From: Gleb Fotengauer-Malinovskiy Date: Thu, 19 Jul 2018 17:11:37 +0000 (+0300) Subject: Fix grasshopper-ctr reinitialization X-Git-Tag: v1.1.0.3^2 X-Git-Url: http://wagner.pp.ru/gitweb/?a=commitdiff_plain;h=ed191fe63d7ac2c4906d828eb4ea673f3004c847;p=openssl-gost%2Fengine.git Fix grasshopper-ctr reinitialization Also, document why CTR IV size is now set to 16, so user is noted to set IV appropriately to full extent (including counter). Basically, it's for openssh (and alike) to make it copy IV from privilege separated process. (cherry picked from commit 74d13288e0a664f2615014d441087792eabc5cfa) --- diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index 8ee8481..92be991 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -97,7 +97,10 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[5] = { gost_grasshopper_cipher_destroy_ctr, 1, sizeof(gost_grasshopper_cipher_ctx_ctr), - 8, + /* IV size is set to match full block, to make it responsibility of + * user to assign correct values (IV || 0), and to make naive context + * copy possible (for software such as openssh) */ + 16, false }, }; @@ -136,7 +139,6 @@ static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ofb(gost_grasshop static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx* c) { gost_grasshopper_cipher_ctx_ctr* ctx = (gost_grasshopper_cipher_ctx_ctr*) c; - grasshopper_zero128(&ctx->iv_buffer); grasshopper_zero128(&ctx->partial_buffer); } @@ -210,7 +212,6 @@ GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX* ctx, con c->c.type = GRASSHOPPER_CIPHER_CTR; EVP_CIPHER_CTX_set_num(ctx, 0); - grasshopper_zero128(&c->iv_buffer); grasshopper_zero128(&c->partial_buffer); return gost_grasshopper_cipher_init(ctx, key, iv, enc); @@ -315,15 +316,15 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, EVP_CIPHER_CTX_set_num(ctx, n); size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE; - memcpy(&c->iv_buffer, iv, 8); + grasshopper_w128_t* iv_buffer = (grasshopper_w128_t*) iv; // full parts for (i = 0; i < blocks; i++) { currentInputBlock = (grasshopper_w128_t*) current_in; currentOutputBlock = (grasshopper_w128_t*) current_out; - grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, currentOutputBlock, &c->c.buffer); + grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, currentOutputBlock, &c->c.buffer); grasshopper_append128(currentOutputBlock, currentInputBlock); - ctr128_inc(c->iv_buffer.b); + ctr128_inc(iv_buffer->b); current_in += GRASSHOPPER_BLOCK_SIZE; current_out += GRASSHOPPER_BLOCK_SIZE; } @@ -333,12 +334,12 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, if (lasted > 0) { currentInputBlock = (grasshopper_w128_t*) current_in; currentOutputBlock = (grasshopper_w128_t*) current_out; - grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, &c->partial_buffer, &c->c.buffer); + grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, &c->partial_buffer, &c->c.buffer); for (i = 0; i < lasted; i++) { currentOutputBlock->b[i] = c->partial_buffer.b[i] ^ currentInputBlock->b[i]; } EVP_CIPHER_CTX_set_num(ctx, i); - ctr128_inc(c->iv_buffer.b); + ctr128_inc(iv_buffer->b); } return 1; diff --git a/gost_grasshopper_cipher.h b/gost_grasshopper_cipher.h index 34bf8cc..3a8531f 100644 --- a/gost_grasshopper_cipher.h +++ b/gost_grasshopper_cipher.h @@ -31,7 +31,6 @@ typedef struct { typedef struct { gost_grasshopper_cipher_ctx c; - grasshopper_w128_t iv_buffer; grasshopper_w128_t partial_buffer; uint64_t counter; } gost_grasshopper_cipher_ctx_ctr;