diff options
author | Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org> | 2018-07-19 20:11:37 +0300 |
---|---|---|
committer | Vitaly Chikunov <vt@altlinux.org> | 2018-07-25 10:55:39 +0300 |
commit | 74d13288e0a664f2615014d441087792eabc5cfa (patch) | |
tree | 71b943fed2884de3c4201adc7813df0a33d7f489 /gost_grasshopper_cipher.c | |
parent | 3b13010957ba21890b5a9ece321a14aada1d7deb (diff) | |
download | gost-engine-74d13288e0a664f2615014d441087792eabc5cfa.zip gost-engine-74d13288e0a664f2615014d441087792eabc5cfa.tar.gz gost-engine-74d13288e0a664f2615014d441087792eabc5cfa.tar.bz2 |
Fix grasshopper-ctr reinitialization
Also, document why CTR IV size is now set to 16, so user is noted to set
IV appropriately to full extent (including counter). Basically, it's for
openssh (and alike) to make it copy IV from privilege separated process.
Diffstat (limited to 'gost_grasshopper_cipher.c')
-rw-r--r-- | gost_grasshopper_cipher.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/gost_grasshopper_cipher.c b/gost_grasshopper_cipher.c index 0bc4493..a1e2ce8 100644 --- a/gost_grasshopper_cipher.c +++ b/gost_grasshopper_cipher.c @@ -98,7 +98,10 @@ static struct GRASSHOPPER_CIPHER_PARAMS gost_cipher_params[5] = { gost_grasshopper_cipher_destroy_ctr, 1, sizeof(gost_grasshopper_cipher_ctx_ctr), - 8, + /* IV size is set to match full block, to make it responsibility of + * user to assign correct values (IV || 0), and to make naive context + * copy possible (for software such as openssh) */ + 16, false }, }; @@ -137,7 +140,6 @@ static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ofb(gost_grasshop static GRASSHOPPER_INLINE void gost_grasshopper_cipher_destroy_ctr(gost_grasshopper_cipher_ctx* c) { gost_grasshopper_cipher_ctx_ctr* ctx = (gost_grasshopper_cipher_ctx_ctr*) c; - grasshopper_zero128(&ctx->iv_buffer); grasshopper_zero128(&ctx->partial_buffer); } @@ -211,7 +213,6 @@ GRASSHOPPER_INLINE int gost_grasshopper_cipher_init_ctr(EVP_CIPHER_CTX* ctx, con c->c.type = GRASSHOPPER_CIPHER_CTR; ctx->num = 0; - grasshopper_zero128(&c->iv_buffer); grasshopper_zero128(&c->partial_buffer); return gost_grasshopper_cipher_init(ctx, key, iv, enc); @@ -321,15 +322,15 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, ctx->num = n; size_t blocks = inl / GRASSHOPPER_BLOCK_SIZE; - memcpy(&c->iv_buffer, iv, 8); + grasshopper_w128_t* iv_buffer = (grasshopper_w128_t*) iv; // full parts for (i = 0; i < blocks; i++) { currentInputBlock = (grasshopper_w128_t*) current_in; currentOutputBlock = (grasshopper_w128_t*) current_out; - grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, currentOutputBlock, &c->c.buffer); + grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, currentOutputBlock, &c->c.buffer); grasshopper_append128(currentOutputBlock, currentInputBlock); - ctr128_inc(c->iv_buffer.b); + ctr128_inc(iv_buffer->b); current_in += GRASSHOPPER_BLOCK_SIZE; current_out += GRASSHOPPER_BLOCK_SIZE; } @@ -339,12 +340,12 @@ int gost_grasshopper_cipher_do_ctr(EVP_CIPHER_CTX* ctx, unsigned char* out, if (lasted > 0) { currentInputBlock = (grasshopper_w128_t*) current_in; currentOutputBlock = (grasshopper_w128_t*) current_out; - grasshopper_encrypt_block(&c->c.encrypt_round_keys, &c->iv_buffer, &c->partial_buffer, &c->c.buffer); + grasshopper_encrypt_block(&c->c.encrypt_round_keys, iv_buffer, &c->partial_buffer, &c->c.buffer); for (i = 0; i < lasted; i++) { currentOutputBlock->b[i] = c->partial_buffer.b[i] ^ currentInputBlock->b[i]; } ctx->num = i; - ctr128_inc(c->iv_buffer.b); + ctr128_inc(iv_buffer->b); } return 1; |