ocb3: properly handle empty AAD

* allow passing "no additional data" to ocb3_decrypt_verify_memory() and
  ocb3_encrypt_authenticate_memory()
* ensure that the caller didn't want to add AAD
This commit is contained in:
Steffen Jaeckel 2017-08-01 14:44:37 +02:00
parent 4805c89adb
commit b2448c593a
4 changed files with 14 additions and 16 deletions

View File

@ -29,9 +29,10 @@ int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen
unsigned long datalen, l;
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(aad != NULL);
if (aad == NULL) LTC_ARGCHK(aadlen == 0);
if (aadlen == 0) LTC_ARGCHK(aad == NULL);
if (aadlen == 0) return CRYPT_OK;
if (aad == NULL || aadlen == 0) return CRYPT_OK;
if (ocb->adata_buffer_bytes > 0) {
l = ocb->block_len - ocb->adata_buffer_bytes;

View File

@ -73,9 +73,11 @@ int ocb3_decrypt_verify_memory(int cipher,
goto LBL_ERR;
}
if (adata != NULL || adatalen != 0) {
if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
goto LBL_ERR;
}
}
if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) {
goto LBL_ERR;

View File

@ -59,9 +59,11 @@ int ocb3_encrypt_authenticate_memory(int cipher,
goto LBL_ERR;
}
if (adata != NULL || adatalen != 0) {
if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
goto LBL_ERR;
}
}
if ((err = ocb3_encrypt_last(ocb, pt, ptlen, ct)) != CRYPT_OK) {
goto LBL_ERR;

View File

@ -180,7 +180,7 @@ int ocb3_test(void)
if ((err = ocb3_encrypt_authenticate_memory(idx,
key, sizeof(key),
nonce, sizeof(nonce),
tests[x].aad, tests[x].aadlen,
tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
tests[x].pt, tests[x].ptlen,
outct, outtag, &len)) != CRYPT_OK) {
return err;
@ -194,7 +194,7 @@ int ocb3_test(void)
if ((err = ocb3_decrypt_verify_memory(idx,
key, sizeof(key),
nonce, sizeof(nonce),
tests[x].aad, tests[x].aadlen,
tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
outct, tests[x].ptlen,
outct, tests[x].tag, len, &res)) != CRYPT_OK) {
return err;
@ -212,13 +212,6 @@ int ocb3_test(void)
#endif /* LTC_OCB3_MODE */
/* some comments
-- it's hard to seek
-- hard to stream [you can't emit ciphertext until full block]
-- The setup is somewhat complicated...
*/
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */