diff --git a/.travis.yml b/.travis.yml index 6d35d6b2c..2334b6255 100644 --- a/.travis.yml +++ b/.travis.yml @@ -125,6 +125,7 @@ env: after_failure: - cat test_std.txt - cat test_err.txt + - cat tv.txt after_script: - cat gcc_1.txt diff --git a/build.sh b/build.sh index a86b0c59e..62d09c5d8 100755 --- a/build.sh +++ b/build.sh @@ -26,7 +26,7 @@ fi echo -n "testing..." if [ -a test ] && [ -f test ] && [ -x test ]; then - ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt" && exit 1) + ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt or tv.txt" && exit 1) if find *_tv.txt -type f 1>/dev/null 2>/dev/null ; then for f in *_tv.txt; do # check for lines starting with '<' ($f might be a subset of notes/$f) diff --git a/demos/tv_gen.c b/demos/tv_gen.c index 196c75664..9d07eba16 100644 --- a/demos/tv_gen.c +++ b/demos/tv_gen.c @@ -435,12 +435,12 @@ void ocb3_gen(void) kl = cipher_descriptor[x].block_length; /* skip ciphers which do not have 64 or 128 bit block sizes */ - if (kl != 8 && kl != 16) continue; + if (kl != 16) continue; if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) { kl = cipher_descriptor[x].max_key_length; } - fprintf(out, "OCB-%s (%d byte key)\n", cipher_descriptor[x].name, kl); + fprintf(out, "OCB3-%s (%d byte key)\n", cipher_descriptor[x].name, kl); /* the key */ for (z = 0; z < kl; z++) { @@ -459,7 +459,7 @@ void ocb3_gen(void) } len = 16; if ((err = ocb3_encrypt_authenticate_memory(x, key, kl, nonce, noncelen, (unsigned char*)"AAD", 3, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) { - printf("Error OCB'ing: %s\n", error_to_string(err)); + printf("Error OCB3'ing: %s\n", error_to_string(err)); exit(EXIT_FAILURE); } fprintf(out, "%3d: ", y1); diff --git a/notes/ocb3_tv.txt b/notes/ocb3_tv.txt index 64df75fb4..8a867e2ce 100644 --- a/notes/ocb3_tv.txt +++ b/notes/ocb3_tv.txt @@ -2,7 +2,7 @@ OCB3 Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. T are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous step repeated sufficiently. The nonce is fixed throughout. AAD is fixed to 3 bytes (ASCII) 'AAD'. -OCB-aes (16 byte key) +OCB3-aes (16 byte key) 0: , B314B579B54365D9094A8A7544FECFA7 1: F9, 3E49FF310B88634BACA91D55DFBAA185 2: 04B6, E13FBD06086CAEF7AD042C93D7BB6FB0 @@ -37,64 +37,7 @@ OCB-aes (16 byte key) 31: F2CF0958F00F11E8564CFFD9AEC71451344E2A35DE7D82D1AAC14649BCD34C, 04E97E02B50CFCC86EC0B9A958057F66 32: 914755B90B12CF5720CC0176AED145ADEC862E51B237AFE862477CF91D729768, EEDA6BE8E7875AA7E1E3393DE81FBAF7 -OCB-blowfish (8 byte key) - 0: , 6C3BBA12B543C3BE - 1: D6, D72F643440F08AC1 - 2: 8208, B7FD2E2D5FF4B273 - 3: BB2B8F, E6B6A023460F07B0 - 4: F2BC4A6C, 7B9D26784038A593 - 5: AAFDBD8EC2, 24E6F671E7A0D394 - 6: 929326B18E7F, 5C6CEAEF7B63DA71 - 7: 085C9A0013CB23, 2C0BA203FC706398 - 8: BA45E34414383ABD, E367DDFF2B9E7B51 - 9: 1287AE007E03F4B6B6, 6EDF52831D00F616 - 10: 2871B39ACFE7E8D7C326, 9ED4DB2D5ADBC902 - 11: 46DF7AAFBE096C26536BCC, 497B8F7930B03150 - 12: 7F794AD0A6673F9DD9BA09FB, 4B6817508EF74773 - 13: 138D1877D61021E526EFBB9F9C, 0E18238F3112C0F6 - 14: FFFF1DDC353F4C0F832C73D4C4F4, DCFCECFEE8B0BDE8 - 15: 5B8F209B6FBCCF323773CDE26B1ECD, BE11C1DA023F30F7 - 16: C3C1438B50A1124556164A38D12FEC6C, 532740AF7CB776B0 - -OCB-xtea (16 byte key) - 0: , D00F0AAB89FD2268 - 1: F4, 5EC48A975A5284D0 - 2: EA67, 4D7DDB44F00B1914 - 3: 19E6F3, 5DC77905DE7BCA27 - 4: 164F891A, E41BFD4F3D256B72 - 5: DD08DE502D, BB92537DED07B1D5 - 6: B176A93723F9, D6B5BBE9BD9DCC2F - 7: 9F0CBA46793F6B, 3936294EF1745B93 - 8: 04CC55A49B65D296, 4BAD576455149F19 - 9: 7D6FCB8FF28FFE7DF7, 40FEBD5048374447 - 10: E5B23D64643BE920B5DD, 7E980F9F6A1C1E24 - 11: 07D48D6A863286C485C169, 14FBE819A4E05066 - 12: 4DF565F388F75E453554CB98, BB63ABAE98B89A0D - 13: 3B839BF161A9A873C67D864412, FFBBE368571140CE - 14: 35D0E47C7B52F63D9CD52B5EF7C1, FBBE7080BE16A358 - 15: F657C137AD01E24A2E09EAE9669060, C61609D640AED997 - 16: 06BF9F739218FAF8469393E4A880401B, F1A833E2FF0F59D1 - -OCB-rc5 (8 byte key) - 0: , C8A6E737A8E6C157 - 1: D5, F9FC436713D8C578 - 2: A52B, 620A27B44F9DB42E - 3: AA4253, AC7574A061DBAC3E - 4: 3E9241AE, F5011F6F49F35AB7 - 5: FB39924246, C53004198FD2C046 - 6: 847A3249B1E8, 92B4300BE557D04F - 7: F8BC0AEC7A0DDC, 27CCDB48F5AC84AA - 8: 5A7A91DFBE572B10, 67D4775F5AA660F8 - 9: 475F7E67910AB33762, 2193ECC897A7E0A8 - 10: 8F7254CB03D427D123F3, 2814085372D28E3B - 11: 0669B3DF133675FDF0E6C4, BD2282F47C5AB17A - 12: D3041D4F0C79FBFE6155DAAD, 01228ED90A077F1E - 13: 2A46C3FEEDBF49B14520FB1786, AB61B06971BE04FE - 14: C3E5F4749B28E6C70263B9A49411, A0D06FCEC6F8C051 - 15: 5A307C6E510C7B7F0838B9FD3B3CC8, A7F7A41558848158 - 16: C2E2DD4DEF101AA2EF8696B9FDD24B03, 614D0606D5BC577E - -OCB-rc6 (16 byte key) +OCB3-rc6 (16 byte key) 0: , E55863F7B850CEA28023BA8E2AB1F4FD 1: E5, C1F5CEA421F84AECACF622BCE507BD21 2: 6443, FB3B7992E057AA4A0E31E8718093740B @@ -129,7 +72,7 @@ OCB-rc6 (16 byte key) 31: 80F7CA76B988519731D76C4D60DA0E5C77BEC17368C9B237AE60A910312334, 962C1F0C4E7C8137863A48E6E5BFA44B 32: 1B43CDD2D0E13ECAE95F2DE4782760679CDCCE5E74A3C3E6614BAD86DFE073EE, B5A6A14CA26E60AAC3B5C9DB0723ACE5 -OCB-safer+ (16 byte key) +OCB3-safer+ (16 byte key) 0: , 8F56A79150DEFC6B2CBB3FB6E359FBD2 1: C9, 8E316BB1D0C29B6D7A5A87099B85B72A 2: 2060, BC6DEBA562045204F685BD4AD1095614 @@ -164,7 +107,7 @@ OCB-safer+ (16 byte key) 31: 017E3A54463EDC279879A07FD7BFF1225CEE307BD8741B6013FE4C9A454EB8, 10449A44C1F90C64CCCA5D808AC705A5 32: DB9C895FF4A59D407344B8254FCD416F0D5EDB2ECB639CF226DEAA76370FB79D, CFE8C49CF0E323F694FAB1805A85DC93 -OCB-twofish (16 byte key) +OCB3-twofish (16 byte key) 0: , 924B3293251DA82CC6843F4616DAA68D 1: 01, 4B07AF17FF5D6C2477E90B7843F19D1B 2: 5CFF, 75BF06BF38FA2BEC8A3A546B9E29741E @@ -199,159 +142,7 @@ OCB-twofish (16 byte key) 31: 8726247FAEB21D7F8927DC3E90267ECD744A8452C64B9EBE08D1A590BFA1F9, 8D75DAEC7E4438E7C701A392346EBBF6 32: 0DC0EE528456FEC203AFB12A55A4D3A901B9408958E5387EB42E75730D98B6A6, D7D682F57C1E1671BE459EE33BEA6B26 -OCB-safer-k64 (8 byte key) - 0: , 60AE63AE99A88F09 - 1: 44, 0B3706AE0C2E2E1B - 2: FFC9, 2DE3EFEA9DA4E0B1 - 3: 9EDB9C, 3C6B708DDFAE78BD - 4: 4F411B9D, 7B5C8D7355207D99 - 5: 137EFBA977, 8F5A27A51F6360E4 - 6: 518F478CF00F, 5D9D0B18CF5A3441 - 7: 8ABF02E8C3B6E3, 2A9F38EC4EEE4B66 - 8: B46D658ED0580427, 154E306DA82C5B04 - 9: 97C857F1454868744F, 235006CFBF3746DC - 10: 75D9C1CED5E4A9D74B83, AD470CD821D5A3BB - 11: 8BD62F6A7984C86BBC5BC1, 44BFE38FC9B0E173 - 12: 3A7C8ECD7732D6546CCBC28F, 5ED6C3E7AFB1F896 - 13: 52C030D775D19B605CDFA5ADE4, 010FFFDAFF4868BF - 14: 6740280BFAD4A8844626BCCE6FB2, 80A60FD0D0A15DA7 - 15: F5B6DD3ED6612F59B8A073E3EC5033, 36F2EC985AB2C969 - 16: 02581A19286680A999FB9830DCB77BEC, 3015B26725FB9D53 - -OCB-safer-sk64 (8 byte key) - 0: , 2B5F164039EC1FF2 - 1: BD, 3072BD9737BB4DEC - 2: 71F3, C358816473A2C3F0 - 3: F370EA, 83F377FF988F1B51 - 4: 98565D32, FCA53CD3A9DABBCD - 5: EAB324F774, 421AF23FCAD01DCE - 6: C5B0814A9FEB, 9313C6B3088C3924 - 7: B2BE28DB8A7CE4, 4D01C1E7AA97B299 - 8: E410D82D4064AED0, 9BE40E1610857C31 - 9: 020B907AF549B78C87, 041F712E41020281 - 10: 340281F8C266EA8C7A32, 6ABE5616D2FA74EC - 11: BDC98894B81C6D27E1B68A, 0C04AC90EA1A9CA5 - 12: 8499598100F79CCB99658CC9, 80BF184C2A145C77 - 13: 225E9058E1E04C0094A7930951, DFF29FC9970FBE6E - 14: 2921DB3AA293E8EBCD1624227B63, 66C946BB38353006 - 15: 666A373BB8D5E705B7C6FB57366FFA, 9107520B8B727240 - 16: 99A7DEA8DB637CD1C92C814D3C1A64A2, 88086A2AB997BBDD - -OCB-safer-k128 (16 byte key) - 0: , 40A7E9B40AAC05E1 - 1: B1, C22564913F5A2BAD - 2: 95A1, FFA940A16367A92B - 3: 9B2C72, 13AA7AC4A229C17F - 4: 1F986AFF, 38FA204AD590363C - 5: 6D8575E1E4, 29C7A65AC4CB96E1 - 6: B66053304FBA, 90FDB74422EF97D2 - 7: 3AF64A001B7F6C, 00BE93CEA7F27105 - 8: 838E09F49FA3AC15, 74621705326B0B30 - 9: BAB2B85FAC5DC83489, 8AB828D9D6C23621 - 10: 3AEF47ED7CCDE4D085D6, 1DAE20BED85FC6EB - 11: 16B8926C2F2B591C16671E, 9059D39D4896E541 - 12: B7F7F74BC766AEC2C927E8D9, DD8CD0D361E458B1 - 13: DFC4F2CCCECE6C37BCDDDAB3E8, F43757F2561806A2 - 14: 981C89C0D2BC84D757733661FEBE, 2E6739D64A66F8A4 - 15: 71CAE38513289770E2144C85F86ECC, 7E6B772ACADBB5E5 - 16: C762E3C8CA8934312AD0FFA260AA21F3, 147F6D215719D80B - -OCB-safer-sk128 (16 byte key) - 0: , DBC0A566E43D78EB - 1: 7B, 0A5B7E6504D09E0D - 2: 93C6, F0965D809512F60C - 3: 371A02, 26C1101DFBD5B5B5 - 4: 9289CC21, 1DD5B6E7B434D085 - 5: 462F4E430E, 359A72726D607F77 - 6: 754822D87238, D2C3C36B578EDD54 - 7: ECD5B066CA1099, 43501B21F2F3B81A - 8: 0B5E88DFE1EA77AE, 02AB5CE6F21ACD13 - 9: 37B1F29B385FBC7719, C5C3276464EE75F2 - 10: 3DFDF3F96F069D16D073, 1B3815F5E66D9B16 - 11: D71B6574B09AF3E2892702, F23983243BA05358 - 12: 3FDF716461B02B1A800FBDAC, 76DC47B577DB0428 - 13: 2A401964D55907EC06AA5A865F, 48D2A85A1394C9D7 - 14: B92B44D7D203675484CBA922C7A5, 03CEC9B3F03FF6F6 - 15: CBE7F6D81C4FF6E0E7DDCFE4DC9865, 7DFE226E27765F3D - 16: 54D4EC026089660D0A5DCBA3C6096F27, 07E13D50E610167E - -OCB-rc2 (8 byte key) - 0: , 64AF97108168F222 - 1: 7A, 8D76828ABA00E9F2 - 2: 92B4, 46173CDD4000CF80 - 3: BDA76B, 418CBA55192C3C14 - 4: 39770C9B, ADDB0A3DE174E8BF - 5: 7DA3100250, 55CF46A530E296CC - 6: 1B685D542DAC, 414D5D3AA58B2D9F - 7: 6A1172A01FAE68, 707C8FFDC3A28162 - 8: 3643C5C11A14FA6C, 4340696B5CE9A559 - 9: DBABB16A1D908AB735, 7307611EC44A8CE2 - 10: DA209E874A3D0962826D, AA3119B1745C547A - 11: 2F4543B7EF467676601565, 3153CD137ECC8642 - 12: F7F776D30C833802C3B03EE9, B35BCE4DE7356F87 - 13: A19B3618727C8AD0071AA068BF, 137CAB9A02D34F23 - 14: B6B06B70CF74EE900BC8237D6C88, 8393EC248840E83E - 15: FF7316B644450C96A7FA19912282AE, 08231DF3DCAFB00A - 16: 018FBDF023323BBA7BECF9BCEC49C645, 3CBFF9B5F03F97F7 - -OCB-des (8 byte key) - 0: , ED4327DD4269EFF8 - 1: 9E, CF026B3E06459E45 - 2: 6695, EC7373BD53E08021 - 3: 2B162F, 2009ECBCCED951CC - 4: 6D2383BA, AB01479F7CA86837 - 5: EF7AF7B925, 6C499BB9C50F2867 - 6: 9A209AEEF740, ECD38B6E578E5BB6 - 7: 64A6847FBAB815, 04CCA3BD0B5A0E86 - 8: EF6E5AB10AFF4637, 6BA435083EB73B42 - 9: 9DF882164AC1093A6A, 6F675349AD4A5F0A - 10: 2A387714DF49F0B198CE, BF11D193B33332CF - 11: A22B9ACF695E509D7DACE0, 30AD5F8E9BEBAECD - 12: 6FE138F1AD18AD82566FA62D, DDE29234BADCB116 - 13: 5E999D45A65F1E7B8D6E23928A, B42126323E230103 - 14: 450ADBB95F5D30C4ED07EF5D61C6, C9AEF234D2A62D84 - 15: DA6EA48D2FD0CD148AF3C820B35D8F, 17EE5C13C4EF2230 - 16: 929440B304802E9963E645962D03311E, 3F70A65858B4CFFD - -OCB-3des (24 byte key) - 0: , AADB051E60C3120E - 1: 01, 20A7FE8C75FB9E6B - 2: 1F2C, C1E73FE3B49807B3 - 3: 18BA50, DD5049D65C6E3E41 - 4: 831F26C5, 29A93FC7BB7028E4 - 5: 0F2687749A, 5A17CDD57275D990 - 6: E859252FE864, B546B6CE8058E9C4 - 7: 45664737F4B25F, 9114205390E66F64 - 8: D05C5A3578EFCAAC, 7633784CDB458899 - 9: E4C51E2E306B4304DD, B13F8620AFB606B4 - 10: 69A5B1ED52EE639927BE, 01DF9CA135E1F0F8 - 11: 470473A317D7F261425751, 201A0B1E678D47F9 - 12: 835834F8FC21B8CB27D2E0B1, A48CD87F705E1816 - 13: 8CC41824101B5F330CE1109AE5, E68F62A44E2E15C8 - 14: 9EDE893B691E3E5A0322B8DABC7E, FB5997E400EEABDC - 15: 7E71195F9CD039D025A8A4F90E718F, 2B68E17F3B544A09 - 16: 1D217BA1D0F2FA051258E65E4FC7D60B, 089A17777546EA21 - -OCB-cast5 (8 byte key) - 0: , 77D9102CCB59F03F - 1: 65, DFB130E2B4B8CDCD - 2: 752F, 3C025A7E3B0C0677 - 3: A32F20, 9877D937F0078B1D - 4: 2721E6C8, 0F40ED1C23EFC71C - 5: 95C4269DCF, D2E25B933FE78F63 - 6: 8CB240723A3A, A6704E1218CA3CB6 - 7: CD2CA6456A5416, 99EA298978513F00 - 8: 95094FD229EB9EFB, 055771E04E1FE0B1 - 9: 052F37165BB7B31071, 00DA99C81DF5A15A - 10: 31B4551AD67991DAB505, B61C6F06889500A9 - 11: 1F9E4C34E96D8BCCD9AF55, 9D7A3D3C78D456A0 - 12: 856E2E4CD20DD9BE45E0CDED, 6FF332546BF351D8 - 13: 65C3B9E6ABEA205C75A43F2D18, B877EBC583A65589 - 14: E41F26A7F537A32B15DC6115E973, 4CF3710865E33BA6 - 15: 0AD880644E5BC87CB4D702F0074085, 60567AFD8C6D52BB - 16: 03C0CB1D2854BC9F286422E8BBFE4A36, EB10E5429866623E - -OCB-noekeon (16 byte key) +OCB3-noekeon (16 byte key) 0: , B23A40302652E204B694EA78AF5A8FCC 1: B1, 5245C8680A6F4520168B173A39661249 2: CE8C, 05763A489DF8B88DF01862007B2D6655 @@ -386,26 +177,7 @@ OCB-noekeon (16 byte key) 31: 17C5B1127E3D08737590EFB2FEB17562E7FDB4B21A768595ADDD9697CF9B46, 6F4BC0A033BE040350FF4958866BDEA0 32: 4667525E9B39821CF08E6C7A7E37A5020CE23F81DEF05932113E9A6B5B3F9BCF, 5C0350C6F7299192947EB22ED415B05C -OCB-skipjack (10 byte key) - 0: , 463C1E4DD1A03085 - 1: 44, 754EDDA8D5F6395F - 2: A91F, 19D6B04F49F65FF0 - 3: 8572D7, A97380A827EE921A - 4: 8B6A518C, 28F53D973490974E - 5: AE64F0C5AD, 3A01F1B733C27295 - 6: F9075088FDBC, 25B88A75E41E1181 - 7: 454FA7B9ADBD08, 27EAC47AECF83243 - 8: 658A1888D9405313, BDC5DA72A5B4A18E - 9: 5BBAC180FAA537AF97, 5BEE47690DB770C2 - 10: D5A1526B948F67F282ED, A5CC6F9F770B9B64 - 11: 6A51609E928064B6CC9B63, 9BFD9968FAD94974 - 12: B3C69893E260B791A9C3A843, 78685FFD8835AF00 - 13: CAA5800B6B5C50949F4EB8519B, 39AD309E4BFB47B0 - 14: 2B12D18B98AA3B3084837E2AF840, 920361326313A489 - 15: 0D2F21E3B3DB3D2B31B880459DDF22, 86307ADEB332A89C - 16: CD489F4272596715EC86B770D89BAA7D, 2006F5269A5D1C58 - -OCB-anubis (16 byte key) +OCB3-anubis (16 byte key) 0: , BAF3C352341E4E8F5E1FE11C9CB3E151 1: 1E, 01BAEEA2431B9106129937F135D46215 2: B586, AC89B511AC5F80B2E6F9E6BC96DDCE15 @@ -440,26 +212,7 @@ OCB-anubis (16 byte key) 31: 55AFBFA3A57B960AC0F8B3DAE6EA60165FF7D5A77731B05BCB7E8C647487AA, E25444D551A823650757DAAD8ED6B588 32: 5553F81F123EC0697C26B00BF20BE287C0A1E9C4035C8EB3036F6D58C8A3B83B, B7349CE03F264F816305A6D46C274980 -OCB-khazad (16 byte key) - 0: , 5C7E2DC1EDC4A2C3 - 1: A0, 261565EAA758EDE4 - 2: D9A3, DB69625E0A482236 - 3: 24FF77, EEDE8B25C54FD6FC - 4: E50379C7, 593CA74DED369316 - 5: B97E794387, C3B94E37EC8CC73D - 6: 97D5EA990145, 8A4E4D0EF6BD0D11 - 7: C99C82C3DE57A8, 05CFE7406F2CE99F - 8: 234CD0F6D7130A26, DDE441C5490AEB12 - 9: 92D4A7184BA6675978, E1581CE1444BE08E - 10: 8081C79F87CD727AD54F, 9A9A96082EC690FD - 11: E9D3A5084F343F1918B4A3, EFD4542587D3C5DC - 12: 03883C6376ECDF6920A13B10, F516CF01CD535DB6 - 13: 6F0561BDD4344CBD5FC4A97848, 20C8C8F2CFACB2FD - 14: 84471FFB6BBB222902E8AB2C352B, D119D45DBD7B7D22 - 15: AEBC54E4987FA01FA7EE237514D703, 7021FAEFC48DA692 - 16: E907A9DC08A3152106399AA178A2B445, E756B6BBE721A3CC - -OCB-seed (16 byte key) +OCB3-seed (16 byte key) 0: , A7D37A371F0B3596ACF3856B5D18B45E 1: 49, 3C671A1AFA5B253DD8FF67FFED9C33E4 2: B986, 2A069C4C6FF67FA6880D6EDA8490A3C6 @@ -494,45 +247,7 @@ OCB-seed (16 byte key) 31: 9DB58E1FEF922A4A1F99602710ABCA029E8A10383465C62967EB0A466F11AD, 08D4FF277C8DA53A2598201B255B7FD7 32: 1BD03BAB70BE842FDB12E49DEB04AE477335B0B3930E75A27C37EBB1594099E7, 3A6DEAE1C289763C4405DE86544DF401 -OCB-kasumi (16 byte key) - 0: , 85F676BFBCB7B036 - 1: 2D, BD6D4E9C82E5CA26 - 2: 724C, 2AA67DB029E78720 - 3: E762C3, 3217E72AF565E98F - 4: 5A14AF1F, 6DE5CCF42AE4372D - 5: 3FE0C9B5BC, 5E8CCCB96F1971A5 - 6: 647D9AE7286B, 1C53A14119C1A650 - 7: B1A5078D8E09BC, C2F46899E85A43EB - 8: 4AAEF1B9316A1D2A, 4ADBC39C6CD59480 - 9: 97C4036A9EDB69F305, 7AF592CAB645C899 - 10: 2F2EBFA927812C6F6FF9, AE0DEC9D2D8E5BB4 - 11: B98061CC8801BE7A640651, 2CC2F1BBF418C4BF - 12: 9EE7742DBA13B66994FC5C53, BE6A9A6EDD45914C - 13: D1DBCFEEE8F2F5E94F74774CCE, 6D9377693CD38F8A - 14: 7D8C7B966FDAB2C4027220C77CAD, 8AF85A125D36D09C - 15: B254AE0DFA35531477D50906C695DC, 4FE0519983397BB0 - 16: 223FB914E44BE1755D94F963BF701F90, 0C8D07BAA2D66E4E - -OCB-multi2 (40 byte key) - 0: , EA28ABA0D6F4E490 - 1: F7, 951E5C33632C1B2E - 2: FD2B, 1C5912FD3190C3B1 - 3: 6AD41D, 38D5D04491483BE4 - 4: 611E46CD, 2B4C4AA96B9D4DE8 - 5: E2E52662AE, 24BC447CFACF4EA5 - 6: D3BEA1AD5905, AE39AC799F3BFAE5 - 7: 67FF55F2B4C49D, 426ECF9B4FAEB310 - 8: D823598A47C17669, 662829935E1DC1B2 - 9: CC194A8DF3491A595B, 559D45F5E4029FCF - 10: B51207427B00FCEBCA20, 806928EDDDCAAF67 - 11: 95AD2F304AA91A0521BCF8, 0DD36DC4BFECE04B - 12: 13999C2A8C566FE58AFFC34E, 7D2943749BC160F3 - 13: FEF35288E697EC0B96ED7351EE, 5999E5EAD14F635D - 14: 02DFF262D43C7796030F68DBDDE4, D6EEC27981EA7FD2 - 15: D70DF509F5A6ED361C96F7B59C5F0A, 4B3F0ECE9E727DF4 - 16: 966600DC680F216DB2591654161C51F2, 2F9985210161A9FE - -OCB-camellia (16 byte key) +OCB3-camellia (16 byte key) 0: , DFF7EA9ECD4E2AD37B9838E85F9D36EB 1: 1B, D5D37222F530EA2C282A4D8BC55A08EA 2: B73C, 5163F4BD7CBC03DA1B31C7C1105B5511 diff --git a/src/encauth/ocb3/ocb3_done.c b/src/encauth/ocb3/ocb3_done.c index b6a63367b..b913d3a43 100644 --- a/src/encauth/ocb3/ocb3_done.c +++ b/src/encauth/ocb3/ocb3_done.c @@ -34,6 +34,12 @@ int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen) goto LBL_ERR; } + /* check taglen */ + if ((int)*taglen < ocb->tag_len) { + *taglen = (unsigned long)ocb->tag_len; + return CRYPT_BUFFER_OVERFLOW; + } + /* finalize AAD processing */ if (ocb->adata_buffer_bytes>0) { @@ -64,13 +70,9 @@ int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen) /* tag = tag ^ HASH(K, A) */ ocb3_int_xor_blocks(tmp, ocb->tag_part, ocb->aSum_current, ocb->block_len); - /* fix taglen if needed */ - if ((int)*taglen > ocb->block_len) { - *taglen = (unsigned long)ocb->block_len; - } - /* copy tag bytes */ - for(x=0; x<(int)*taglen; x++) tag[x] = tmp[x]; + for(x = 0; x < ocb->tag_len; x++) tag[x] = tmp[x]; + *taglen = (unsigned long)ocb->tag_len; err = CRYPT_OK; diff --git a/src/encauth/ocb3/ocb3_init.c b/src/encauth/ocb3/ocb3_init.c index 573fe152a..8e0e914db 100644 --- a/src/encauth/ocb3/ocb3_init.c +++ b/src/encauth/ocb3/ocb3_init.c @@ -114,10 +114,16 @@ int ocb3_init(ocb3_state *ocb, int cipher, return CRYPT_INVALID_ARG; } - /* Make sure taglen isn't too long */ - if (taglen > (unsigned long)cipher_descriptor[cipher].block_length) { - taglen = cipher_descriptor[cipher].block_length; + /* The blockcipher must have a 128-bit blocksize */ + if (cipher_descriptor[cipher].block_length != 16) { + return CRYPT_INVALID_ARG; + } + + /* The TAGLEN may be any value up to 128 (bits) */ + if (taglen > 16) { + return CRYPT_INVALID_ARG; } + ocb->tag_len = taglen; /* determine which polys to use */ ocb->block_len = cipher_descriptor[cipher].block_length; diff --git a/src/encauth/ocb3/ocb3_test.c b/src/encauth/ocb3/ocb3_test.c index 10d541944..bd3014400 100644 --- a/src/encauth/ocb3/ocb3_test.c +++ b/src/encauth/ocb3/ocb3_test.c @@ -205,6 +205,7 @@ int ocb3_test(void) int err, x, idx, res; unsigned long len; unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE]; + ocb3_state ocb; /* AES can be under rijndael or aes... try to find it */ if ((idx = find_cipher("aes")) == -1) { @@ -214,7 +215,7 @@ int ocb3_test(void) } for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { - len = sizeof(outtag); + len = 16; /* must be the same as the required taglen */ if ((err = ocb3_encrypt_authenticate_memory(idx, key, sizeof(key), nonce, sizeof(nonce), @@ -244,6 +245,8 @@ int ocb3_test(void) return CRYPT_FAIL_TESTVECTOR; } } + + /* RFC 7253 - test vector with a tag length of 96 bits - part 1 */ x = 99; len = 12; if ((err = ocb3_encrypt_authenticate_memory(idx, @@ -274,6 +277,26 @@ int ocb3_test(void) #endif return CRYPT_FAIL_TESTVECTOR; } + + /* RFC 7253 - test vector with a tag length of 96 bits - part 2 */ + x = 100; + if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK) return err; + if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK) return err; + if ((err = ocb3_encrypt(&ocb, P, 32, outct)) != CRYPT_OK) return err; + if ((err = ocb3_encrypt_last(&ocb, P+32, sizeof(P)-32, outct+32)) != CRYPT_OK) return err; + len = sizeof(outtag); /* intentionally more than 12 */ + if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK) return err; + if (compare_testvector(outct, sizeof(P), C, sizeof(C), "OCB3 CT", x)) return CRYPT_FAIL_TESTVECTOR; + if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.enc", x)) return CRYPT_FAIL_TESTVECTOR; + if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK) return err; + if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK) return err; + if ((err = ocb3_decrypt(&ocb, C, 32, outct)) != CRYPT_OK) return err; + if ((err = ocb3_decrypt_last(&ocb, C+32, sizeof(C)-32, outct+32)) != CRYPT_OK) return err; + len = sizeof(outtag); /* intentionally more than 12 */ + if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK) return err; + if (compare_testvector(outct, sizeof(C), P, sizeof(P), "OCB3 PT", x)) return CRYPT_FAIL_TESTVECTOR; + if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.dec", x)) return CRYPT_FAIL_TESTVECTOR; + return CRYPT_OK; #endif /* LTC_TEST */ } diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h index 2a2a011a4..3fe431fae 100644 --- a/src/headers/tomcrypt_mac.h +++ b/src/headers/tomcrypt_mac.h @@ -266,6 +266,7 @@ typedef struct { symmetric_key key; /* scheduled key for cipher */ unsigned long block_index; /* index # for current data block */ int cipher, /* cipher idx */ + tag_len, /* length of tag */ block_len; /* length of block */ } ocb3_state;