Add checks that keyed algorithms are actually keyed before use

Previously calling update or encrypt without calling set_key first would result in invalid outputs or else crashing.
author: Jack Lloyd <[email protected]> 2017-10-26 20:31:30 -0400
committer: Jack Lloyd <[email protected]> 2017-10-26 22:26:15 -0400
commit: e6d45052efedfe49e99adb6318aaf56e0a9e8d7b (patch)
tree: c6c3ccd3cff3d04285940bf1d518c809e0653947 /src/lib/stream
parent: 315b002ecf00f6b6bb0f0d5200d1f39a83527e8f (diff)
5 files changed, 16 insertions, 7 deletions
diff --git a/src/lib/stream/chacha/chacha.cpp b/src/lib/stream/chacha/chacha.cpp
index 0bbb47bcb..52e5eaaf4 100644
--- a/src/lib/stream/chacha/chacha.cpp
+++ b/src/lib/stream/chacha/chacha.cpp
@@ -116,6 +116,8 @@ void ChaCha::chacha_x4(uint8_t output[64*4], uint32_t input[16], size_t rounds)
 */
 void ChaCha::cipher(const uint8_t in[], uint8_t out[], size_t length)
    {
+   verify_key_set(m_state.empty() == false);
+
    while(length >= m_buffer.size() - m_position)
       {
       xor_buf(out, in, &m_buffer[m_position], m_buffer.size() - m_position);
diff --git a/src/lib/stream/ctr/ctr.cpp b/src/lib/stream/ctr/ctr.cpp
index 99a589bb9..463119caf 100644
--- a/src/lib/stream/ctr/ctr.cpp
+++ b/src/lib/stream/ctr/ctr.cpp
@@ -17,7 +17,6 @@ CTR_BE::CTR_BE(BlockCipher* ciph) :
    m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size),
    m_counter(m_cipher->parallel_bytes()),
    m_pad(m_counter.size()),
-   m_iv(m_cipher->block_size()),
    m_pad_pos(0)
    {
    }
@@ -29,7 +28,6 @@ CTR_BE::CTR_BE(BlockCipher* cipher, size_t ctr_size) :
    m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size),
    m_counter(m_cipher->parallel_bytes()),
    m_pad(m_counter.size()),
-   m_iv(m_cipher->block_size()),
    m_pad_pos(0)
    {
    if(m_ctr_size < 4 || m_ctr_size > m_block_size)
@@ -41,7 +39,7 @@ void CTR_BE::clear()
    m_cipher->clear();
    zeroise(m_pad);
    zeroise(m_counter);
-   zeroise(m_iv);
+   zap(m_iv);
    m_pad_pos = 0;
    }
 
@@ -64,6 +62,8 @@ std::string CTR_BE::name() const
 
 void CTR_BE::cipher(const uint8_t in[], uint8_t out[], size_t length)
    {
+   verify_key_set(m_iv.empty() == false);
+
    const uint8_t* pad_bits = &m_pad[0];
    const size_t pad_size = m_pad.size();
 
@@ -105,6 +105,7 @@ void CTR_BE::set_iv(const uint8_t iv[], size_t iv_len)
    if(!valid_iv_length(iv_len))
       throw Invalid_IV_Length(name(), iv_len);
 
+   m_iv.resize(m_cipher->block_size());
    zeroise(m_iv);
    buffer_insert(m_iv, 0, iv, iv_len);
 
diff --git a/src/lib/stream/rc4/rc4.cpp b/src/lib/stream/rc4/rc4.cpp
index 208b2f560..60565d445 100644
--- a/src/lib/stream/rc4/rc4.cpp
+++ b/src/lib/stream/rc4/rc4.cpp
@@ -15,6 +15,8 @@ namespace Botan {
 */
 void RC4::cipher(const uint8_t in[], uint8_t out[], size_t length)
    {
+   verify_key_set(m_state.empty() == false);
+
    while(length >= m_buffer.size() - m_position)
       {
       xor_buf(out, in, &m_buffer[m_position], m_buffer.size() - m_position);
diff --git a/src/lib/stream/salsa20/salsa20.cpp b/src/lib/stream/salsa20/salsa20.cpp
index e27b2d2bb..3f93cee94 100644
--- a/src/lib/stream/salsa20/salsa20.cpp
+++ b/src/lib/stream/salsa20/salsa20.cpp
@@ -103,6 +103,8 @@ void salsa20(uint8_t output[64], const uint32_t input[16])
 */
 void Salsa20::cipher(const uint8_t in[], uint8_t out[], size_t length)
    {
+   verify_key_set(m_state.empty() == false);
+
    while(length >= m_buffer.size() - m_position)
       {
       xor_buf(out, in, &m_buffer[m_position], m_buffer.size() - m_position);
diff --git a/src/lib/stream/shake_cipher/shake_cipher.cpp b/src/lib/stream/shake_cipher/shake_cipher.cpp
index 4f79777f4..72a8fd885 100644
--- a/src/lib/stream/shake_cipher/shake_cipher.cpp
+++ b/src/lib/stream/shake_cipher/shake_cipher.cpp
@@ -12,13 +12,13 @@
 namespace Botan {
 
 SHAKE_128_Cipher::SHAKE_128_Cipher() :
-   m_state(25),
-   m_buffer((1600 - 256) / 8),
    m_buf_pos(0)
    {}
 
 void SHAKE_128_Cipher::cipher(const uint8_t in[], uint8_t out[], size_t length)
    {
+   verify_key_set(m_state.empty() == false);
+
    while(length >= m_buffer.size() - m_buf_pos)
       {
       xor_buf(out, in, &m_buffer[m_buf_pos], m_buffer.size() - m_buf_pos);
@@ -37,6 +37,8 @@ void SHAKE_128_Cipher::cipher(const uint8_t in[], uint8_t out[], size_t length)
 
 void SHAKE_128_Cipher::key_schedule(const uint8_t key[], size_t length)
    {
+   m_state.resize(25);
+   m_buffer.resize((1600 - 256) / 8);
    zeroise(m_state);
 
    for(size_t i = 0; i < length/8; ++i)
@@ -53,8 +55,8 @@ void SHAKE_128_Cipher::key_schedule(const uint8_t key[], size_t length)
 
 void SHAKE_128_Cipher::clear()
    {
-   zeroise(m_state);
-   zeroise(m_buffer);
+   zap(m_state);
+   zap(m_buffer);
    m_buf_pos = 0;
    }
author	Jack Lloyd <[email protected]>	2017-10-26 20:31:30 -0400
committer	Jack Lloyd <[email protected]>	2017-10-26 22:26:15 -0400
commit	e6d45052efedfe49e99adb6318aaf56e0a9e8d7b (patch)
tree	c6c3ccd3cff3d04285940bf1d518c809e0653947 /src/lib/stream
parent	315b002ecf00f6b6bb0f0d5200d1f39a83527e8f (diff)