Merge pull request #262 from libtom/pr/ocb3-done-taglen-fix

ocb3_done taglen fix
This commit is contained in:
Steffen Jaeckel 2017-08-07 21:07:25 +02:00 committed by GitHub
commit 7993ce8e10
8 changed files with 55 additions and 307 deletions

View File

@ -125,6 +125,7 @@ env:
after_failure:
- cat test_std.txt
- cat test_err.txt
- cat tv.txt
after_script:
- cat gcc_1.txt

View File

@ -26,7 +26,7 @@ fi
echo -n "testing..."
if [ -a test ] && [ -f test ] && [ -x test ]; then
((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt" && exit 1)
((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt or tv.txt" && exit 1)
if find *_tv.txt -type f 1>/dev/null 2>/dev/null ; then
for f in *_tv.txt; do
# check for lines starting with '<' ($f might be a subset of notes/$f)

View File

@ -435,12 +435,12 @@ void ocb3_gen(void)
kl = cipher_descriptor[x].block_length;
/* skip ciphers which do not have 64 or 128 bit block sizes */
if (kl != 8 && kl != 16) continue;
if (kl != 16) continue;
if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
kl = cipher_descriptor[x].max_key_length;
}
fprintf(out, "OCB-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
fprintf(out, "OCB3-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
/* the key */
for (z = 0; z < kl; z++) {
@ -459,7 +459,7 @@ void ocb3_gen(void)
}
len = 16;
if ((err = ocb3_encrypt_authenticate_memory(x, key, kl, nonce, noncelen, (unsigned char*)"AAD", 3, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
printf("Error OCB'ing: %s\n", error_to_string(err));
printf("Error OCB3'ing: %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
fprintf(out, "%3d: ", y1);

View File

@ -2,7 +2,7 @@ OCB3 Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. T
are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous
step repeated sufficiently. The nonce is fixed throughout. AAD is fixed to 3 bytes (ASCII) 'AAD'.
OCB-aes (16 byte key)
OCB3-aes (16 byte key)
0: , B314B579B54365D9094A8A7544FECFA7
1: F9, 3E49FF310B88634BACA91D55DFBAA185
2: 04B6, E13FBD06086CAEF7AD042C93D7BB6FB0
@ -37,64 +37,7 @@ OCB-aes (16 byte key)
31: F2CF0958F00F11E8564CFFD9AEC71451344E2A35DE7D82D1AAC14649BCD34C, 04E97E02B50CFCC86EC0B9A958057F66
32: 914755B90B12CF5720CC0176AED145ADEC862E51B237AFE862477CF91D729768, EEDA6BE8E7875AA7E1E3393DE81FBAF7
OCB-blowfish (8 byte key)
0: , 6C3BBA12B543C3BE
1: D6, D72F643440F08AC1
2: 8208, B7FD2E2D5FF4B273
3: BB2B8F, E6B6A023460F07B0
4: F2BC4A6C, 7B9D26784038A593
5: AAFDBD8EC2, 24E6F671E7A0D394
6: 929326B18E7F, 5C6CEAEF7B63DA71
7: 085C9A0013CB23, 2C0BA203FC706398
8: BA45E34414383ABD, E367DDFF2B9E7B51
9: 1287AE007E03F4B6B6, 6EDF52831D00F616
10: 2871B39ACFE7E8D7C326, 9ED4DB2D5ADBC902
11: 46DF7AAFBE096C26536BCC, 497B8F7930B03150
12: 7F794AD0A6673F9DD9BA09FB, 4B6817508EF74773
13: 138D1877D61021E526EFBB9F9C, 0E18238F3112C0F6
14: FFFF1DDC353F4C0F832C73D4C4F4, DCFCECFEE8B0BDE8
15: 5B8F209B6FBCCF323773CDE26B1ECD, BE11C1DA023F30F7
16: C3C1438B50A1124556164A38D12FEC6C, 532740AF7CB776B0
OCB-xtea (16 byte key)
0: , D00F0AAB89FD2268
1: F4, 5EC48A975A5284D0
2: EA67, 4D7DDB44F00B1914
3: 19E6F3, 5DC77905DE7BCA27
4: 164F891A, E41BFD4F3D256B72
5: DD08DE502D, BB92537DED07B1D5
6: B176A93723F9, D6B5BBE9BD9DCC2F
7: 9F0CBA46793F6B, 3936294EF1745B93
8: 04CC55A49B65D296, 4BAD576455149F19
9: 7D6FCB8FF28FFE7DF7, 40FEBD5048374447
10: E5B23D64643BE920B5DD, 7E980F9F6A1C1E24
11: 07D48D6A863286C485C169, 14FBE819A4E05066
12: 4DF565F388F75E453554CB98, BB63ABAE98B89A0D
13: 3B839BF161A9A873C67D864412, FFBBE368571140CE
14: 35D0E47C7B52F63D9CD52B5EF7C1, FBBE7080BE16A358
15: F657C137AD01E24A2E09EAE9669060, C61609D640AED997
16: 06BF9F739218FAF8469393E4A880401B, F1A833E2FF0F59D1
OCB-rc5 (8 byte key)
0: , C8A6E737A8E6C157
1: D5, F9FC436713D8C578
2: A52B, 620A27B44F9DB42E
3: AA4253, AC7574A061DBAC3E
4: 3E9241AE, F5011F6F49F35AB7
5: FB39924246, C53004198FD2C046
6: 847A3249B1E8, 92B4300BE557D04F
7: F8BC0AEC7A0DDC, 27CCDB48F5AC84AA
8: 5A7A91DFBE572B10, 67D4775F5AA660F8
9: 475F7E67910AB33762, 2193ECC897A7E0A8
10: 8F7254CB03D427D123F3, 2814085372D28E3B
11: 0669B3DF133675FDF0E6C4, BD2282F47C5AB17A
12: D3041D4F0C79FBFE6155DAAD, 01228ED90A077F1E
13: 2A46C3FEEDBF49B14520FB1786, AB61B06971BE04FE
14: C3E5F4749B28E6C70263B9A49411, A0D06FCEC6F8C051
15: 5A307C6E510C7B7F0838B9FD3B3CC8, A7F7A41558848158
16: C2E2DD4DEF101AA2EF8696B9FDD24B03, 614D0606D5BC577E
OCB-rc6 (16 byte key)
OCB3-rc6 (16 byte key)
0: , E55863F7B850CEA28023BA8E2AB1F4FD
1: E5, C1F5CEA421F84AECACF622BCE507BD21
2: 6443, FB3B7992E057AA4A0E31E8718093740B
@ -129,7 +72,7 @@ OCB-rc6 (16 byte key)
31: 80F7CA76B988519731D76C4D60DA0E5C77BEC17368C9B237AE60A910312334, 962C1F0C4E7C8137863A48E6E5BFA44B
32: 1B43CDD2D0E13ECAE95F2DE4782760679CDCCE5E74A3C3E6614BAD86DFE073EE, B5A6A14CA26E60AAC3B5C9DB0723ACE5
OCB-safer+ (16 byte key)
OCB3-safer+ (16 byte key)
0: , 8F56A79150DEFC6B2CBB3FB6E359FBD2
1: C9, 8E316BB1D0C29B6D7A5A87099B85B72A
2: 2060, BC6DEBA562045204F685BD4AD1095614
@ -164,7 +107,7 @@ OCB-safer+ (16 byte key)
31: 017E3A54463EDC279879A07FD7BFF1225CEE307BD8741B6013FE4C9A454EB8, 10449A44C1F90C64CCCA5D808AC705A5
32: DB9C895FF4A59D407344B8254FCD416F0D5EDB2ECB639CF226DEAA76370FB79D, CFE8C49CF0E323F694FAB1805A85DC93
OCB-twofish (16 byte key)
OCB3-twofish (16 byte key)
0: , 924B3293251DA82CC6843F4616DAA68D
1: 01, 4B07AF17FF5D6C2477E90B7843F19D1B
2: 5CFF, 75BF06BF38FA2BEC8A3A546B9E29741E
@ -199,159 +142,7 @@ OCB-twofish (16 byte key)
31: 8726247FAEB21D7F8927DC3E90267ECD744A8452C64B9EBE08D1A590BFA1F9, 8D75DAEC7E4438E7C701A392346EBBF6
32: 0DC0EE528456FEC203AFB12A55A4D3A901B9408958E5387EB42E75730D98B6A6, D7D682F57C1E1671BE459EE33BEA6B26
OCB-safer-k64 (8 byte key)
0: , 60AE63AE99A88F09
1: 44, 0B3706AE0C2E2E1B
2: FFC9, 2DE3EFEA9DA4E0B1
3: 9EDB9C, 3C6B708DDFAE78BD
4: 4F411B9D, 7B5C8D7355207D99
5: 137EFBA977, 8F5A27A51F6360E4
6: 518F478CF00F, 5D9D0B18CF5A3441
7: 8ABF02E8C3B6E3, 2A9F38EC4EEE4B66
8: B46D658ED0580427, 154E306DA82C5B04
9: 97C857F1454868744F, 235006CFBF3746DC
10: 75D9C1CED5E4A9D74B83, AD470CD821D5A3BB
11: 8BD62F6A7984C86BBC5BC1, 44BFE38FC9B0E173
12: 3A7C8ECD7732D6546CCBC28F, 5ED6C3E7AFB1F896
13: 52C030D775D19B605CDFA5ADE4, 010FFFDAFF4868BF
14: 6740280BFAD4A8844626BCCE6FB2, 80A60FD0D0A15DA7
15: F5B6DD3ED6612F59B8A073E3EC5033, 36F2EC985AB2C969
16: 02581A19286680A999FB9830DCB77BEC, 3015B26725FB9D53
OCB-safer-sk64 (8 byte key)
0: , 2B5F164039EC1FF2
1: BD, 3072BD9737BB4DEC
2: 71F3, C358816473A2C3F0
3: F370EA, 83F377FF988F1B51
4: 98565D32, FCA53CD3A9DABBCD
5: EAB324F774, 421AF23FCAD01DCE
6: C5B0814A9FEB, 9313C6B3088C3924
7: B2BE28DB8A7CE4, 4D01C1E7AA97B299
8: E410D82D4064AED0, 9BE40E1610857C31
9: 020B907AF549B78C87, 041F712E41020281
10: 340281F8C266EA8C7A32, 6ABE5616D2FA74EC
11: BDC98894B81C6D27E1B68A, 0C04AC90EA1A9CA5
12: 8499598100F79CCB99658CC9, 80BF184C2A145C77
13: 225E9058E1E04C0094A7930951, DFF29FC9970FBE6E
14: 2921DB3AA293E8EBCD1624227B63, 66C946BB38353006
15: 666A373BB8D5E705B7C6FB57366FFA, 9107520B8B727240
16: 99A7DEA8DB637CD1C92C814D3C1A64A2, 88086A2AB997BBDD
OCB-safer-k128 (16 byte key)
0: , 40A7E9B40AAC05E1
1: B1, C22564913F5A2BAD
2: 95A1, FFA940A16367A92B
3: 9B2C72, 13AA7AC4A229C17F
4: 1F986AFF, 38FA204AD590363C
5: 6D8575E1E4, 29C7A65AC4CB96E1
6: B66053304FBA, 90FDB74422EF97D2
7: 3AF64A001B7F6C, 00BE93CEA7F27105
8: 838E09F49FA3AC15, 74621705326B0B30
9: BAB2B85FAC5DC83489, 8AB828D9D6C23621
10: 3AEF47ED7CCDE4D085D6, 1DAE20BED85FC6EB
11: 16B8926C2F2B591C16671E, 9059D39D4896E541
12: B7F7F74BC766AEC2C927E8D9, DD8CD0D361E458B1
13: DFC4F2CCCECE6C37BCDDDAB3E8, F43757F2561806A2
14: 981C89C0D2BC84D757733661FEBE, 2E6739D64A66F8A4
15: 71CAE38513289770E2144C85F86ECC, 7E6B772ACADBB5E5
16: C762E3C8CA8934312AD0FFA260AA21F3, 147F6D215719D80B
OCB-safer-sk128 (16 byte key)
0: , DBC0A566E43D78EB
1: 7B, 0A5B7E6504D09E0D
2: 93C6, F0965D809512F60C
3: 371A02, 26C1101DFBD5B5B5
4: 9289CC21, 1DD5B6E7B434D085
5: 462F4E430E, 359A72726D607F77
6: 754822D87238, D2C3C36B578EDD54
7: ECD5B066CA1099, 43501B21F2F3B81A
8: 0B5E88DFE1EA77AE, 02AB5CE6F21ACD13
9: 37B1F29B385FBC7719, C5C3276464EE75F2
10: 3DFDF3F96F069D16D073, 1B3815F5E66D9B16
11: D71B6574B09AF3E2892702, F23983243BA05358
12: 3FDF716461B02B1A800FBDAC, 76DC47B577DB0428
13: 2A401964D55907EC06AA5A865F, 48D2A85A1394C9D7
14: B92B44D7D203675484CBA922C7A5, 03CEC9B3F03FF6F6
15: CBE7F6D81C4FF6E0E7DDCFE4DC9865, 7DFE226E27765F3D
16: 54D4EC026089660D0A5DCBA3C6096F27, 07E13D50E610167E
OCB-rc2 (8 byte key)
0: , 64AF97108168F222
1: 7A, 8D76828ABA00E9F2
2: 92B4, 46173CDD4000CF80
3: BDA76B, 418CBA55192C3C14
4: 39770C9B, ADDB0A3DE174E8BF
5: 7DA3100250, 55CF46A530E296CC
6: 1B685D542DAC, 414D5D3AA58B2D9F
7: 6A1172A01FAE68, 707C8FFDC3A28162
8: 3643C5C11A14FA6C, 4340696B5CE9A559
9: DBABB16A1D908AB735, 7307611EC44A8CE2
10: DA209E874A3D0962826D, AA3119B1745C547A
11: 2F4543B7EF467676601565, 3153CD137ECC8642
12: F7F776D30C833802C3B03EE9, B35BCE4DE7356F87
13: A19B3618727C8AD0071AA068BF, 137CAB9A02D34F23
14: B6B06B70CF74EE900BC8237D6C88, 8393EC248840E83E
15: FF7316B644450C96A7FA19912282AE, 08231DF3DCAFB00A
16: 018FBDF023323BBA7BECF9BCEC49C645, 3CBFF9B5F03F97F7
OCB-des (8 byte key)
0: , ED4327DD4269EFF8
1: 9E, CF026B3E06459E45
2: 6695, EC7373BD53E08021
3: 2B162F, 2009ECBCCED951CC
4: 6D2383BA, AB01479F7CA86837
5: EF7AF7B925, 6C499BB9C50F2867
6: 9A209AEEF740, ECD38B6E578E5BB6
7: 64A6847FBAB815, 04CCA3BD0B5A0E86
8: EF6E5AB10AFF4637, 6BA435083EB73B42
9: 9DF882164AC1093A6A, 6F675349AD4A5F0A
10: 2A387714DF49F0B198CE, BF11D193B33332CF
11: A22B9ACF695E509D7DACE0, 30AD5F8E9BEBAECD
12: 6FE138F1AD18AD82566FA62D, DDE29234BADCB116
13: 5E999D45A65F1E7B8D6E23928A, B42126323E230103
14: 450ADBB95F5D30C4ED07EF5D61C6, C9AEF234D2A62D84
15: DA6EA48D2FD0CD148AF3C820B35D8F, 17EE5C13C4EF2230
16: 929440B304802E9963E645962D03311E, 3F70A65858B4CFFD
OCB-3des (24 byte key)
0: , AADB051E60C3120E
1: 01, 20A7FE8C75FB9E6B
2: 1F2C, C1E73FE3B49807B3
3: 18BA50, DD5049D65C6E3E41
4: 831F26C5, 29A93FC7BB7028E4
5: 0F2687749A, 5A17CDD57275D990
6: E859252FE864, B546B6CE8058E9C4
7: 45664737F4B25F, 9114205390E66F64
8: D05C5A3578EFCAAC, 7633784CDB458899
9: E4C51E2E306B4304DD, B13F8620AFB606B4
10: 69A5B1ED52EE639927BE, 01DF9CA135E1F0F8
11: 470473A317D7F261425751, 201A0B1E678D47F9
12: 835834F8FC21B8CB27D2E0B1, A48CD87F705E1816
13: 8CC41824101B5F330CE1109AE5, E68F62A44E2E15C8
14: 9EDE893B691E3E5A0322B8DABC7E, FB5997E400EEABDC
15: 7E71195F9CD039D025A8A4F90E718F, 2B68E17F3B544A09
16: 1D217BA1D0F2FA051258E65E4FC7D60B, 089A17777546EA21
OCB-cast5 (8 byte key)
0: , 77D9102CCB59F03F
1: 65, DFB130E2B4B8CDCD
2: 752F, 3C025A7E3B0C0677
3: A32F20, 9877D937F0078B1D
4: 2721E6C8, 0F40ED1C23EFC71C
5: 95C4269DCF, D2E25B933FE78F63
6: 8CB240723A3A, A6704E1218CA3CB6
7: CD2CA6456A5416, 99EA298978513F00
8: 95094FD229EB9EFB, 055771E04E1FE0B1
9: 052F37165BB7B31071, 00DA99C81DF5A15A
10: 31B4551AD67991DAB505, B61C6F06889500A9
11: 1F9E4C34E96D8BCCD9AF55, 9D7A3D3C78D456A0
12: 856E2E4CD20DD9BE45E0CDED, 6FF332546BF351D8
13: 65C3B9E6ABEA205C75A43F2D18, B877EBC583A65589
14: E41F26A7F537A32B15DC6115E973, 4CF3710865E33BA6
15: 0AD880644E5BC87CB4D702F0074085, 60567AFD8C6D52BB
16: 03C0CB1D2854BC9F286422E8BBFE4A36, EB10E5429866623E
OCB-noekeon (16 byte key)
OCB3-noekeon (16 byte key)
0: , B23A40302652E204B694EA78AF5A8FCC
1: B1, 5245C8680A6F4520168B173A39661249
2: CE8C, 05763A489DF8B88DF01862007B2D6655
@ -386,26 +177,7 @@ OCB-noekeon (16 byte key)
31: 17C5B1127E3D08737590EFB2FEB17562E7FDB4B21A768595ADDD9697CF9B46, 6F4BC0A033BE040350FF4958866BDEA0
32: 4667525E9B39821CF08E6C7A7E37A5020CE23F81DEF05932113E9A6B5B3F9BCF, 5C0350C6F7299192947EB22ED415B05C
OCB-skipjack (10 byte key)
0: , 463C1E4DD1A03085
1: 44, 754EDDA8D5F6395F
2: A91F, 19D6B04F49F65FF0
3: 8572D7, A97380A827EE921A
4: 8B6A518C, 28F53D973490974E
5: AE64F0C5AD, 3A01F1B733C27295
6: F9075088FDBC, 25B88A75E41E1181
7: 454FA7B9ADBD08, 27EAC47AECF83243
8: 658A1888D9405313, BDC5DA72A5B4A18E
9: 5BBAC180FAA537AF97, 5BEE47690DB770C2
10: D5A1526B948F67F282ED, A5CC6F9F770B9B64
11: 6A51609E928064B6CC9B63, 9BFD9968FAD94974
12: B3C69893E260B791A9C3A843, 78685FFD8835AF00
13: CAA5800B6B5C50949F4EB8519B, 39AD309E4BFB47B0
14: 2B12D18B98AA3B3084837E2AF840, 920361326313A489
15: 0D2F21E3B3DB3D2B31B880459DDF22, 86307ADEB332A89C
16: CD489F4272596715EC86B770D89BAA7D, 2006F5269A5D1C58
OCB-anubis (16 byte key)
OCB3-anubis (16 byte key)
0: , BAF3C352341E4E8F5E1FE11C9CB3E151
1: 1E, 01BAEEA2431B9106129937F135D46215
2: B586, AC89B511AC5F80B2E6F9E6BC96DDCE15
@ -440,26 +212,7 @@ OCB-anubis (16 byte key)
31: 55AFBFA3A57B960AC0F8B3DAE6EA60165FF7D5A77731B05BCB7E8C647487AA, E25444D551A823650757DAAD8ED6B588
32: 5553F81F123EC0697C26B00BF20BE287C0A1E9C4035C8EB3036F6D58C8A3B83B, B7349CE03F264F816305A6D46C274980
OCB-khazad (16 byte key)
0: , 5C7E2DC1EDC4A2C3
1: A0, 261565EAA758EDE4
2: D9A3, DB69625E0A482236
3: 24FF77, EEDE8B25C54FD6FC
4: E50379C7, 593CA74DED369316
5: B97E794387, C3B94E37EC8CC73D
6: 97D5EA990145, 8A4E4D0EF6BD0D11
7: C99C82C3DE57A8, 05CFE7406F2CE99F
8: 234CD0F6D7130A26, DDE441C5490AEB12
9: 92D4A7184BA6675978, E1581CE1444BE08E
10: 8081C79F87CD727AD54F, 9A9A96082EC690FD
11: E9D3A5084F343F1918B4A3, EFD4542587D3C5DC
12: 03883C6376ECDF6920A13B10, F516CF01CD535DB6
13: 6F0561BDD4344CBD5FC4A97848, 20C8C8F2CFACB2FD
14: 84471FFB6BBB222902E8AB2C352B, D119D45DBD7B7D22
15: AEBC54E4987FA01FA7EE237514D703, 7021FAEFC48DA692
16: E907A9DC08A3152106399AA178A2B445, E756B6BBE721A3CC
OCB-seed (16 byte key)
OCB3-seed (16 byte key)
0: , A7D37A371F0B3596ACF3856B5D18B45E
1: 49, 3C671A1AFA5B253DD8FF67FFED9C33E4
2: B986, 2A069C4C6FF67FA6880D6EDA8490A3C6
@ -494,45 +247,7 @@ OCB-seed (16 byte key)
31: 9DB58E1FEF922A4A1F99602710ABCA029E8A10383465C62967EB0A466F11AD, 08D4FF277C8DA53A2598201B255B7FD7
32: 1BD03BAB70BE842FDB12E49DEB04AE477335B0B3930E75A27C37EBB1594099E7, 3A6DEAE1C289763C4405DE86544DF401
OCB-kasumi (16 byte key)
0: , 85F676BFBCB7B036
1: 2D, BD6D4E9C82E5CA26
2: 724C, 2AA67DB029E78720
3: E762C3, 3217E72AF565E98F
4: 5A14AF1F, 6DE5CCF42AE4372D
5: 3FE0C9B5BC, 5E8CCCB96F1971A5
6: 647D9AE7286B, 1C53A14119C1A650
7: B1A5078D8E09BC, C2F46899E85A43EB
8: 4AAEF1B9316A1D2A, 4ADBC39C6CD59480
9: 97C4036A9EDB69F305, 7AF592CAB645C899
10: 2F2EBFA927812C6F6FF9, AE0DEC9D2D8E5BB4
11: B98061CC8801BE7A640651, 2CC2F1BBF418C4BF
12: 9EE7742DBA13B66994FC5C53, BE6A9A6EDD45914C
13: D1DBCFEEE8F2F5E94F74774CCE, 6D9377693CD38F8A
14: 7D8C7B966FDAB2C4027220C77CAD, 8AF85A125D36D09C
15: B254AE0DFA35531477D50906C695DC, 4FE0519983397BB0
16: 223FB914E44BE1755D94F963BF701F90, 0C8D07BAA2D66E4E
OCB-multi2 (40 byte key)
0: , EA28ABA0D6F4E490
1: F7, 951E5C33632C1B2E
2: FD2B, 1C5912FD3190C3B1
3: 6AD41D, 38D5D04491483BE4
4: 611E46CD, 2B4C4AA96B9D4DE8
5: E2E52662AE, 24BC447CFACF4EA5
6: D3BEA1AD5905, AE39AC799F3BFAE5
7: 67FF55F2B4C49D, 426ECF9B4FAEB310
8: D823598A47C17669, 662829935E1DC1B2
9: CC194A8DF3491A595B, 559D45F5E4029FCF
10: B51207427B00FCEBCA20, 806928EDDDCAAF67
11: 95AD2F304AA91A0521BCF8, 0DD36DC4BFECE04B
12: 13999C2A8C566FE58AFFC34E, 7D2943749BC160F3
13: FEF35288E697EC0B96ED7351EE, 5999E5EAD14F635D
14: 02DFF262D43C7796030F68DBDDE4, D6EEC27981EA7FD2
15: D70DF509F5A6ED361C96F7B59C5F0A, 4B3F0ECE9E727DF4
16: 966600DC680F216DB2591654161C51F2, 2F9985210161A9FE
OCB-camellia (16 byte key)
OCB3-camellia (16 byte key)
0: , DFF7EA9ECD4E2AD37B9838E85F9D36EB
1: 1B, D5D37222F530EA2C282A4D8BC55A08EA
2: B73C, 5163F4BD7CBC03DA1B31C7C1105B5511

View File

@ -34,6 +34,12 @@ int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen)
goto LBL_ERR;
}
/* check taglen */
if ((int)*taglen < ocb->tag_len) {
*taglen = (unsigned long)ocb->tag_len;
return CRYPT_BUFFER_OVERFLOW;
}
/* finalize AAD processing */
if (ocb->adata_buffer_bytes>0) {
@ -64,13 +70,9 @@ int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen)
/* tag = tag ^ HASH(K, A) */
ocb3_int_xor_blocks(tmp, ocb->tag_part, ocb->aSum_current, ocb->block_len);
/* fix taglen if needed */
if ((int)*taglen > ocb->block_len) {
*taglen = (unsigned long)ocb->block_len;
}
/* copy tag bytes */
for(x=0; x<(int)*taglen; x++) tag[x] = tmp[x];
for(x = 0; x < ocb->tag_len; x++) tag[x] = tmp[x];
*taglen = (unsigned long)ocb->tag_len;
err = CRYPT_OK;

View File

@ -114,11 +114,17 @@ int ocb3_init(ocb3_state *ocb, int cipher,
return CRYPT_INVALID_ARG;
}
/* Make sure taglen isn't too long */
if (taglen > (unsigned long)cipher_descriptor[cipher].block_length) {
taglen = cipher_descriptor[cipher].block_length;
/* The blockcipher must have a 128-bit blocksize */
if (cipher_descriptor[cipher].block_length != 16) {
return CRYPT_INVALID_ARG;
}
/* The TAGLEN may be any value up to 128 (bits) */
if (taglen > 16) {
return CRYPT_INVALID_ARG;
}
ocb->tag_len = taglen;
/* determine which polys to use */
ocb->block_len = cipher_descriptor[cipher].block_length;
x = (int)(sizeof(polys)/sizeof(polys[0]));

View File

@ -205,6 +205,7 @@ int ocb3_test(void)
int err, x, idx, res;
unsigned long len;
unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
ocb3_state ocb;
/* AES can be under rijndael or aes... try to find it */
if ((idx = find_cipher("aes")) == -1) {
@ -214,7 +215,7 @@ int ocb3_test(void)
}
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
len = sizeof(outtag);
len = 16; /* must be the same as the required taglen */
if ((err = ocb3_encrypt_authenticate_memory(idx,
key, sizeof(key),
nonce, sizeof(nonce),
@ -244,6 +245,8 @@ int ocb3_test(void)
return CRYPT_FAIL_TESTVECTOR;
}
}
/* RFC 7253 - test vector with a tag length of 96 bits - part 1 */
x = 99;
len = 12;
if ((err = ocb3_encrypt_authenticate_memory(idx,
@ -274,6 +277,26 @@ int ocb3_test(void)
#endif
return CRYPT_FAIL_TESTVECTOR;
}
/* RFC 7253 - test vector with a tag length of 96 bits - part 2 */
x = 100;
if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK) return err;
if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK) return err;
if ((err = ocb3_encrypt(&ocb, P, 32, outct)) != CRYPT_OK) return err;
if ((err = ocb3_encrypt_last(&ocb, P+32, sizeof(P)-32, outct+32)) != CRYPT_OK) return err;
len = sizeof(outtag); /* intentionally more than 12 */
if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK) return err;
if (compare_testvector(outct, sizeof(P), C, sizeof(C), "OCB3 CT", x)) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.enc", x)) return CRYPT_FAIL_TESTVECTOR;
if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK) return err;
if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK) return err;
if ((err = ocb3_decrypt(&ocb, C, 32, outct)) != CRYPT_OK) return err;
if ((err = ocb3_decrypt_last(&ocb, C+32, sizeof(C)-32, outct+32)) != CRYPT_OK) return err;
len = sizeof(outtag); /* intentionally more than 12 */
if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK) return err;
if (compare_testvector(outct, sizeof(C), P, sizeof(P), "OCB3 PT", x)) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.dec", x)) return CRYPT_FAIL_TESTVECTOR;
return CRYPT_OK;
#endif /* LTC_TEST */
}

View File

@ -266,6 +266,7 @@ typedef struct {
symmetric_key key; /* scheduled key for cipher */
unsigned long block_index; /* index # for current data block */
int cipher, /* cipher idx */
tag_len, /* length of tag */
block_len; /* length of block */
} ocb3_state;