Fix 34.13 OFB bug with len(IV) > 2

diff --git a/pygost/gost3413.py b/pygost/gost3413.py
index c0201c97ae8d2947aaf149494d444463c6c83a90..cdf82101203d919307b02f5db276dc4bb4800ddb 100644 (file)
--- a/pygost/gost3413.py
+++ b/pygost/gost3413.py
@@ -138,7 +138,7 @@ def ofb(encrypter, bs, data, iv):
     result = []
     for i in xrange(0, len(data) + pad_size(len(data), bs), bs):
         r = r[1:] + [encrypter(r[0])]
-        result.append(strxor(r[1], data[i:i + bs]))
+        result.append(strxor(r[-1], data[i:i + bs]))
     return b"".join(result)
 
 

diff --git a/pygost/test_gost3413.py b/pygost/test_gost3413.py
index f1574eef6f17c73e247b967d199534dbc884b5a7..e26a3ea8752c865201d27af06cb83fcc00becdf5 100644 (file)
--- a/pygost/test_gost3413.py
+++ b/pygost/test_gost3413.py
@@ -18,6 +18,7 @@ from pygost.gost3413 import pad2
 from pygost.gost3413 import unpad2
 from pygost.utils import hexdec
 from pygost.utils import hexenc
+from pygost.utils import strxor
 
 
 class Pad2Test(TestCase):
@@ -110,6 +111,19 @@ class GOST3412KuznechikModesTest(TestCase):
             ct = ofb(ciph.encrypt, 16, pt, iv)
             self.assertSequenceEqual(ofb(ciph.encrypt, 16, ct, iv), pt)
 
+    def test_ofb_manual(self):
+        iv = [urandom(16) for _ in range(randint(2, 10))]
+        pt = [urandom(16) for _ in range(len(iv), len(iv) + randint(1, 10))]
+        ciph = GOST3412Kuznechik(urandom(32))
+        r = [ciph.encrypt(i) for i in iv]
+        for i in range(len(pt) - len(iv)):
+            r.append(ciph.encrypt(r[i]))
+        ct = [strxor(g, r) for g, r in zip(pt, r)]
+        self.assertSequenceEqual(
+            ofb(ciph.encrypt, 16, b"".join(pt), b"".join(iv)),
+            b"".join(ct),
+        )
+
     def test_cbc_vectors(self):
         ciphtext = ""
         ciphtext += "689972d4a085fa4d90e52e3d6d7dcc27"