TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ocb3: properly handle empty AAD

Browse Source 
* allow passing "no additional data" to ocb3_decrypt_verify_memory() and
  ocb3_encrypt_authenticate_memory()
* ensure that the caller didn't want to add AAD
This commit is contained in:
Steffen Jaeckel 2017-08-01 14:44:37 +02:00
parent 4805c89adb
commit b2448c593a
4 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/encauth/ocb3/ocb3_add_aad.c
View File

@ -29,9 +29,10 @@ int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen
unsigned long datalen, l;
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(aad != NULL);
if (aad == NULL) LTC_ARGCHK(aadlen == 0);
if (aadlen == 0) LTC_ARGCHK(aad == NULL);
if (aadlen == 0) return CRYPT_OK;
if (aad == NULL || aadlen == 0) return CRYPT_OK;
if (ocb->adata_buffer_bytes > 0) {
l = ocb->block_len - ocb->adata_buffer_bytes;

6
src/encauth/ocb3/ocb3_decrypt_verify_memory.c
View File

@ -73,8 +73,10 @@ int ocb3_decrypt_verify_memory(int cipher,
goto LBL_ERR;
}
if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
goto LBL_ERR;
if (adata != NULL || adatalen != 0) {
if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
goto LBL_ERR;
}
}
if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) {

6
src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c
View File

@ -59,8 +59,10 @@ int ocb3_encrypt_authenticate_memory(int cipher,
goto LBL_ERR;
}
if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
goto LBL_ERR;
if (adata != NULL || adatalen != 0) {
if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
goto LBL_ERR;
}
}
if ((err = ocb3_encrypt_last(ocb, pt, ptlen, ct)) != CRYPT_OK) {

13
src/encauth/ocb3/ocb3_test.c
View File

@ -180,7 +180,7 @@ int ocb3_test(void)
if ((err = ocb3_encrypt_authenticate_memory(idx,
key, sizeof(key),
nonce, sizeof(nonce),
tests[x].aad, tests[x].aadlen,
tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
tests[x].pt, tests[x].ptlen,
outct, outtag, &len)) != CRYPT_OK) {
return err;
@ -194,9 +194,9 @@ int ocb3_test(void)
if ((err = ocb3_decrypt_verify_memory(idx,
key, sizeof(key),
nonce, sizeof(nonce),
tests[x].aad, tests[x].aadlen,
tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
outct, tests[x].ptlen,
outct, tests[x].tag, len, &res)) != CRYPT_OK) {
outct, tests[x].tag, len, &res)) != CRYPT_OK) {
return err;
}
if ((res != 1) || compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB3", x)) {
@ -212,13 +212,6 @@ int ocb3_test(void)
#endif /* LTC_OCB3_MODE */
/* some comments
-- it's hard to seek
-- hard to stream [you can't emit ciphertext until full block]
-- The setup is somewhat complicated...
*/
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */