parent
1aaa5abb33
commit
d77cf0e248
@ -420,7 +420,7 @@ void ocb_gen(void)
|
||||
void ocb3_gen(void)
|
||||
{
|
||||
#ifdef LTC_OCB3_MODE
|
||||
int err, kl, x, y1, z;
|
||||
int err, kl, x, y1, z, noncelen;
|
||||
FILE *out;
|
||||
unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2],
|
||||
plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
|
||||
@ -448,7 +448,8 @@ void ocb3_gen(void)
|
||||
}
|
||||
|
||||
/* fixed nonce */
|
||||
for (z = 0; z < cipher_descriptor[x].block_length; z++) {
|
||||
noncelen = MIN(15, cipher_descriptor[x].block_length);
|
||||
for (z = 0; z < noncelen; z++) {
|
||||
nonce[z] = z;
|
||||
}
|
||||
|
||||
@ -456,8 +457,8 @@ void ocb3_gen(void)
|
||||
for (z = 0; z < y1; z++) {
|
||||
plaintext[z] = (unsigned char)(z & 255);
|
||||
}
|
||||
len = sizeof(tag);
|
||||
if ((err = ocb3_encrypt_authenticate_memory(x, key, kl, nonce, cipher_descriptor[x].block_length, (unsigned char*)"AAD", 3, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
|
||||
len = 16;
|
||||
if ((err = ocb3_encrypt_authenticate_memory(x, key, kl, nonce, noncelen, (unsigned char*)"AAD", 3, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
|
||||
printf("Error OCB'ing: %s\n", error_to_string(err));
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
1038
notes/ocb3_tv.txt
1038
notes/ocb3_tv.txt
File diff suppressed because it is too large
Load Diff
@ -69,7 +69,7 @@ int ocb3_decrypt_verify_memory(int cipher,
|
||||
return CRYPT_MEM;
|
||||
}
|
||||
|
||||
if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen)) != CRYPT_OK) {
|
||||
if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, taglen)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,7 @@ int ocb3_encrypt_authenticate_memory(int cipher,
|
||||
return CRYPT_MEM;
|
||||
}
|
||||
|
||||
if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen)) != CRYPT_OK) {
|
||||
if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, *taglen)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
}
|
||||
|
||||
|
@ -41,7 +41,8 @@ static const struct {
|
||||
*/
|
||||
int ocb3_init(ocb3_state *ocb, int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce, unsigned long noncelen)
|
||||
const unsigned char *nonce, unsigned long noncelen,
|
||||
unsigned long taglen)
|
||||
{
|
||||
int poly, x, y, m, err;
|
||||
unsigned char *previous, *current;
|
||||
@ -62,6 +63,11 @@ int ocb3_init(ocb3_state *ocb, int cipher,
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
/* Make sure taglen isn't too long */
|
||||
if (taglen > (unsigned long)cipher_descriptor[cipher].block_length) {
|
||||
taglen = cipher_descriptor[cipher].block_length;
|
||||
}
|
||||
|
||||
/* determine which polys to use */
|
||||
ocb->block_len = cipher_descriptor[cipher].block_length;
|
||||
x = (int)(sizeof(polys)/sizeof(polys[0]));
|
||||
@ -114,7 +120,7 @@ int ocb3_init(ocb3_state *ocb, int cipher,
|
||||
}
|
||||
|
||||
/* initialize ocb->Offset_current = Offset_0 */
|
||||
ocb3_int_calc_offset_zero(ocb, nonce, noncelen);
|
||||
ocb3_int_calc_offset_zero(ocb, nonce, noncelen, taglen);
|
||||
|
||||
/* initialize checksum to all zeros */
|
||||
zeromem(ocb->checksum, ocb->block_len);
|
||||
|
@ -21,7 +21,7 @@
|
||||
@param nonce The session nonce
|
||||
@param noncelen The length of the session nonce (octets)
|
||||
*/
|
||||
void ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen)
|
||||
void ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen, unsigned long taglen)
|
||||
{
|
||||
int x, y, bottom;
|
||||
int idx, shift;
|
||||
@ -35,6 +35,7 @@ void ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsi
|
||||
iNonce[x] = nonce[noncelen-y-1];
|
||||
}
|
||||
iNonce[x] = 0x01;
|
||||
iNonce[0] |= ((taglen*8) % 128) << 1;
|
||||
|
||||
/* bottom = str2num(Nonce[123..128]) */
|
||||
bottom = iNonce[ocb->block_len-1] & 0x3F;
|
||||
|
@ -27,7 +27,7 @@ int ocb3_test(void)
|
||||
/* test vectors from: http://tools.ietf.org/html/draft-krovetz-ocb-03 */
|
||||
unsigned char key[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
|
||||
unsigned char nonce[12] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B };
|
||||
static const struct {
|
||||
const struct {
|
||||
int ptlen;
|
||||
int aadlen;
|
||||
unsigned char pt[64], aad[64], ct[64], tag[16];
|
||||
@ -163,6 +163,44 @@ int ocb3_test(void)
|
||||
},
|
||||
|
||||
};
|
||||
/* As of RFC 7253 - 'Appendix A. Sample Results'
|
||||
* The next tuple shows a result with a tag length of 96 bits and a
|
||||
different key.
|
||||
|
||||
K: 0F0E0D0C0B0A09080706050403020100
|
||||
|
||||
N: BBAA9988776655443322110D
|
||||
A: 000102030405060708090A0B0C0D0E0F1011121314151617
|
||||
18191A1B1C1D1E1F2021222324252627
|
||||
P: 000102030405060708090A0B0C0D0E0F1011121314151617
|
||||
18191A1B1C1D1E1F2021222324252627
|
||||
C: 1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1
|
||||
A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FD
|
||||
AC4F02AA
|
||||
|
||||
The C has been split up in C and T (tag)
|
||||
*/
|
||||
const unsigned char K[] = { 0x0F,0x0E,0x0D,0x0C,0x0B,0x0A,0x09,0x08,
|
||||
0x07,0x06,0x05,0x04,0x03,0x02,0x01,0x00 };
|
||||
const unsigned char N[] = { 0xBB,0xAA,0x99,0x88,0x77,0x66,0x55,0x44,
|
||||
0x33,0x22,0x11,0x0D };
|
||||
const unsigned char A[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
|
||||
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
|
||||
0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
|
||||
0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
|
||||
0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 };
|
||||
const unsigned char P[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
|
||||
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
|
||||
0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
|
||||
0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
|
||||
0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 };
|
||||
const unsigned char C[] = { 0x17,0x92,0xA4,0xE3,0x1E,0x07,0x55,0xFB,
|
||||
0x03,0xE3,0x1B,0x22,0x11,0x6E,0x6C,0x2D,
|
||||
0xDF,0x9E,0xFD,0x6E,0x33,0xD5,0x36,0xF1,
|
||||
0xA0,0x12,0x4B,0x0A,0x55,0xBA,0xE8,0x84,
|
||||
0xED,0x93,0x48,0x15,0x29,0xC7,0x6B,0x6A };
|
||||
const unsigned char T[] = { 0xD0,0xC5,0x15,0xF4,0xD1,0xCD,0xD4,0xFD,
|
||||
0xAC,0x4F,0x02,0xAA };
|
||||
|
||||
int err, x, idx, res;
|
||||
unsigned long len;
|
||||
@ -206,6 +244,36 @@ int ocb3_test(void)
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
}
|
||||
x = 99;
|
||||
len = 12;
|
||||
if ((err = ocb3_encrypt_authenticate_memory(idx,
|
||||
K, sizeof(K),
|
||||
N, sizeof(N),
|
||||
A, sizeof(A),
|
||||
P, sizeof(P),
|
||||
outct, outtag, &len)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag", x) ||
|
||||
compare_testvector(outct, sizeof(P), C, sizeof(C), "OCB3 CT", x)) {
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
|
||||
if ((err = ocb3_decrypt_verify_memory(idx,
|
||||
K, sizeof(K),
|
||||
N, sizeof(N),
|
||||
A, sizeof(A),
|
||||
C, sizeof(C),
|
||||
outct, T, sizeof(T), &res)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((res != 1) || compare_testvector(outct, sizeof(C), P, sizeof(P), "OCB3", x)) {
|
||||
#ifdef LTC_TEST_DBG
|
||||
printf("\n\nOCB3: Failure-decrypt - res = %d\n", res);
|
||||
#endif
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
return CRYPT_OK;
|
||||
#endif /* LTC_TEST */
|
||||
}
|
||||
|
@ -271,7 +271,8 @@ typedef struct {
|
||||
|
||||
int ocb3_init(ocb3_state *ocb, int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce, unsigned long noncelen);
|
||||
const unsigned char *nonce, unsigned long noncelen,
|
||||
unsigned long taglen);
|
||||
|
||||
int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
|
||||
int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
|
||||
@ -302,7 +303,7 @@ int ocb3_test(void);
|
||||
#ifdef LTC_SOURCE
|
||||
/* internal helper functions */
|
||||
int ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block);
|
||||
void ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen);
|
||||
void ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen, unsigned long taglen);
|
||||
int ocb3_int_ntz(unsigned long x);
|
||||
void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
|
||||
#endif /* LTC_SOURCE */
|
||||
|
Loading…
Reference in New Issue
Block a user