From 250025065332c3c318756b0912da75bdddcdbb98 Mon Sep 17 00:00:00 2001 From: Andrey Rys Date: Fri, 22 Mar 2019 16:30:17 +0700 Subject: [PATCH] fix -C stream -c rand regression. Because "STREAM" mode has separate init function and separate encryption function, I had a mistake to put it into a wrong place at the first time I'd ported code to tfcipher codebase. If you did encryptions with -C stream -c rand options applied in the past, then, to decrypt such streams you must use zero counter value together with omitting first counter bytes from stream. This is especially disasterous if multiple encryptions were performed with same key since STREAM here is effectively an OFB mode of operation. Given that this mode encourages such usage patterns, I feel sorry for such a mistake. Still, CTR mode is better than STREAM mode because it is seekable. From CTR, STREAM differs only in being a nonseekable mode of operation, nothing more. --- VERSION | 2 +- tfcrypt.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/VERSION b/VERSION index 98d9bcb..3c03207 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -17 +18 diff --git a/tfcrypt.c b/tfcrypt.c index c8664cc..8d01618 100644 --- a/tfcrypt.c +++ b/tfcrypt.c @@ -920,8 +920,6 @@ _xts2genkey: if (xwrite(krfd, pblk, TF_FROM_BITS(TFC_KEY_BITS)) == NOSIZE) xerro tfc_data_to_words64(&iseek_blocks, sizeof(iseek_blocks)); tf_ctr_set(ctr, &iseek_blocks, sizeof(iseek_blocks)); - if (ctr_mode == TFC_MODE_STREAM) tfe_init_iv(&tfe, key, ctr); - switch (counter_opt) { case TFC_CTR_SHOW: switch (do_outfmt) { @@ -1003,6 +1001,8 @@ _ctrwagain: lio = xwrite(dfd, pblk, lrem); delta_processed += ldone; } + if (ctr_mode == TFC_MODE_STREAM) tfe_init_iv(&tfe, key, ctr); + errno = 0; do_stop = NO; while (1) { -- 2.31.1