abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix XTS bug

Browse Source 
when input/output share the same buffer, the XTS  output will crush the last input part.
This commit is contained in:
Zhi Guan
2024-07-31 19:27:38 +08:00
parent a266042160
commit 34fa519dc0
2 changed files with 29 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/sm4_xts.c
View File

@@ -51,9 +51,9 @@ int sm4_xts_encrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t twea
gmssl_memxor(out, block, T, 16);
} else {
gmssl_memxor(block, in, T, 16);
sm4_encrypt(key1, block, block);
gmssl_memxor(block, block, T, 16);
gmssl_memxor(out, in, T, 16);
sm4_encrypt(key1, out, out);
gmssl_memxor(out, out, T, 16);
gf128_from_bytes(a, T);
gf128_mul_by_2(a, a);
@@ -62,12 +62,14 @@ int sm4_xts_encrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t twea
in += 16;
inlen -= 16;
memcpy(out + 16, block, inlen);
memcpy(block, in, inlen);
memcpy(block, out, inlen); // backup last part of ciphertext
gmssl_memxor(block, block, T, 16);
sm4_encrypt(key1, block, block);
gmssl_memxor(out, block, T, 16);
memcpy(out, in, inlen);
gmssl_memxor(out, out, T, 16);
sm4_encrypt(key1, out, out);
gmssl_memxor(out, out, T, 16);
memcpy(out + 16, block, inlen);
}
return 1;
@@ -116,19 +118,21 @@ int sm4_xts_decrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t twea
gf128_mul_by_2(a, a);
gf128_to_bytes(a, T1);
gmssl_memxor(block, in, T1, 16);
sm4_encrypt(key1, block, block);
gmssl_memxor(block, block, T1, 16);
gmssl_memxor(out, in, T1, 16);
sm4_encrypt(key1, out, out);
gmssl_memxor(out, out, T1, 16);
in += 16;
inlen -= 16;
memcpy(out + 16, block, inlen);
memcpy(block, in, inlen);
memcpy(block, out, inlen); // backup last part of plaintext
gmssl_memxor(block, block, T, 16);
sm4_encrypt(key1, block, block);
gmssl_memxor(out, block, T, 16);
memcpy(out, in, inlen);
gmssl_memxor(out, out, T, 16);
sm4_encrypt(key1, out, out);
gmssl_memxor(out, out, T, 16);
memcpy(out + 16, block, inlen);
}
return 1;
@@ -258,6 +262,7 @@ int sm4_xts_decrypt_update(SM4_XTS_CTX *ctx,
}
*outlen = 0;
if (ctx->block_nbytes) {
error_print();
left = DATA_UNIT_SIZE - ctx->block_nbytes;
if (inlen < left) {
memcpy(ctx->block + ctx->block_nbytes, in, inlen);

9
tests/sm4_xtstest.c
View File

@@ -23,7 +23,7 @@ static int test_sm4_xts(void)
SM4_KEY sm4_key1;
SM4_KEY sm4_key2;
uint8_t key[32];
size_t len[] = { 16, 16+2, 32, 48+8, 64 };
size_t len[] = { 16, 16+2, 25, 32, 48+8, 64 };
uint8_t plaintext[16 * 4];
uint8_t encrypted[sizeof(plaintext)];
uint8_t decrypted[sizeof(plaintext)];
@@ -77,6 +77,7 @@ static int test_sm4_xts_test_vectors(void)
"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17",
"e9538251c71d7b80bbe4483fef497bd12c5c581bd6242fc51e08964fb4f60fdb0ba42f63499279213d318d2c11f6886e903be7f93a1b3479",
},
/*
{
"openssl-2",
"2b7e151628aed2a6abf7158809cf4f3c000102030405060708090a0b0c0d0e0f",
@@ -84,6 +85,7 @@ static int test_sm4_xts_test_vectors(void)
"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17",
"e9538251c71d7b80bbe4483fef497bd12c5c581bd6242fc51e08964fb4f60fdb0ba42f63499279213d318d2c11f6886e903be7f93a1b3479",
},
*/
};
SM4_KEY sm4_key1;
@@ -146,6 +148,11 @@ static int test_sm4_xts_test_vectors(void)
return -1;
}
if (memcmp(decrypted, plaintext, plaintext_len) != 0) {
error_print();
return -1;
}
free(plaintext);
free(ciphertext);
free(encrypted);