grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, currentOutputBlock, &c->c.buffer); grasshopper_append128(currentOutputBlock, currentInputBlock); - ctr128_inc(c->iv_buffer.b); + ctr128_inc(iv_buffer->b); current_in += GRASSHOPPER_BLOCK_SIZE; current_out += GRASSHOPPER_BLOCK_SIZE; } @@ -339,12 +340,12 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, if (lasted > 0) { currentInputBlock = (grasshopper_w128_t*) current_in; currentOutputBlock = (grasshopper_w128_t*) current_out; - grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, &c->partial_buffer, &c->c.buffer); + grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, &c->partial_buffer, &c->c.buffer); for (i = 0; i < lasted; i++) { currentOutputBlock->b[i] = c->partial_buffer.b[i] ^ currentInputBlock->b[i]; } ctx->num = i; - ctr128_inc(c->iv_buffer.b); + ctr128_inc(iv_buffer->b); } return 1; diff --git a/gost_grasshopper_cipher.h b/gost_grasshopper_cipher.h index 2486e61..c8957a0 100644 --- a/gost_grasshopper_cipher.h +++ b/gost_grasshopper_cipher.h @@ -31,7 +31,6 @@ typedef struct { typedef struct { gost_grasshopper_cipher_ctx c; - grasshopper_w128_t iv_buffer; grasshopper_w128_t partial_buffer; } gost_grasshopper_cipher_ctx_ctr;