diff --git a/demos/timing.c b/demos/timing.c
index 1d9bd5ca8..081ab53bd 100644
--- a/demos/timing.c
+++ b/demos/timing.c
@@ -1193,7 +1193,7 @@ static void time_macs(void)
static void time_encmacs_(unsigned long MAC_SIZE)
{
-#if defined(LTC_EAX_MODE) || defined(LTC_OCB_MODE) || defined(LTC_OCB3_MODE) || \
+#if defined(LTC_EAX_MODE) || defined(LTC_OCB3_MODE) || \
defined(LTC_CCM_MODE) || defined(LTC_GCM_MODE) || defined(LTC_SIV_MODE)
#if defined(LTC_SIV_MODE)
unsigned char *aad[4];
@@ -1235,22 +1235,6 @@ static void time_encmacs_(unsigned long MAC_SIZE)
fprintf(stderr, "EAX \t\t\t%9"PRI64"u\n", t2/(ulong64)(MAC_SIZE*1024));
#endif
-#ifdef LTC_OCB_MODE
- t2 = -1;
- for (x = 0; x < 10000; x++) {
- t_start();
- t1 = t_read();
- z = 16;
- if ((err = ocb_encrypt_authenticate_memory(cipher_idx, key, 16, IV, buf, MAC_SIZE*1024, buf, tag, &z)) != CRYPT_OK) {
- fprintf(stderr, "\nOCB error... %s\n", error_to_string(err));
- exit(EXIT_FAILURE);
- }
- t1 = t_read() - t1;
- if (t1 < t2) t2 = t1;
- }
- fprintf(stderr, "OCB \t\t\t%9"PRI64"u\n", t2/(ulong64)(MAC_SIZE*1024));
-#endif
-
#ifdef LTC_OCB3_MODE
t2 = -1;
for (x = 0; x < 10000; x++) {
diff --git a/demos/tv_gen.c b/demos/tv_gen.c
index d6ba2c6f6..5eba374a1 100644
--- a/demos/tv_gen.c
+++ b/demos/tv_gen.c
@@ -363,75 +363,6 @@ static void eax_gen(void)
}
#endif
-#ifdef LTC_OCB_MODE
-static void ocb_gen(void)
-{
- int err, kl, x, y1, z;
- FILE *out;
- unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2],
- plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
- unsigned long len;
-
- OPEN_FILE("ocb_tv.txt", out);
- fprintf(out, "OCB Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. The outputs\n"
- "are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous\n"
- "step repeated sufficiently. The nonce is fixed throughout.\n\n");
-
- for (x = 0; cipher_descriptor[x].name != NULL; x++) {
- kl = cipher_descriptor[x].block_length;
-
- /* skip ciphers which do not have 64 or 128 bit block sizes */
- if (kl != 8 && kl != 16) continue;
-
- if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
- kl = cipher_descriptor[x].max_key_length;
- }
- fprintf(out, "OCB-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
-
- /* the key */
- for (z = 0; z < kl; z++) {
- key[z] = (z & 255);
- }
-
- /* fixed nonce */
- for (z = 0; z < cipher_descriptor[x].block_length; z++) {
- nonce[z] = z;
- }
-
- for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
- for (z = 0; z < y1; z++) {
- plaintext[z] = (unsigned char)(z & 255);
- }
- len = sizeof(tag);
- if ((err = ocb_encrypt_authenticate_memory(x, key, kl, nonce, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
- printf("Error OCB'ing: %s\n", error_to_string(err));
- exit(EXIT_FAILURE);
- }
- if (len == 0) {
- printf("Error OCB'ing: zero length\n");
- exit(EXIT_FAILURE);
- }
- fprintf(out, "%3d: ", y1);
- for (z = 0; z < y1; z++) {
- fprintf(out, "%02X", plaintext[z]);
- }
- fprintf(out, ", ");
- for (z = 0; z <(int)len; z++) {
- fprintf(out, "%02X", tag[z]);
- }
- fprintf(out, "\n");
-
- /* forward the key */
- for (z = 0; z < kl; z++) {
- key[z] = tag[z % len];
- }
- }
- fprintf(out, "\n");
- }
- fclose(out);
-}
-#endif
-
#ifdef LTC_OCB3_MODE
static void ocb3_gen(void)
{
@@ -817,9 +748,6 @@ int main(int argc, char **argv)
#ifdef LTC_EAX_MODE
printf("Generating EAX vectors..."); fflush(stdout); eax_gen(); printf("done\n");
#endif
-#ifdef LTC_OCB_MODE
- printf("Generating OCB vectors..."); fflush(stdout); ocb_gen(); printf("done\n");
-#endif
#ifdef LTC_OCB3_MODE
printf("Generating OCB3 vectors..."); fflush(stdout); ocb3_gen(); printf("done\n");
#endif
diff --git a/doc/crypt.tex b/doc/crypt.tex
index fc879fa9a..a3ec9143e 100644
--- a/doc/crypt.tex
+++ b/doc/crypt.tex
@@ -1811,127 +1811,18 @@ \chapter{Authenticated Encryption}
The only difference is eax\_decrypt\_verify\_memory() does not emit a tag. Instead you pass it a tag as input and it compares it against
the tag it computed while decrypting the message. If the tags match then it stores a $1$ in \textit{res}, otherwise it stores a $0$.
-\mysection{OCB Modes}
+\mysection{OCB Mode}
\subsection{Preface}
-LibTomCrypt provides support for a mode called OCB in version 1 ''OCB''\footnote{See
-P. Rogaway, M. Bellare, J. Black, T. Krovetz, \textit{OCB: A Block Cipher Mode of Operation for Efficient Authenticated Encryption}.}
-and version 3 ''OCB3''\footnote{See RFC7253, T. Krovetz, P. Rogaway, \textit{The OCB Authenticated-Encryption Algorithm}.}.
+LibTomCrypt provides support for a mode called OCB in version 3
+''OCB3''\footnote{See RFC7253, T. Krovetz, P. Rogaway, \textit{The OCB Authenticated-Encryption Algorithm}.}.
OCB is an encryption protocol that simultaneously provides authentication. It is slightly faster to use than EAX mode
but is less flexible.
-Please be aware that all versions of OCB are patented and there are several licensing models provided by P. Rogaway, the patent holder
+All versions of OCB were patented, but have been put into the public domain in 2013 and since then are free to use
-- see \url{http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm}.
-\subsection{OCB}
-\subsubsection{Initialization and processing}
-
-Let's review how to initialize an OCB context.
-
-\index{ocb\_init()}
-\begin{verbatim}
-int ocb_init( ocb_state *ocb,
- int cipher,
- const unsigned char *key,
- unsigned long keylen,
- const unsigned char *nonce);
-\end{verbatim}
-
-This will initialize the \textit{ocb} context using cipher descriptor \textit{cipher}. It will use a \textit{key} of length \textit{keylen}
-and the random \textit{nonce}. Note that \textit{nonce} must be a random (public) string the same length as the block ciphers
-block size (e.g. 16 bytes for AES).
-
-This mode has no \textit{Associated Data} like EAX mode does which means you cannot authenticate metadata along with the stream.
-To encrypt or decrypt data use the following.
-
-\index{ocb\_encrypt()} \index{ocb\_decrypt()}
-\begin{verbatim}
-int ocb_encrypt( ocb_state *ocb,
- const unsigned char *pt,
- unsigned char *ct);
-
-int ocb_decrypt( ocb_state *ocb,
- const unsigned char *ct,
- unsigned char *pt);
-\end{verbatim}
-
-This will encrypt (or decrypt for the latter) a fixed length of data from \textit{pt} to \textit{ct} (vice versa for the latter).
-They assume that \textit{pt} and \textit{ct} are the same size as the block cipher's block size. Note that you cannot call
-both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb}
-states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory.
-
-\subsubsection{State Termination}
-
-When you are finished encrypting the message you call the following function to compute the tag.
-
-\index{ocb\_done\_encrypt()}
-\begin{verbatim}
-int ocb_done_encrypt( ocb_state *ocb,
- const unsigned char *pt,
- unsigned long ptlen,
- unsigned char *ct,
- unsigned char *tag,
- unsigned long *taglen);
-\end{verbatim}
-
-This will terminate an encrypt stream \textit{ocb}. If you have trailing bytes of plaintext that will not complete a block
-you can pass them here. This will also encrypt the \textit{ptlen} bytes in \textit{pt} and store them in \textit{ct}. It will also
-store up to \textit{taglen} bytes of the tag into \textit{tag}.
-
-Note that \textit{ptlen} must be less than or equal to the block size of block cipher chosen. Also note that if you have
-an input message equal to the length of the block size then you pass the data here (not to ocb\_encrypt()) only.
-
-To terminate a decrypt stream and compared the tag you call the following.
-
-\index{ocb\_done\_decrypt()}
-\begin{verbatim}
-int ocb_done_decrypt( ocb_state *ocb,
- const unsigned char *ct,
- unsigned long ctlen,
- unsigned char *pt,
- const unsigned char *tag,
- unsigned long taglen,
- int *res);
-\end{verbatim}
-Similarly to the previous function you can pass trailing message bytes into this function. This will compute the
-tag of the message (internally) and then compare it against the \textit{taglen} bytes of \textit{tag} provided. By default
-\textit{res} is set to zero. If all \textit{taglen} bytes of \textit{tag} can be verified then \textit{res} is set to one (authenticated
-message).
-
-\subsubsection{Packet Functions}
-To make life simpler the following two functions are provided for memory bound OCB.
-
-%\index{ocb\_encrypt\_authenticate\_memory()}
-\begin{verbatim}
-int ocb_encrypt_authenticate_memory(
- int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce,
- const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct,
- unsigned char *tag, unsigned long *taglen);
-\end{verbatim}
-
-This will OCB encrypt the message \textit{pt} of length \textit{ptlen}, and store the ciphertext in \textit{ct}. The length \textit{ptlen}
-can be any arbitrary length.
-
-\index{ocb\_decrypt\_verify\_memory()}
-\begin{verbatim}
-int ocb_decrypt_verify_memory(
- int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce,
- const unsigned char *ct, unsigned long ctlen,
- unsigned char *pt,
- const unsigned char *tag, unsigned long taglen,
- int *res);
-\end{verbatim}
-
-Similarly, this will OCB decrypt, and compare the internally computed tag against the tag provided. \textit{res} is set
-appropriately to \textit{1} if the tag matches or to \textit{0} if it doesn't match.
-
-\subsection{OCB3}
-\subsubsection{Initialization and processing}
+\subsection{Initialization and processing}
\index{ocb3\_init()}
\begin{verbatim}
@@ -1948,7 +1839,7 @@ \subsubsection{Initialization and processing}
Note that you can only use ciphers with a block length of 16.
-\subsubsection{Additional Authenticated Data}
+\subsection{Additional Authenticated Data}
OCB3 has, in contrary to OCB, the possibility to add "Additional Authenticated Data" (AAD) when performing cryptographic operations.
@@ -1977,7 +1868,7 @@ \subsubsection{Additional Authenticated Data}
both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb}
states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory.
-\subsubsection{State Termination}
+\subsection{State Termination}
\index{ocb3\_encrypt\_last()} \index{ocb3\_decrypt\_last()}
\begin{verbatim}
@@ -2006,7 +1897,7 @@ \subsubsection{State Termination}
The \textit{taglen} parameter defines on input the length of the tag to output and will be set to the actual length written, which
is at most 16 octets.
-\subsubsection{Packet Functions}
+\subsection{Packet Functions}
To make life simpler the following two functions are provided for memory bound OCB3.
\index{ocb3\_encrypt\_authenticate\_memory()}
@@ -10396,7 +10287,6 @@ \subsection{Elliptic Curve Cryptography - $GF(p)$}
These two ECC verify functions have been deprecated in favor of \code{ecc\_verify\_hash\_v2()}.
Please check Chapter \ref{ecc-verify} for details.
-
\subsection{PKCS \#1 Padding}
PKCS \#1 v1.5 padding is so simple that both signature and encryption padding are performed by the same function. Note: the
signature padding does \textbf{not} include the ASN.1 padding required. That is performed by the rsa\_sign\_hash\_ex() function
@@ -10737,7 +10627,6 @@ \subsection{Extended Verification}
rsa_key *key);
\end{verbatim}
-
\clearpage
\addcontentsline{toc}{chapter}{Index}
\printindex
diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj
index 69a5e2d69..eae7487e9 100644
--- a/libtomcrypt_VS2008.vcproj
+++ b/libtomcrypt_VS2008.vcproj
@@ -735,54 +735,6 @@
>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/makefile.mingw b/makefile.mingw
index 5d388f55e..e2970932f 100644
--- a/makefile.mingw
+++ b/makefile.mingw
@@ -56,10 +56,6 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
-src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
-src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
diff --git a/makefile.msvc b/makefile.msvc
index 9f530931c..68adc09a7 100644
--- a/makefile.msvc
+++ b/makefile.msvc
@@ -49,10 +49,6 @@ src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_ad
src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \
src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \
src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \
-src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
-src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
-src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \
src/encauth/ocb3/ocb3_add_aad.obj src/encauth/ocb3/ocb3_decrypt.obj src/encauth/ocb3/ocb3_decrypt_last.obj \
src/encauth/ocb3/ocb3_decrypt_verify_memory.obj src/encauth/ocb3/ocb3_done.obj \
src/encauth/ocb3/ocb3_encrypt.obj src/encauth/ocb3/ocb3_encrypt_authenticate_memory.obj \
diff --git a/makefile.unix b/makefile.unix
index df169e288..78bc67f54 100644
--- a/makefile.unix
+++ b/makefile.unix
@@ -70,10 +70,6 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
-src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
-src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
diff --git a/makefile_include.mk b/makefile_include.mk
index 52013d7f3..7cb42a94c 100644
--- a/makefile_include.mk
+++ b/makefile_include.mk
@@ -241,10 +241,6 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
-src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
-src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
-src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
diff --git a/notes/ocb_tv.txt b/notes/ocb_tv.txt
deleted file mode 100644
index e517341e9..000000000
--- a/notes/ocb_tv.txt
+++ /dev/null
@@ -1,696 +0,0 @@
-OCB Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. The outputs
-are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous
-step repeated sufficiently. The nonce is fixed throughout.
-
-OCB-aes (16 byte key)
- 0: , 04ADA45E947BC5B6E00F4C8B8053902D
- 1: 07, 987354C062CD6251CAA6D93280EFE9BE
- 2: 1CB7, B9F1620EA8374E1C2D05110878D93069
- 3: B98C59, 3793FB737C2DFB29E73DD1AD8B8F71C7
- 4: 8978F240, 5E25316ED13D3300F2EC12D718A0BA8E
- 5: CB4D261594, EDA252A1A5C7D0A4AB4620F771446DD3
- 6: 30D6B6688D59, 684037DE07832C6FC38CA42BDF2A7D53
- 7: D0583F9741BFA4, 3DF53DFF73431C0245982F4EEEAD432F
- 8: EE3B9596CBEFF520, D283D1B9D990739EA05F4BAE2E96BE4E
- 9: 6570FC25E6103AC125, 90D3F1FA6595B775749FAE7B00A8E5B1
- 10: F56750C98C370DFDC4A0, 19389A6875FAB432B72D64BCDD6BD26C
- 11: 3344AE6D9528603CC1E4E1, 87AB6FBC7F919125A7DB0D17D19056B8
- 12: F3D9D816A727D3E67330C779, 07AC0F3841DFCFEC58A5AAC22270538C
- 13: 976651E63ABC3B276799BC1FE4, EE603A8C66099AD6FF8667B3F34ABF29
- 14: A48E3ABC31336C6B717A96170A9B, A9D1B973D84D3125F5F9D7923BA0A8FF
- 15: F60E9B2A911FAFB0080FAA3ECDEE42, 4902F8AEB7685F7B255ECC45B5B7D3D4
- 16: 0855DE488940144AF18C65A9966DDB66, A66B3E7A75D394273AC196FFD062F9DD
- 17: 172DC1740F75AB2A27B2B80895961A69AB, D6986BB95F7E4137430CAC67F773623B
- 18: A414234DCCC61B65A79B7C618A6B91ACA410, 6CE32E55E158BC3E51E94116A615F3A2
- 19: 16A1B16BC0F63D63179901F1CBC772D612C102, 54007EF9822E0E4A4F953838577C76FA
- 20: 539788EBF85C15B3A638017B4054D71315BFF25F, 9B2511322E16CECD53E3241F3D51EB97
- 21: 7E74595A3DCFE1EA2C91B67738765463D50A22924A, AC9C9B526251C16F112E769F9FBE74E4
- 22: A2B61792102B2E44F1DC0E48B40472CE883730504FEB, 76452A49C2524404C8A4B098D6390F98
- 23: F58174BC06A022AB7D81991E9346F5E4B0AEC535D93473, 47F96374BC094BB2C1A5D1D291806912
- 24: A3A7713895D178A85D9092EA6138323DC2FF9090D7F01AC5, 3814208FA7009A2934F9A172D029667D
- 25: 385525DAF9949DCDEB22F7518AF96438E40F7D94933706A9F2, 1249F3DF50084A6D1A76AA350FD85B0B
- 26: 6838E207D98A5BF8D8E41454CF51663D8F8B76FD26092D45D1D9, 301723D0F49BF8CF37828340B894689C
- 27: 736413C025A549CB2550E93139DFD5DC3CE241C296C9FE641FF520, BE07259963F251743A85DF51EB1B47FB
- 28: 7F2CD26367A885BD9E2B515D4E871272AC1BEA1C650B530E5616B2D3, EEB37E8451597E5A53CB49072EDA9346
- 29: 68F23DCDEF223B60B46E3D724A93BEEF8B110D4394C990AC3D0E34E1B6, 9A60344982F852EFE02CBE9CBBAB60F1
- 30: 66C5DE3EB27139983D48BED81D0E5FCE6BA1AB402C357062FE989D31C69C, BAFA0A7997A529039F0CE8528E670415
- 31: D3B9009C1A930EE288C61B0B15C7E92CB73484C345594DC5A3F377147981DB, 1EDAACF7F1F3AC7EA613F94DA4DEF930
- 32: F7818DF15FE6FBC42A28FDE1D55A2C07EC8D82AA0E7A680DBD3CF26C13448F9B, 67FEB344108008A88067E92B210766D5
-
-OCB-blowfish (8 byte key)
- 0: , 07B7752047F9E0AE
- 1: CE, 7D69017C42B06204
- 2: 1D6F, 4DFD4BD58439062F
- 3: 30A011, DB49D988798F8842
- 4: B71C8951, AA3261584B0C20FD
- 5: 06F89957DA, 88BFA80D36427F64
- 6: 45BC4CE5FABD, 4CAF71136ED166A7
- 7: A7405F124D0296, 5D8993CE64FFF0E7
- 8: ECABEFD9E6574E4D, B69349673CF86E41
- 9: F7D26A7E82A34ACC71, AFFDEE843ABEA68A
- 10: E225C5F0FA1D649F81A3, 03AC1D5DF1323EF8
- 11: 58722FBFB86C2697061217, CE731D80E6355710
- 12: E577EB8FA70225C5A18D31DC, 2F08B140F0D3A255
- 13: 92154A94CD7D42EBADB6CFEE14, DC949170E84D3CA2
- 14: 5A3C08744FD85CA262D51AC6CD25, E83CE45547403BAD
- 15: 8B2E4980ABA10A20573A402D89AD12, E3D978611DD831D0
- 16: 3EDC4A0FA95BD8F944BCE4F252B6470C, 87B54BBEA86A5B5C
-
-OCB-xtea (16 byte key)
- 0: , F996E5CC593FD6E9
- 1: 88, 64636E3C48940F8D
- 2: 223D, 230D7718A8BCB965
- 3: 32531B, 37FEA4728FAE474D
- 4: BDCF3E96, A9F30B4187CD174C
- 5: 7B0CCDE546, E7328648817987FE
- 6: 824BD771B724, 0BDF80C14EDB758B
- 7: 8F0E73B1280717, 2DEDBF2C87180CC4
- 8: 6F7EFA44AF774B1F, 1A9C5509D54A7185
- 9: 9749BCF684F68755AC, E46941DBE948BDD5
- 10: DCD32D91FE2D5590355D, E17DFA54A5B60E07
- 11: 3CBBF6464D438AB95B3ACF, C207876D030362EC
- 12: 1C804A611F6CE4CFD2657366, B957F48EA00C428C
- 13: 5A2F6927951D8F60C754893790, EB3A27A9E5B8928F
- 14: C710D28CD02726002596D9196021, C6C9EBF090A20C07
- 15: 298FFCE0CD42BC329697AEB5F53A56, BB2F0C415317928C
- 16: 59F6395260ECEAB2E3511991EEEF9656, 278A218A720F8E05
-
-OCB-rc5 (8 byte key)
- 0: , E7462C3C0C95A73E
- 1: C5, 83CB00E780937259
- 2: 1533, 022FF70566E0BA87
- 3: 57543B, AC4EF15FC83BDF2D
- 4: 01E4474B, BD817C06AC2141E0
- 5: 4CD7E850EE, 7BB6B3BDA5373422
- 6: 489C0CD1502A, 23DD4406F87EB164
- 7: 0CBAAE08E07EFF, 92569C958B722413
- 8: 073612F283F8A6E4, 1DD978D01CE8D1DF
- 9: CDE676B1A3AC98B00E, C033F099E2620668
- 10: AD3BC88EEEDA40A83685, 36DA44E13C0C8A4D
- 11: CA60E8B918F73E99986021, 45634CA0E43E4B13
- 12: 3B3CF82157ECEACAD8658EF5, E681F57616146CC7
- 13: EBC1A7068346EC1B7EB815A7DC, 2C806D2A909CCAF1
- 14: 97CDB3EF8276F1E7D6B6677DA2DB, 53F00B9A2E43DE08
- 15: 44169B3EDAD9506C51A6DA055EF9C2, 5BB6DD996130896B
- 16: 35EC29065B1FC640015B0F779E7A358A, 867EBD0E86823F09
-
-OCB-rc6 (16 byte key)
- 0: , 27B9E3F544B8F567EEBF98ED5FD55C76
- 1: 92, 219FD2D74D7E3F21AA6C2A507C0A546B
- 2: BECF, 96A656A16FB3C4579E6955D592AECAE1
- 3: 4DDE09, 7D1882879B5D6FD8C151502BD8AB220A
- 4: 0D6B4FCC, E01FBD1ECA2A6A8DC6697A06AB12BDB0
- 5: E5E19C973B, E5A86AADF2F333D5DEDCE410688CC6A4
- 6: 90BA7D2A6965, 80523A2CAB2A7BB2E90B121DE80F46A9
- 7: 6FE258148EC8D0, B7254B11276A77C5F99FE5EC91D81F57
- 8: D887080095DF8817, F3FB938068A01EF89DE0F1226C544362
- 9: D9823313289D597614, A547764EF20BD4B4B303882B64FAF2C5
- 10: FF68942112CF01701E86, 94F3860D4438428EE296CEACB3EB67F5
- 11: FFD390D3E0B64F64D3192F, 99D2E424C67EBACCD4E2EB9A0CDB8CDD
- 12: 3162235748BDDECC84FC8C94, BDD400A58AF59100A731DD5B4386444E
- 13: D2A0EC8B1F20672289F7236C56, B245CF42644BDAC5F077143AF2A57BA7
- 14: 830929B2850E22F6C1BA2027248C, B6B522F7D6BA3CFFA92D093B383542FE
- 15: 2A5FCCCCF43F845AA77750D3BC6B1E, 53A0A0882C7844636900509921661FCA
- 16: 8480234796F9EAC313140CE014B0265C, 0656CA8D851B53FD5C1AAC303B264E43
- 17: F011A67C22F16A42CEA5E493CB766964AA, 830B8158B7A96224A53FB7F3A08CD128
- 18: F76274A730A608C2AB37497A049C3699882E, 4DC4DD4DF39D0E68D6169F9DC7F4A6D5
- 19: 7B38DD237DE552A72E4369A81C30AFEA5E5063, 01A62CBD30153702A5B29FB2A1683899
- 20: 58EB866F1FCB060ACC821D776AAC4AD9E87C326A, 25AFB8FC48605E1396EA8471F55C1294
- 21: A25F2C0FAD66B3580627498EC66C994B49C5445911, 0182A951D9A3DA53675612DE8EED1FB9
- 22: 8813977F092F07F251A1497C898967F3F98F5CB878CB, 80BC353E310880A83DD4DE4FE96AB6F0
- 23: 52DC8B76F5A6F78D51FB7DB51048E2663563335EC876A5, DC3689AA079C04C19D83646B272F9DEC
- 24: 965437D3FDF91784B63C73C8CD001BD9372167963DF36B89, 9FF84E2845E3C1E3E6711D1646B18F21
- 25: ADD40F674BD56FFC8F9B4047FAAD2471F0A48F4544C894F806, 9D684F74F9734F1C497E33D96A27E00C
- 26: 7B049B688839BC62785082397DEC7AA94B837D094AECA4B14571, EE711DF1C15B5C9E36B6E38B6F7152D2
- 27: DD4681F9C498A3CF69A9AC876E02BD9CDC4FB1F6798F772013B62D, C5A50676EFAA2A56CBDBE55CFED3050D
- 28: 471B5E89A1337E75E88AFBAACA1C011790F1657425483229E55C34EE, 20F73F2AC452FFEA423BE2EBDF33CFA1
- 29: 71812C83DE34DB329C8DCD98890AFB1F7719E890DAE5CEB7AC9668CAD0, 6FAA03E10C6FB67D425C683C6D85FD76
- 30: 4BC2DB33786CFD29B5CA5B804454169906138E90E29E7BE9197971027AF7, 75053C433EF5572A70C58EEC96F56C53
- 31: 5E3A0AB41264AB65365458ED3B7E6A25827E50075A9E347F1622ED0723E229, C8F1ECD19AD5FC970CF0D31BF46B0F2B
- 32: 2E48DEE4B379CD59F5367D17DC397C1BFD53B8C4CE46A8202518614076174EB6, EFCE758ECCB6BE875D16B7E03A498D31
-
-OCB-safer+ (16 byte key)
- 0: , 88618DEF98FE588E23107E9A5D89C26B
- 1: 39, 2B01B202E751F957E331ECD1CEDE3456
- 2: 13CB, 17071E5AFD5D8CE953A73F49412BE8C4
- 3: DC4428, 4B0B1881C2540FF92E7DE63C479A7750
- 4: 120382B0, 0BB11D57B5BD9D846CF31033CD4CCB92
- 5: 97F332F95B, 335E0424D0A820F60DBB968B8B5AA057
- 6: 3C7AAE72037B, C8034C2C76C1CCD7C1B3F36DD8907E1D
- 7: 8A99E4A1B89B6D, 06A8165DFADF1EA5ABD89E574422DF7F
- 8: 676587065F0342B8, 93ADE63994DF2189079234DC204BF92B
- 9: 8EC394CBC6877B245A, 1A89F0AB0B44BC708EBD9DE489E2EEB8
- 10: 5FB5366E5CAE4DB72411, 5CA5881A5805D53ACA4904A5EEC01550
- 11: 72A1994028F09ED6A4E45C, 0FFC0052996CE45DF4A28F7A6E9CFEA6
- 12: 1D5EF20F52A9B72386D1A601, A697DF1179628DE1120D5E8D9F39DA6E
- 13: 79BD002AA59D74F125AD9E32DE, 2F02CB6F70BF57BBA0DF100DE503F633
- 14: 442C6F9016DF4C090056258756A9, 58C6FD3180B9B74459D70B5684BE3F4C
- 15: 4FC5543D9A892B44ED04EE8B25E232, B8B858B3D3EB4B26E867E429F88A56B4
- 16: F06E7503167C2210AB332259BAFD6AB4, 73CE2589D1DF34CA3DC2B14CC9FA6276
- 17: BCCC260BD4823B64090FB33E6816F9C330, 81ABBDC83B2544907840FEB5AF4479EC
- 18: 450C1105B76F960D1A5F33D7F9D37DAE20C3, C41DDC8980E88E3986D9C84857BBE1E7
- 19: C9F36EF3A990E0554EDB59E6788F8E9BF1DBC7, 90DD543E148D9A0B79A8B376C5509E09
- 20: 3666FEEA98A4FC434EDB7517E7FCEE2320C69BCB, 99F11B360DDB3A15C42110831CCBF21C
- 21: 126F39C19D1E0B87F1180F6589A75712B66209E2CE, B4D268FB8EF5C048CA9A35337D57828A
- 22: C1B6D14EE8B6D0A653BFCC295D5F94E6BCA09E181D8A, 4B4883B614D5CC412B53ED4203EA93B7
- 23: D1F2A10F1A9DAB738C61CD0EF66FE5F6D1DA95DC671128, 3F1EFDA55EFEF1A0B24708E132BC4D25
- 24: 9D457216C584F43DBA1DD55C54822A8B6A86D22DBFFA14D4, 53402970B128E98A5F0D62476A38F959
- 25: 012828614B5D67C9A1EE24A1EBCD322FE9C8BE0C3F20A53714, 2BFF288D90DBDC638084F80F3F7AADF3
- 26: B1904AECF599F6C74557475E409E75E646271DEDEC7A830260DB, BF119BDBDA27773E038B7067D2B0EECD
- 27: ED831771C4346FC19435354AE29F7A9436D6E8D4D42CFF26207DBD, C3F029FC8AE690E84FBD0EF806B801F3
- 28: E051B958601223FECEADF932A277BCF18C25025AE4DA791155B85035, EB75E56BE7856F1B5ED3D125C092D38A
- 29: AB3449537C5E22125BC32D483F74C3A3DBDBD5232839A85D300F65B4FD, 851B0FBABD080F783BDE4F47ADCD6D76
- 30: 4E68550837130652795A8C9D68530717D2B0AA5A17F3AEF92FFB502E46AC, 10E222706527A64E757EDE4B9EFC09DD
- 31: C2D7033DA7A1857D79497EA6C64779EB969046CCEE6C74E6592FEE6E7C94C4, 2015674ECA80AC9B67AE854E18A7D56E
- 32: 2F3F0374DDC24AE21F02D4DA74D46C71F0CD2269A68F32F7FAA0BAB64AA8E9BC, 737C8BA1677A8CE97D42FBB07530EE99
-
-OCB-twofish (16 byte key)
- 0: , 2CD8EF22E5457C7FE4016B0FB82FD204
- 1: 64, EB7BB60E4932C0E97A7A5906BD044ACF
- 2: 3A59, E3D2024241666369BB542ED096F20C71
- 3: 67C038, 7E6F1EB3F2088F6416BB675DCAC0D484
- 4: BB36BF02, BDEEEF07EBB7A50A5201C8A2D72C0036
- 5: 6F06C0E293, C63557681D84ACCFFBFEE87D82EF1D3C
- 6: 2015F94CC5AA, EF1DEAD4134D2A1A47A20F26FAA3554D
- 7: A5F8CDD07964B0, 672B74D88C8AA7567C6AC4A896E0F6D1
- 8: 5EFC9D8C3B9E7F3F, DB9160C53AD429D4C22BC0E2E6C509C5
- 9: B62CB80F75594BC54F, 20020A798FF59F0472E750C796B5CC94
- 10: 970983B0F889760EEEF0, 360AE43CEBCC27755548D4984CEEA10C
- 11: 75C3A8CCB30A94CD57D1F8, 79820F3B1625E216B5BC1D1A22B198F9
- 12: 033DA41CCBFE3C6897230FCE, CFE3EDD11627270CD63916508B058B7A
- 13: 15358032F30043A66F49D3F76A, 98B8056A7991D5EF498E7C09DAC7B25D
- 14: 71FBA7D6C2C8DC4A0E2773766F26, 22BA0ECEF19532554335D8F1A1C7DEFC
- 15: BD761CD92C6F9FB651B38555CDFDC7, 8E3C7E1D8C4702B85C6FCD04184739E4
- 16: EB6D310E2B7F84C24872EC48BFAA6BD7, 12DE548D982A122716CEDF5B5D2176D9
- 17: 8DDF6CE25A67B409D3FB42A25C3AA7A842, 3E9FA2C6C65341A8E1101C15E1BBD936
- 18: 5563DFC29B750FBC647E427C5480B65846DB, 90881C6820901BD41F7B3C2DF529B8A9
- 19: 93343C1E9624321C2A0A155BA8B4E66FD92BE2, 71A641DDCD49825E10880D54BEF30E91
- 20: C256BCA0CF0ACCEEC1AA4B9372AF27D2C3C65AFC, 91D45C4DA49BBAD1809A11F4041C7D09
- 21: 3DE69FDB72C93518A3E317F7B26C425EE3DD42DA7E, 85E37B3E8EC3AF476DB7819D739D07D5
- 22: 676AC7885C7C8FBE9862242FCCC46C181440EE49AE59, BCDB42B53AC4FDDF9C3BF8849AB96EEC
- 23: D71B98B88F46CC47D90BB931564CDF0157F0ABCB5E6954, 289CD5799D9E49F36D70F67726A59610
- 24: 669C16DB9DC175200C08476832155DAA52F1F8969DF3B79A, 835B210EBBE5C9D34C2E052E1843C1F8
- 25: 2F39346E14A34BBED0491929CD9F1FB3CEC412C25AB703372A, DC4B42E8BA676BA100B87BEE328C5229
- 26: 1FD0F8BD0AC95E91881635EB0CF0E4FB099CBB214CE556422E2D, 898CEB3CA8FCA565CE5B01EF932FD391
- 27: 7FBD32B3D88B7E002BA6055585B5D0E1CC648315A81CFECA363CC8, 804820B1E3813D244164F778B9C2A8C8
- 28: 877A5F336A1D33AB94751A33E285C21666F0D8F103AC1187FC205372, AF9F0AC165EAFCEE8C2A831608F166B4
- 29: ECCA297705B0395E71B9E4263343D486B29207DA188C2F1BA626EDBF46, A05DC873406B236E4DDBC038DC4D2627
- 30: FF3BD8D4E1108E98FBAE2E28BC12819CD7956BC491C0B3A291FBEE739599, 68DFE58473BA2818A23095D1D6EC065C
- 31: F175230606040ADACEBAFE4D58BBD140B2D45E8BF7E5C904510B58E4B53D3F, DAF579E1A12481D39F4DCFB7C28794B1
- 32: 261388D491EF1CB92C261FD9B91CAD5B95440DE0A747144EB8697699F600801D, 749056EBEAF4F20CD8746AA8C8846C47
-
-OCB-safer-k64 (8 byte key)
- 0: , 0EDD2A1AB692AA7A
- 1: 3E, 306F814F3C2C109E
- 2: 0593, 063D19B734C34715
- 3: CA72C6, DF6DAAFAD91BE697
- 4: 08924AEE, 15095FA49E789483
- 5: 359908A6CD, 16CB7F0741BA4091
- 6: 97F3BD820CF4, A59DB15B67B95EE8
- 7: 0A267201AC039E, B4FFC31DBCD8284A
- 8: 9F6ACD9705C9ECC5, 6B41A938F0B1CAEB
- 9: F355D5A937DD1582C2, 9D1F932E521CB955
- 10: ED39758CAF89E7932E48, 398EF517015F118F
- 11: D8ACF19363A0E0ADC9321B, F98B2A30217766AA
- 12: F8F54A8202B0F281ED610F33, 36EF7FA4A20E04B7
- 13: 0F8677DF64B5982DB6E2299140, 4DED2DA806834C81
- 14: 0C357A9DC321C93B3872881503B0, 7814D1C0C6A8900A
- 15: 10B6B1A261C3015A18110AD200A7B6, 9A814D6D2BAD850C
- 16: AA9EA9D1BA7818C0D2EBF23781A5467D, 236A24FC98826702
-
-OCB-safer-sk64 (8 byte key)
- 0: , 76F16BDCE55B3E23
- 1: 63, F34B0B471F6F8F75
- 2: 8651, D7EFE17943D35193
- 3: D45504, 263224E50E7E9E75
- 4: 57B414C3, A553D6CABCA0F285
- 5: 4976E3B303, AC5E9969F739EBD9
- 6: F10AB8EB94E0, 8301FFE68848D46D
- 7: 6E954593AC427D, C1CF93BBC0F92644
- 8: F48F44441B898C0F, 698FFAED1A95E8E4
- 9: 1DC60156D62782E3D0, 6AFF0DCC65D4C933
- 10: 71920ADC8997CB8B3A72, 1C101C6A27CFBBBD
- 11: 890ED7492ED914AC20391B, F66DCD6205D945C6
- 12: 1B9FAB84A8748BAC187C7393, B450757FCAFAAD52
- 13: B4C89E1BB280DBC265E43ACE15, AE6BB3D2E6A371FF
- 14: 24B0C28944BDF22048E2E86644F5, 84E93E2191CEF17A
- 15: 8F2D5694D55EE235168AAA735943AF, 514252AEF2F2A2D9
- 16: 568B7E31FFDA726718E40397CFC8DCC6, 3C80BA7FCA9E419E
-
-OCB-safer-k128 (16 byte key)
- 0: , 4919F68F6BC44ABC
- 1: 65, C6785F7BE4DE54D3
- 2: E1B0, C197C93B63F58355
- 3: BB7247, DFE092EF8184443B
- 4: 38C2D022, 943FD999227C5596
- 5: D71E4FD0ED, 51040FE9A01EA901
- 6: C4B211EADC2A, 329429BE3366F22F
- 7: 426DEB3FC3A4BC, CF1C976F6A19CE88
- 8: A6F813C09CE84800, 98D9FF427B3BD571
- 9: 4D1A9948FD157814B4, 5A389FAEEB85B8C6
- 10: EC3EA142C3F07F5A9EEB, 31E26E13F032A48F
- 11: A75FB14365D1533CD3FBE7, 8EF01ACC568C0591
- 12: 891582B5853DD546FF3EA071, E013CFFE43219C21
- 13: 54CA848C49DCDEE076780F21F4, 298EFC7B4D6B6CFE
- 14: EA7611C69A60F1A2EF71D6A7762D, 7D9AA51CFCEC8101
- 15: B2D1A211BC524B965A084BB4B21710, 7B2AC0EEB5216892
- 16: 5E81F1BFA270E804A488C9BFAB75811D, A67F627CE1E37851
-
-OCB-safer-sk128 (16 byte key)
- 0: , E523C6DBB3CA178D
- 1: 5E, B1CB7EBE5780DF98
- 2: F4D8, 8036235F2BE7A817
- 3: 4FE268, 123320394EAC24F6
- 4: A5BA02B4, B8276B5E027D45DA
- 5: 1571859CCC, 29406C5F2DF2CFC4
- 6: CA1E47447B95, 5D4FAF8FD5341791
- 7: 8710DB37022D96, E10040FEA9AEA9C2
- 8: 205990DC9A34DA3C, AE25CB49AA7A697B
- 9: 757AFCB3191DC811C3, AA8CADA8638D6118
- 10: 6994F8C153522361BB92, 1BCEE09E928EB18B
- 11: A86FA0CDD051BB60AF5AA8, 50A38F8E9889354D
- 12: 8D3FD3EB7FF2269AACFD24BA, CB51CF84CEFC45F0
- 13: 03D2A313925D9490FC5547F95F, A1FF9D72E11C420B
- 14: D77C0F0F600FE92F14F479FA457C, 1EBE1B4B9685EDFA
- 15: 0CAF0A8BEB864E26058C7DF8EBA0EB, 1B153DDAE807561F
- 16: 113D12716DFE0596A2F30C875EC6BA0E, C61F5AC0245154A6
-
-OCB-rc2 (8 byte key)
- 0: , 1A073F25FF5690BE
- 1: F4, 3D3221E92E40F634
- 2: 2C76, C22C20B7231A0DB9
- 3: C647CB, 3E6348D996399629
- 4: 2021891A, 8EF76B24E9D55FDA
- 5: 1966CBCBBF, 310D24024D573E8D
- 6: 42C15AC9AAF0, 217E83C0CDE4F077
- 7: AB70F3F73DF0B6, 16AB2679D96A591B
- 8: B7C7DD845D7E76DD, F33065EA531545CA
- 9: 468CC16A37CF63EA73, 88879733F70AE3D3
- 10: 4F769E25A7346E22A932, 26E1A92FEDEE0597
- 11: 304A8B53B1CD24C6C27C17, 48B46E9F091B0B2E
- 12: 4E3DF867FEFF0B8E06D5FA70, 53BB48BFB8AB4750
- 13: 2BAB3F0A8C38A3BD3C49DBBA5A, 52303CADCBB6D312
- 14: 3D04A29924589AAEF93A29003EE7, 120EF9364B83748F
- 15: 486127A80E4EC599C461451CF1D79B, 2245D51599CAD629
- 16: AF8FB3FD2DB343F1AFF564FCBEA58785, 805BF441E660B0B0
-
-OCB-des (8 byte key)
- 0: , 8A65BD7DE54082AD
- 1: A8, 3A83897CC8EC7CF6
- 2: 9256, DC66C39C7DD87D93
- 3: C145A0, 45967F3764F62F48
- 4: CD314BAB, EF38B0213259C3D4
- 5: 7074014741, 6748F4BAF06DD7BD
- 6: 9A874CAE01F1, E382DB7235624104
- 7: DFA0D86DC4CA84, 627ABB432E50455E
- 8: 685C2B2CBDD8D144, D166082E085063BA
- 9: 53515DAAC7F7B8CE1D, 6680B6C26E1B0994
- 10: 2B3967812BF4155A8D36, AFED7F38AFEFC543
- 11: F4E5AC3CC5913B8A7F35FB, 6181DD3C46A6C24F
- 12: F3EC89AD4235287D53715A81, 12CC354833FE5BD8
- 13: 66D554AC2CA85C079F051B8459, 097F31088CFBA239
- 14: 8746061C26D72771A7586949A3E4, 6CEF3565D0E45C6B
- 15: FB3BCC650B29F418930A467EA4FB73, 64D12723E100F08B
- 16: DE1C27E9B3C391AF5DF403291F2C084A, 6BADE4638AE46BE2
-
-OCB-desx (24 byte key)
- 0: , 972B4CC480AEA6A9
- 1: CB, C46CC58DE9615963
- 2: 2911, 9B5117BF9530018F
- 3: 844501, 308F0F36D3313B67
- 4: 0C8CB549, 3F72789FB54CC9B1
- 5: 581FA34114, 1B86E66203EBF9EE
- 6: D0BBE3E43961, 59F730D5ABF13265
- 7: 046529AB0EDD17, 240FF6134AA5327B
- 8: FF4F32C3A96D61D9, 5DE9B81CC39ACC61
- 9: E94A99D609BE5B1A6D, 443F4948DE64E6A0
- 10: B3E783B59853EE1EBD36, F04B41EAAB9CDE18
- 11: 0BB36CE35BB8050169F6F2, 598A0705C800BC04
- 12: BE946B1CB03E7E5DA1CC12B8, 288B827CEA810662
- 13: 3FEC137C657FF1F2B34F4C5E56, F9248F59D1033253
- 14: 626DC4527055E80E68A6A1FE0F78, D8AA67D5ABD0B6A5
- 15: 476247537A509BC42BCD6DEC7F9506, 2C2D0385066B4815
- 16: 5D32BFE0B9ACB62B6AC29D43A0535A25, DE247F5F809C6CEC
-
-OCB-3des (24 byte key)
- 0: , 9CB7074F93CD37DD
- 1: 4D, 51541A838A154E0B
- 2: 5C77, 60E86F2F1F4C6F96
- 3: B3D2F0, 7D74A9E6A061457D
- 4: B3556075, EAF7A89A07453460
- 5: 1B61CE7230, F90D18620E1AB877
- 6: 3987FEC8D0D7, B5EF04DEE2E528F9
- 7: EBD0A7EBEEFF3B, A72CA24DD77A5DDA
- 8: 429FB38DDABF76D4, D0578484C37227C8
- 9: F8DF28BF5C4CD28B1B, 5E7C4DC8E694E3B4
- 10: 2BF436BBE063F7E830C2, 8D919637C973C71B
- 11: ED21656C8878319F1B7D29, 8813280C1277DF26
- 12: F45F90980D38EDF5D0FEC926, F9619341E273A31F
- 13: 52F2D3CACC294B141B35D73BBF, 7BBC3F1A0D38F61F
- 14: 2E6DA0FB55962F79B8E890E8DD8D, 8060799DCAB802E4
- 15: D6F9A6B2420174C499F9FE91178784, D3AAF969ED2F7215
- 16: 4F1CF285B8748C4F8F4D201C06B343CA, 203A2692C077F1B5
-
-OCB-sm4 (16 byte key)
- 0: , 644D127C5F75F64F48808EEE68350817
- 1: 6B, EE408CBD07CEC607EAA25CB0CF063DE4
- 2: 74E6, FE58AB1D0A951F156D0B78597DE88981
- 3: 049E45, 9674DCB58ED4981CFFCA8725B5BDCBD8
- 4: 416F6FAC, AB0981B209CEB024447861D113FE74AE
- 5: CC01AFD1B6, 9125092E4696FE0939A256C03A37FD8C
- 6: 1B32E33A7BA2, 80714FA9C1EAE774CF9C754F5FE7374A
- 7: 6F91118A6F5E0F, 7065639ADBE5265F0B61836950C39871
- 8: C40E934B952D0108, A8D1ACC7CA93B14C2A187441C794D31E
- 9: 06B7FF294A85CD8F8F, 3C433077C03E9B6A481B6A78565A865E
- 10: 123093E41AAA91EEA2D1, 9EEF81BFAA0C7116C632DAE3D447BEC4
- 11: 83288869EBB8D22772AA98, A52688653CC795A14D7CC5C4FB59EFD6
- 12: FD8A2A59C3BA54DE090DFFAE, CA597A88711955563025FE6F6B6CB095
- 13: DA0FD6F4B1A0A8084D92F543D3, 9F22A8F0B9EFF906DFE7438E0738FF4E
- 14: 8D8090EFF0A44E96A4CB582A61E5, 11477309B525FA0B1A1B4B0F25DED574
- 15: 95DF2F968380DAF60122B8FEA2614A, B25F1C94B4F963297EF31AD01819CAD6
- 16: E63BB516DEF0A60F3503FC9578082588, 9E75B31F3A10D922A698610EDD224AC6
- 17: 4141B7D60688A6B74659FA3F988749336C, 2A4A83E828CA79F3CBA7A417E4E9149F
- 18: 68A58C0AAD6A8831231DD3537D5E6284FAD7, 4372DBFA17A102118A4750E719FCC9FF
- 19: 6565EE0302F1AFE357E65B56980F04EB805228, 20E09947D4A4947CD24457589303BD69
- 20: 0400E928A18B85498DB78CFAFC026CB07F3DD3A3, 9646E0737D7F75F109430336754DE155
- 21: EC2A5AE19531D964B6C03C4ACE804909F3B0260DC6, 6DEE21A1B2A14FE5F8C13C3620F35EB4
- 22: F32AEDAF0281234753F5D2903F1FEF505165D4543923, B8F486809ABD26E4CACF6C283CBFBAFA
- 23: 482B2728C75FF1206E280FDDD082F2C93EE9C2C15A14E9, 70DA0D202F68BF7DCF126DFE2CC75CA9
- 24: DB67772FC481A6D2F50ECCA59134984869C91436211A24A7, A7391E9F5698DF1BC984F127A874D8F6
- 25: DF60A24E93101ED2F68D3CAAD966F51271603C8E611AB16C3F, A4C44700A6845A75B72C04C1395E9820
- 26: E14DE8BC5A2A8417783267AB659DAC26A84A02B4EB5FA4BAAE7F, 1508521641C38536DAF3B2CE65BC060A
- 27: 309D876E6CCB6C8FDF963D6143E2FC091DCF7FA75D002986502500, 323AE0DB790F786252F35547554990E2
- 28: 7D8D3119EA42098509D0B1FB8FDB945E1C6C7AF4E1C9773F82A6D3DF, 8F97D69077AA1AD2BD7A8FBE6950E632
- 29: 597A5B272750C5CCE0591CE40A4CE838F3C326A9BCAB160385D6D431C0, 2F9D9980E31419966C6F5DC8E6DA216D
- 30: 676720E8BB37FAD3778C4289CA1442A4905F327798C7C3584FD9518F19CE, 60D96E4249518291C68EE01AEB5A5B05
- 31: 609D0A3770F9BE06D7100E75FA0096F21FA498C28224A9406228534A43DEAD, C3148A9D60CD32EA378720262A3529EA
- 32: 18BA4D72E61851F5878E07459A24BDFCB48C6A2AF719584CBE6A0B321078B967, 077031AE31FC5ED7B27ADABDBE699CDE
-
-OCB-cast5 (8 byte key)
- 0: , 77E8002236021687
- 1: 52, D57DF1037B6A799D
- 2: 31C9, 7E781759B057D695
- 3: 5C8324, 56965D6CB2C97C0C
- 4: 17D99099, 7C52B5D09475F5D3
- 5: 400082C475, 3CA5CDB9B4A0FAE9
- 6: 4DF0E4000C24, DCFEE2C3384F9731
- 7: 10004C3CE32255, 0A6832F985F61658
- 8: FFA6EA76B346893C, 6202693B153254D6
- 9: E96378C94D246AB51C, 5B259FEB715B9159
- 10: A9BED2D59A92D3D9418A, 1E7E066C098A023D
- 11: 4EF144B7D4622BAD4DC840, 5DAB2C1D0DF56B08
- 12: 6DBCDF56E57CE47DD3D0CF44, 2A24F2A224368F55
- 13: 43241A0AD933635D7C8EAD47DC, 86B4B5AC22177F19
- 14: 920D6BDBE073F3C75052420C883D, 10943DBB23BD894D
- 15: B2C75DF024269833B039CAB19EC865, 84B7DBB425E45855
- 16: 6A9424B6A873BB7155C01DC87E23EC52, 82C5047655952B01
-
-OCB-noekeon (16 byte key)
- 0: , C810FFEC70BB008FD7C314A732B226E6
- 1: D0, 3C48A2C7E0CE9B9099221EF2CEC56767
- 2: 5542, 518EDB8174B067CBF2568C6911378137
- 3: 65E8A4, 3E4EFF5F6FBC99EF3B71B11F566A20FB
- 4: 3D0EF863, A366D5CE05F564B5E676EC78938CCC85
- 5: 89B17BA512, 0E83095D771F654CBD630AC114501A0F
- 6: E9AF5FCFEFED, 3A283F7FF02274DD4B48C2CD7E36182D
- 7: F7A001CEC51C30, 8392CC274521BB452134713153F36268
- 8: D796E3F23E31D4F2, 351C7B0304E127287A9A1DE38BB3167A
- 9: C4E2BBF6B4827E1A84, 275907279D0764CF80D7E6626D81F994
- 10: 6C61226E61F70408A61A, 941AD1718D272BFCB8C5ACE08F90B2D1
- 11: 3C195850E7FD63EFC11F7C, 348A975B60908445230D4D56A0CAB008
- 12: EE5FF5362DA3744C9EAD274B, 875C2167BFAEB65F5601F2DB9035444C
- 13: 7DB5392ED1933ED858EC0C52F5, BE6507D8AC743805A872658C680A4D06
- 14: FEDEAE2EC2059D22B960813B5E7D, A559933509C47854176CEEDEC12EB8B4
- 15: 64C81F2169F7CEFBF51E68D4186A36, FFE84A9B49F0E77A9799EDEC7D76B987
- 16: 66532B678D23130714E088FE874C4743, AF95ADA553A68319DBEBDA4172E18A22
- 17: 53E56845C091A1E2372F3FC772017C9804, 9A6AB7CEB632429F2B31FB91C141B6F0
- 18: DAF6832520591B886E2E962ACF5B9D0A38E9, 73FFEBA8997E0C55CB0B4ABE59C86BF6
- 19: 108F04FEFCB5EE68033E57346012CDEB348D14, E08E90976E0F7868994B017D7A007AB8
- 20: 101682160DEB9667FB073F96ED1D9C063ABCE668, FB79A4BEBCA9A7832C72116AD9B98D41
- 21: E10AB0D22A6C4C253D818AB6AF1A3FF5811C6CEF24, 174CD350B069A239F9EB80A7BCADE8B7
- 22: 9F62A79B25D4F5532D78228A50516F97ACB7A2C5DF13, DD25DD14174B5667B0AD70732323C8C4
- 23: 2A0AA96147E74A3B881D62BA692EE27927A9EAB351C6DB, 9CE03AACF9318770BF7E095F90B470DB
- 24: 29E38605973D0218AA8BAF2FBAB7722DB242C4775E453372, 72D6038E8927EDDE469F98B84C74A8A3
- 25: 8DBF8C2B5477DBA6E07B269293713D60D60BE29E677CA35C33, 83100BBC1401C890B36890A3FD0CD4EE
- 26: 13DE9776093827F254DBF500EEBE0C65DC602A5FDF6AEFFC34D9, D142F6CE9E43633CBE94A2BDCC9AC5A8
- 27: 4A25370043862CF7A12A00A5A278623F9BF8DE33212D35661591EC, 62064DD74F9F6D77682B43D9B44E26B8
- 28: 37C6C6C40DA0581BF041770E330A40185E90426A1A4AC9BCDBC5CA7D, E77EE99F62EB1A38CCD1E90CED6EB5C7
- 29: 6B9047158068957CBF77F35988E5C926C7B262A8EBA9D33638A15B1505, 913DC491D3B2AFF172053CC4D1271F46
- 30: 949E5F05396F60722877EDBAA5D7437DDB24B3E25651458C266992D0854E, 87D4396BBC24646659F10179823066B2
- 31: D48489C360F6EB2BF4155FFD7CCAFA4793B8870BFA4A95C9BEDD372F51C04E, 173EEB238E6186D5A93AC6072A22B772
- 32: ACB6F91E8BDB4CFFE1F2A5F6C712D16177EE06842E4CF27F61C8F68D44C842FF, A1E5F2560183B0AFE466243EF3921E4D
-
-OCB-skipjack (10 byte key)
- 0: , 90EAAB5131AEB43B
- 1: 2F, 6274B82063314006
- 2: DAF6, 6A6BCCE84FD4EF02
- 3: 5C2A88, C83D54C562A62852
- 4: B6E8FB5E, C44459EF41C8F296
- 5: 6C0888C119, 269DD7657BD0225F
- 6: 1FD9AD7ECCC3, 3CA090F46B107839
- 7: 1EDBFF8AE458A3, 440380BF9745132B
- 8: 04DBECC1F31F9F96, 2653620A4877B0E6
- 9: 908AE5648AF988A896, 00180FF33C1DD249
- 10: 53E63E0C297C1FC7859B, 36616209504C4230
- 11: 407BE16144187B4BEBD3A3, 4754B7DD4DB2927B
- 12: 9961D87CFEDDF9CC22F2C806, 5947FC41E6B9CEC9
- 13: 9F5254962E4D210ED8AC301252, 97A392BEAF9B3B04
- 14: 379FDA76ECCFDAAC10F67FBF624C, 1D895ABD932BD5EC
- 15: 1D5A7AD556FF3078284BB21A536DAA, 01FAE2F4936ED9D2
- 16: 4B8B71396924880CB33EA6EC6593F969, A0F4B1BE3B9B4CCE
-
-OCB-anubis (16 byte key)
- 0: , D22ACF880B297DB0513DFAF0D2DF57D9
- 1: 59, 210A179469D6568AB9470C760415574E
- 2: AFA5, 1223F9CD160ABE2F257164C6E5533C87
- 3: 969BEC, A57EC767543CA2ADBA4F5A7423ECA78A
- 4: CF8B31F1, 13B5BF9CD87CE15CE696F3AF1B082650
- 5: 9B22DF3852, 4937FDDA0AFDDA04CCD53CCBB0A82745
- 6: E11719B2F0F8, 6847931DBF0223F5CEF66AE3F4DFCF9B
- 7: 5A85E0F6DD2266, A1A0AF45A68A681CC396615FE1E1DFB5
- 8: 7F2DFCC65ED86976, 13614A3C6E0E08611D8DF8EE5B7D788F
- 9: 1DAF10DFA3F1D53E50, 673632B6DD553BAE90E9E6CC8CDE0FA5
- 10: AF74FD9671F9C0A9879C, B8B4DD448FE967207227B84E42126D90
- 11: 49421CED1167A882E26297, 21C8951A1761E4BD13BC85CBD14D30BD
- 12: BC0BC779B83F07D30CB340DA, FAABD25E14FFD8D468AD6616021F604C
- 13: 843D7E00F94E61AE950B9AA191, 08933ED5FBDCAF72F788393CD5422D0F
- 14: 296F15C383C511C36258F528E331, 8BFFADF5655C1864057D69A6706D1739
- 15: E31D2E80B2DBA4FBFAF52DB0513838, C4CD36821EC631CCBF1F258EE9931288
- 16: 87F319FE9A48E2D087EDF95563896EE5, 517960488E5A118D150A1573E76C290A
- 17: 9632B7DC1740BBE0A7AEEFD0F535B5AE8A, 0C24D0950873621D319A928862D3A6AC
- 18: 359431ED4B3AC537238CAC2F86126972D403, 4A0CED2F4BFA3355C17D6C5DF9FABFAA
- 19: E15B50172EE8DA9C552D448A5A48BEEAA2F11D, 8166B2A2D3A0745D1055F9F503FD6C03
- 20: 75842DDC0D5E3BD80225E4BFBD1298421244D7EF, BB957BB2582B67B63978BCFD7A949EDD
- 21: 3DD69162716D5F3E096E614991CAD7ED8E01F926B8, 40A954F31F5B0A2C5DD220ACED8D2B3E
- 22: 8A49AC14F59593D5399A10F9346E2FD36F47F64ED419, 4324D408CE7F86370495AF14FBD1A859
- 23: 6AA8FA353BCAAB4262211D75F13D27BE173526B8BC3CFC, BA3A27D79EC8ECBC5A78CB9FD095B766
- 24: B918192BB72CFEF980298EEE570460356A4BA1755576FEAA, EB341ECE0A070E769F498600EE4EBF77
- 25: BEFAE0B77E42A2FD18958D9E43202E8A338562AFF8317461B0, 444C1D6BDC026A01012BB2CEEAD89C2C
- 26: 07E86D49CFFE6FB08FDF44584033AF321447003D8AD3862C00C9, DA9355A79B224EF662DA65F19BE494A7
- 27: 911BB223AC6F6E54082FBFEDEC300D73FCAF715CCA35949212B372, 3496160A46A21DCDB5A4C179F159D860
- 28: ABB563FC803715F59AA35460E98470E2E94E4270455ACEBF4297641B, 899CFE1946A060DE620879B8A7464718
- 29: 47D98E83B5849CDE19B14ABCF9EA6CA9684AB49A3AB36BD14F328D808C, 6D76CD5EFF6D4AD3B67A56DF1EB42E05
- 30: C8BF0B71A95884FFB93D64C57E327A4754EC5A1EE26632CF8E0B6B26CBDE, 2B3BE785263B1A400E5893273AFD09AE
- 31: 9804D668CF2D75CA58C9671F65630E33909269B9511AF9119BE88EBB35F00C, 3DDA028B1A2339CA817DC8D9371E0FF8
- 32: F6E038A82A09BCD20BAAC7926B2296B78F9CBA9DD12C497C47EA08DBCD8CEA3A, A203FC1E68E21A52E72224891AC10EE2
-
-OCB-khazad (16 byte key)
- 0: , BDEDFF7AA0070063
- 1: 00, 67E951582D66ED93
- 2: 5FED, 09DC8AEAD70673DE
- 3: 26A7CC, CE1436CE1E37D4B0
- 4: 3D2BD063, 574C24395F31511A
- 5: 597F1AFCB1, 6FBBE820C6F26CDB
- 6: 202DAE442DF6, 58CA6E5706C9852D
- 7: 7C20EDA18E9444, AABF0DA252A1BAAD
- 8: DEC02BF76DFD5B77, A0A97446B80EACB6
- 9: 5D7A42F73843F9200E, A1DD603372D124CB
- 10: 0D4710E454C19B68369E, CC78E9D7EAA6A39F
- 11: 126694191BF09A29DCF40E, 76C9B84FA3E8913F
- 12: A94EBB86BD325B4FA1942FA5, 613DE312DB1666F7
- 13: 4F9462386469EA0EFDC1BFAFE9, 5247244FD4BBAA6F
- 14: 4EB794DFCF3823BDC38FA5EF3B23, 0C12017B5E058398
- 15: D870479780CC5B3B13A7A39029A56F, 003D3FCD31D497B5
- 16: A47BF1218AC86A60F6002CE004AF5E50, B4EC27091D5DCD58
-
-OCB-seed (16 byte key)
- 0: , D80D16D2D0FB2BD9EBA4912468B893D7
- 1: 12, 8776140CB818C1CBFD2CFCD8BDFC9FFA
- 2: F8A1, 597381977898AC43194C302216113CEB
- 3: B35B5E, BC327275E7A552C4E0AC0FCB8403A6C4
- 4: 19F57542, 4E49DE569547B619E4187239D9B755C2
- 5: EAD2D99E86, 53DCC5FAB4DE25541A22AF0309C9FE78
- 6: 4902A8FF9AF9, 950D9A28DFBDAECE5F14D47E6B7A8B8B
- 7: 45FE502602EA4E, 69CD243A3CF17FE51ABBFA2CDE510BCC
- 8: D54F2EDE48207CFB, 775EE6140AACF9D56787071F08F36F67
- 9: FEDBBFD9FAABC80186, B37B2C643D62A205BD009BB55D50B918
- 10: 3541A86C889AFEB783B7, FE41A36AC076F417B6A3870DB712CC1F
- 11: 62EB71A2EAFDDE1A050AFC, A953ECF1F0B53438E869F0CFB84CB142
- 12: 77AFE377460D6A51208194DB, 5CC2A9D8499F1B25D78937DAFB1DED10
- 13: A34FCDD7CA45DFAA2178CDC7E8, A14A119115143EE2B4719282C9E2356C
- 14: A61FA4E9550280C8AAC87EF7A204, A87DDD9631C87ED0792C067E8D7F1D9B
- 15: EE82AF5C51896AED298B0C12E00ECF, 9051873090B013508F93677D3A080E96
- 16: 5D532646FAD510E984959C4E14F853D7, 275D8DF932818030F1269804DE06A73B
- 17: 1D77F8916DF479DDCE3F49A1D9DEFA40FB, 99611A067F45F140AFDB6FB7E9C23DF2
- 18: 5857267B77E7B8D7732509AEAC0AA80BDB2C, 3159BF09910493977A33268C7F7DBC01
- 19: 1CF64E54D48811F02DAAE472846E65235DC8B7, 78F88A35E2D93A0746058D1B37762A27
- 20: 8CC20A5FEFE9AAE81742DE70453F62A961188DB7, EDA9E9208EC38152E53AFD62ABC77F0B
- 21: 1D6CCEEEC72CC7369C33F5CD83ED0DCD6F5613D562, 9FEFD274F3F906B11DD87CC2C0F9D0A2
- 22: 20A9C1EAD88F005DB8F69C8BE005D8A010B261FF2EAD, A341F754932DCBC6DAFE4231918A9CF1
- 23: DCEC1BB28E8D77D69B5148FB02E02C281B68BA6E9768B0, 6AAB2EEB1D25D2DF7CEEFA6054E295DA
- 24: 7C4F7165943DB1EFA5731F5C75931F4391F0C40D5731BC54, 3FBFF88733ACE5289D9FB9CD24C44C3F
- 25: F5E2C8A9B3A02E0BB86F9E969B0EDA5F554B0C8902BB6F4643, DFB22569019686B2EE92ABA9EE6610B0
- 26: 42B7D0E9613AFAD6E8093E4F638BC96E22413F15A84202188C31, 002F0F602F596236A8F239E81CE47FC0
- 27: 88B89B7756BD3BE09467998FABD12BCE87E5FE994ADE9B30844AE6, 05E0E8AFA55C3B571A849CE4C9F1F477
- 28: 10452565D15D1D829FC54F61960C6A749AFB91086E388269CF6B588A, DD88B0C63E040DF8878B3C919AA95218
- 29: E68619409B86082C744496FC3F645CE1134E84192D2CBCE1CFEEB12612, 83258C337EF21302724CE051A03195D6
- 30: 840277319319EF1DDF6A57682B6695550157F5B76756BF81BFFB3394AFC0, 183FA85F8E91F8972DA23108FA066F20
- 31: C74A4B01328B809397C07F4FC16131FBEE6396293181C327ADB50EF39CC936, D6C5CF79D47995D7CDB5745F601D859F
- 32: FF3FEE866339B01DD2C1EC0C0E569A458A77DD014AF0CC9C0A8DC52A52133940, BF1AF01F2CB34CBAF1EAB96FBCCB5404
-
-OCB-kasumi (16 byte key)
- 0: , 7B4CE3A5B7284F8B
- 1: F8, 80584D787B7AE753
- 2: D37A, 7BD7B52BE65B995C
- 3: 2D07BF, 6E6E16FDFE808D21
- 4: 9F1A8E7F, 810CDE98B80F2CF2
- 5: C6A7842512, CB6E9709AD7E8545
- 6: 056553F25EE5, 24A74A113D68E373
- 7: C3E0215DEABD43, 80B9F0ABDC207E04
- 8: 38DA7B24B04DDF91, AEEB273DCAE4F743
- 9: 34169FBF64966E0EB8, 1D10D18FC0DF5372
- 10: 5B3A510F1AE97BFCE1EA, 5B1342A77724DBF7
- 11: 39D1B5067E584E59BB6603, 38EDA20D46B2563D
- 12: AC2DD02E2406D7D8175EB308, AE7DCB1AE6188975
- 13: B0623EDBC20FEBEDF9B4AB70E6, E218732D221A04A4
- 14: 82F57A435A92E28B56F4EF5E7EA8, CC5842752D089C26
- 15: F2D54E3B9022AB32F668AD5A20D050, D811DF3DE76089FF
- 16: 1CAC13A538AFC64D9747226AC23F072C, 2DF49C64213B35B9
-
-OCB-multi2 (40 byte key)
- 0: , 70A2AD75028C8B3E
- 1: 3E, 76BE76B249142049
- 2: 5C21, E31CDBD0ED6B864D
- 3: 62BC9F, F1124FC4C9C82617
- 4: BB5AC85A, 97035E20D4FFEC81
- 5: 500D9D05E3, 86D5EC5AD1D55434
- 6: 5179B8442E46, 432EAB80B938A00E
- 7: 361000D13C364B, 5ADB3F9FD65EC776
- 8: 5C5BD790B927CBE4, F6ED8E9D330FD37E
- 9: 2020DD735C5D7B4739, F98DEFD6A8368E1F
- 10: 008A8548790A3582C2AC, 041C4E2FA196390C
- 11: E6409403D3E2E4385EE54E, 25AE9113A0E7A3EF
- 12: E23E598908C755FCF9D51E39, 21BF8C9F319FB44F
- 13: C1F13F46FF04717C7E54FFBDC7, E7D8CDF40A1D78A5
- 14: 27721EB66D4F6362308B96DD9895, A374C96FCA94C809
- 15: 1A393F94CB9ACD3BB93D8766C63569, 45A090303B71D35D
- 16: BCC0498FB13CEE8A615FF6409EDF1707, 9589A4CBC481A455
-
-OCB-camellia (16 byte key)
- 0: , 6972CC27A9711EAE6654851AB8E0C53F
- 1: A2, 208D783961FD532E14376B4EE904FE52
- 2: 1177, C7CC74015F7EDD9A72F7435494D8A050
- 3: 0F8502, F1A708AA0F485A554E2E76592CD9D7F4
- 4: 9986180B, D47186A8B539F890824DEBA223861ACD
- 5: C0FF4519C3, 4430A9453016E4974CFB5380A1F3E95F
- 6: 2AC54E3E6A0B, 6E320BE8DAF4BA0462A57BECC574740F
- 7: 846053E1A37A6A, 5B91B680B92517781DC362C2F3E144E4
- 8: CCB09ECFF76EEE2C, F91E7E245F4C8A404F3ECC7DE49261C3
- 9: E049E2AA271388106E, 8C6981A160D831F4DC57FACE5ACCF006
- 10: 761782341D52BA8AD12F, 672DC4B06DBBCED80381CE4845757F0B
- 11: 92AD781DEC4549940265C6, DB04CAABC54E71FE1A9C41DF1ED5C52E
- 12: D507B77EEE9BE07EAD700143, B3EFCC0B27DC85166E04E7BC39E45C58
- 13: 5AA1AD6B9CAE3001D4C1CC4048, 424D8A22F7B9ADA30AAC0C1D3D4E77F9
- 14: C69E96F7A4B9A6F0F2C7EFA72C26, 678144F802AE9DD83D11877779B48972
- 15: E2596B3FE48EF6EC50D857C8B4E3F4, DDB3BD2B8AB2FA71C7F56C8E57AFF2C2
- 16: D81664A002E03A75E08CF16EE7670E97, B56A0B0955E15E62C557C6E66782AF4C
- 17: A8F2696A972A87C784FDC775439470D822, 36E3AD03CB18002A17D49E466CE64814
- 18: C2B537D807BD1ACA734AA072D9C2B836F588, 449B05D145666D1E5A92E204FC3507D7
- 19: D5418F1288BFA7D39D23B3C6ECF797397D3D44, B0CFBA612544B8AB159E9D4AD1FFB3D4
- 20: 2F9522460182291C6F264308E0363B9FE312E517, 1EE4CB38075B67463FB9DE26DF9D581C
- 21: DF2881568BECA504A66E4B15BEA58AE6E99D0270E6, 3283D46803FC33098BB262FC1D2B2157
- 22: 4B0083A4CF7E166C8466A5B991AD0CDF71F9DF010EE7, 7C91D9A5DF6C76CB02D83D8C7F3D8D07
- 23: AC0457474B4193647D62906BD08D8C8EB32BE151555B68, 0A448FF3C468D7CDC945724172CEB66F
- 24: E6E7786EBECDC296F072CD66C89141C700DE2A8B5DBF6549, 68ACCB5FEC04717FB21FF3B46A34BC74
- 25: 860865770047A9798D90C9365E9C9F8210CB804D785D65E2C0, A58F22FFC4CBFE3BBA451BE4B3B95723
- 26: F157588B4F98D798E6850D8F04ABF9905C1BBB2D055ADE1EA424, D6960C1EA6DAF225366374333D38EBDB
- 27: DE3431977821BC861CD88E4236BCAAAFFE3C894607498FB8D68746, A3D23729464BD38338F4AC5B4D9F5C81
- 28: 3F2F0AB546E118B76B937D539806DC02D02A5D42D64926A9E1101D66, 3C0D2D23F5DAF7D36DDC0F87B4163F42
- 29: 3F9FFAE1D7BC62BB80A2FA2728FC33FF02E26CB9F52EA8D03FFE95A49A, 96B45B3F946E629ED974EFA7B66F5DDF
- 30: A398B66C8425CE9E8A6BF5AB900CEA1EAE811E06AC7BC0D69A53FB2015BB, F83411C72B7DB201B254565D1DD8D1BF
- 31: 9C760ED6C10A80C52F092ED20AB1D03A52427B6235F3C7FE7541033AACDD74, 8AB98FCA89D1245B177E0AC06E083024
- 32: C38F260587B3BA9919601BD0A56909FB36ABCEB8968D08DD6B74F1EF5ED7065C, E357D0D56124276790DACA38D95792BB
-
-OCB-idea (16 byte key)
- 0: , BDB7AEE81A437AD8
- 1: 20, 98EC8CAA4544B41E
- 2: CF69, 33A6414FBC482456
- 3: 25723A, DA6DE676482C6607
- 4: E4220FC6, F67538CEA28002AE
- 5: E440418489, A21E9F1D15F44038
- 6: 886944E0CF10, 2EF54D278B08DE7D
- 7: 5088BF9EFA7E6E, 8443C572C85AF187
- 8: 0D6765F689BF0BE5, 7E658DF3FA677FD0
- 9: D5D02EDEB67AC6E573, 1B1568BC59905994
- 10: 0C6BDA63A6EF19AE4A3F, 6FA765B6906E5B8B
- 11: C58013FE24604DCD40611D, 58A5351EA8CADBC4
- 12: DB78CF844EA91A3F7CCF1478, F9B6EC2F22888C12
- 13: 4329E9812856B9A80297CC95C7, 46A1DE8C53B6A1A4
- 14: 6D1CD2DF838697CACCDB28376973, A587EE5CE2351348
- 15: 21C3BCB256DBFC0B472F30A6D469CA, 3ADD0D84695C5B14
- 16: BE073E735F86AFA6D3A4F56C914D5EB8, 07921F5BA6E9F250
-
-OCB-serpent (16 byte key)
- 0: , D9490CE405238D17C036B3E5DF4DFC7F
- 1: DB, 44C1E20A0467B693019DFBA21EAF9035
- 2: A343, 2E20DAB7135E395AA3FF227959A70610
- 3: CB7E24, EE8FAA34CA9C43CFB24061B79DE82C70
- 4: F9BCE9E7, B6A48414BED23D37F99FED990A3A0B14
- 5: 2D3FB0FEA0, 06700497ABDC995F781771CCEAC341B7
- 6: 0C1BAB99858B, E4EB74D56565A50D16CF91D9872B702E
- 7: 72CEBD89561A1D, 8FCC39F07C721EC8C92AEEA3C4BE845F
- 8: A6CC972273DAF3E8, 099BDEA86D5CB994285A7AB9BC59EAC7
- 9: 0ED1E78C9A39377377, C969C9583F3CCE5799630C5450BE9134
- 10: F68611B69D657B6D6DC4, 893C25068299C5F6305411E3A9199616
- 11: 7402BE21EEE415AA5438F8, 01916E4C573FF695CFEC41C7F29EA1CC
- 12: 125918FFB1902AC3F4F81265, F3EA4E417E4DA6B8BDCCC8BD4E87FE27
- 13: 01C2E839EB6C4CFFFF4856C97C, B57A6FB6918F8E11113E449D75CF638F
- 14: 708B33704EB6E379FEC223371C74, 44EC0A795B2E604D29B8E917A73EAC29
- 15: A45EEE44431E19F61B5E4D257B7BDD, E42E3A6D212B42595E39E5A6E14B0C43
- 16: F23AD7425EB8D3CE0FAFDCBEF52A1962, 5C6BD772DD1DE0070391A9BF63D0913D
- 17: 9B40D36F988B6F105380C7C949EDB1F379, 78FC67EEC03CE078A72977801B75DA52
- 18: 9A894DFCA373610C48ED16149CE0D84E2939, D2E05400320F61FDAF1729F5505B513F
- 19: 47CE7BBF27734E7C480CD4F9DD69F4B3E11223, 07C22A4DCCB71372A12ABB0ED2C5EAD3
- 20: 61F7F55DD6DC89472728E54C53CCC7034922EC7C, 490D005087FF9ACB5211FE2E40D3B5B7
- 21: DE27EBD9891828F422321C96BA900026F4033A1B98, E8C33743F34494061455F0F5A104F218
- 22: D73F22E0BBE04F9B7537DB5A8B35D9B978AC45B1DCA0, 3271FA71E989D845EEB7E76755A68CB0
- 23: F61DC254C28E7CEA0B526D9E4BF0E6C554A09251BC0BAA, FA74560634DDAD5F56B8842B2E49EFE8
- 24: 6155A4D65C03F0AB2665FC65408FDD29276C4D3B6E957CCE, E41DCA2C8D3601AD9C344BE53334F8A7
- 25: 9C4487CC097FF24A45502A9A3C0F7A2134235EDB2108ED470A, C28CB7100F45C6D87B0CE1682871761D
- 26: 0CB17A181F579A62B28A1171B1C3AF8A275C8D99D6AF95A3514A, 33BB5B063092B223A40C310B98B8FDE9
- 27: A5D0455E5E4C3DE2009A774F055F5DDAFFDC89A25872E99DCB1E75, 19488A3644BBF9BB621E80ED45EB826D
- 28: F4A054D11AD6B2A3A7F7A4EF40A09243373F4C151320464A0A9A9E06, 272D1709AA49838DEDA8F78D9878CD4F
- 29: 83EFF58C64BFCD1CB5DD0F6D040B8ACFE6C8992E14605FCCCFF142D0AC, 5BE7739321D83A5E4CC9AB5FA6D56966
- 30: E12A3514CBF30326E5078B8117678823E6AFA8F3A78FEAF06C5B1508CEA0, 301B3BE76675FD30209EEA086BB40CD8
- 31: 77E2B65956B52BD90E90081F389BBFC8D4550FBCC74B6469C5CE98FC093A0F, C43272FD03A35AE4D9AF467CD7811F1D
- 32: 77E116BE37F8153D717F3F19DEFD045C2E8CAC499295B9EE6A95A3509D4CBC47, A0406E2C09C510AB5A9E5A5B20B0C306
-
-OCB-tea (16 byte key)
- 0: , 1A6D3BE15B6C879D
- 1: B5, 91A035C7871CCF11
- 2: AEB1, C715E399C46D9DD1
- 3: 2B3273, 2F8BD77A9E036FA5
- 4: 5C009E43, 1CDEEEA46EEAE63F
- 5: 8E07B56FEB, 2A486014BEDC6B01
- 6: F2D5B9842DE7, 1734AB18A976BACB
- 7: C49F333DFA40A8, 007BEE13E4B1151F
- 8: 4A99C75688B0DBA8, 2BB62A22623A02B3
- 9: 1E1175070E0C9EBBE5, B9750E34056F00AF
- 10: D066C7016D6458538A33, C8301F29178F512D
- 11: 6B036FFB0C6636135ADC66, 48967AD3659260BA
- 12: 3018AB281C87CA4185A53207, 4F043FB366001F3C
- 13: 93DA80463817D8A43B5D59133C, E95DE5587B95E6AC
- 14: C1389108A40292097F489603BF2D, 8E56A1F7B04194EB
- 15: 36E512F52335419EB6DAD9CB9C40BC, F0498560CD814C62
- 16: 2381E281D648AFF1ABB7D65B9AE41B35, EEC952B027B9A81D
-
diff --git a/sources.cmake b/sources.cmake
index a192ed391..19162d1ed 100644
--- a/sources.cmake
+++ b/sources.cmake
@@ -62,17 +62,6 @@ src/encauth/gcm/gcm_mult_h.c
src/encauth/gcm/gcm_process.c
src/encauth/gcm/gcm_reset.c
src/encauth/gcm/gcm_test.c
-src/encauth/ocb/ocb_decrypt.c
-src/encauth/ocb/ocb_decrypt_verify_memory.c
-src/encauth/ocb/ocb_done_decrypt.c
-src/encauth/ocb/ocb_done_encrypt.c
-src/encauth/ocb/ocb_encrypt.c
-src/encauth/ocb/ocb_encrypt_authenticate_memory.c
-src/encauth/ocb/ocb_init.c
-src/encauth/ocb/ocb_ntz.c
-src/encauth/ocb/ocb_shift_xor.c
-src/encauth/ocb/ocb_test.c
-src/encauth/ocb/s_ocb_done.c
src/encauth/ocb3/ocb3_add_aad.c
src/encauth/ocb3/ocb3_decrypt.c
src/encauth/ocb3/ocb3_decrypt_last.c
diff --git a/src/encauth/ocb/ocb_decrypt.c b/src/encauth/ocb/ocb_decrypt.c
deleted file mode 100644
index 98f36e48a..000000000
--- a/src/encauth/ocb/ocb_decrypt.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_decrypt.c
- OCB implementation, decrypt data, by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Decrypt a block with OCB.
- @param ocb The OCB state
- @param ct The ciphertext (length of the block size of the block cipher)
- @param pt [out] The plaintext (length of ct)
- @return CRYPT_OK if successful
-*/
-int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
-{
- unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
- int err, x;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
-
- /* can't use a encrypt-only descriptor */
- LTC_ARGCHK(cipher_descriptor[ocb->key.cipher].ecb_decrypt != NULL);
-
- /* Get Z[i] value */
- ocb_shift_xor(ocb, Z);
-
- /* xor ct in, encrypt, xor Z out */
- for (x = 0; x < ocb->block_len; x++) {
- tmp[x] = ct[x] ^ Z[x];
- }
- if ((err = ecb_decrypt_block(tmp, pt, &ocb->key)) != CRYPT_OK) {
- return err;
- }
- for (x = 0; x < ocb->block_len; x++) {
- pt[x] ^= Z[x];
- }
-
- /* compute checksum */
- for (x = 0; x < ocb->block_len; x++) {
- ocb->checksum[x] ^= pt[x];
- }
-
-
-#ifdef LTC_CLEAN_STACK
- zeromem(Z, sizeof(Z));
- zeromem(tmp, sizeof(tmp));
-#endif
- return CRYPT_OK;
-}
-
-#endif
-
diff --git a/src/encauth/ocb/ocb_decrypt_verify_memory.c b/src/encauth/ocb/ocb_decrypt_verify_memory.c
deleted file mode 100644
index 0f4dcb78a..000000000
--- a/src/encauth/ocb/ocb_decrypt_verify_memory.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_decrypt_verify_memory.c
- OCB implementation, helper to decrypt block of memory, by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Decrypt and compare the tag with OCB.
- @param cipher The index of the cipher desired
- @param key The secret key
- @param keylen The length of the secret key (octets)
- @param nonce The session nonce (length of the block size of the block cipher)
- @param ct The ciphertext
- @param ctlen The length of the ciphertext (octets)
- @param pt [out] The plaintext
- @param tag The tag to compare against
- @param taglen The length of the tag (octets)
- @param stat [out] The result of the tag comparison (1==valid, 0==invalid)
- @return CRYPT_OK if successful regardless of the tag comparison
-*/
-int ocb_decrypt_verify_memory(int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce,
- const unsigned char *ct, unsigned long ctlen,
- unsigned char *pt,
- const unsigned char *tag, unsigned long taglen,
- int *stat)
-{
- int err;
- ocb_state *ocb;
-
- LTC_ARGCHK(key != NULL);
- LTC_ARGCHK(nonce != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(stat != NULL);
-
- /* allocate memory */
- ocb = XMALLOC(sizeof(ocb_state));
- if (ocb == NULL) {
- return CRYPT_MEM;
- }
-
- if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- while (ctlen > (unsigned long)ocb->block_len) {
- if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- ctlen -= ocb->block_len;
- pt += ocb->block_len;
- ct += ocb->block_len;
- }
-
- err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, stat);
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(ocb, sizeof(ocb_state));
-#endif
-
- XFREE(ocb);
-
- return err;
-}
-
-#endif
diff --git a/src/encauth/ocb/ocb_done_decrypt.c b/src/encauth/ocb/ocb_done_decrypt.c
deleted file mode 100644
index 3d516c9b9..000000000
--- a/src/encauth/ocb/ocb_done_decrypt.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_done_decrypt.c
- OCB implementation, terminate decryption, by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Terminate a decrypting OCB state
- @param ocb The OCB state
- @param ct The ciphertext (if any)
- @param ctlen The length of the ciphertext (octets)
- @param pt [out] The plaintext
- @param tag The authentication tag (to compare against)
- @param taglen The length of the authentication tag provided
- @param stat [out] The result of the tag comparison
- @return CRYPT_OK if the process was successful regardless if the tag is valid
-*/
-int ocb_done_decrypt(ocb_state *ocb,
- const unsigned char *ct, unsigned long ctlen,
- unsigned char *pt,
- const unsigned char *tag, unsigned long taglen, int *stat)
-{
- int err;
- unsigned char *tagbuf;
- unsigned long tagbuflen;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(stat != NULL);
-
- /* default to failed */
- *stat = 0;
-
- /* allocate memory */
- tagbuf = XMALLOC(MAXBLOCKSIZE);
- if (tagbuf == NULL) {
- return CRYPT_MEM;
- }
-
- tagbuflen = MAXBLOCKSIZE;
- if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- if (taglen <= tagbuflen && XMEM_NEQ(tagbuf, tag, taglen) == 0) {
- *stat = 1;
- }
-
- err = CRYPT_OK;
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(tagbuf, MAXBLOCKSIZE);
-#endif
-
- XFREE(tagbuf);
-
- return err;
-}
-
-#endif
-
diff --git a/src/encauth/ocb/ocb_done_encrypt.c b/src/encauth/ocb/ocb_done_encrypt.c
deleted file mode 100644
index 5cd39adc4..000000000
--- a/src/encauth/ocb/ocb_done_encrypt.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_done_encrypt.c
- OCB implementation, terminate encryption, by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Terminate an encryption OCB state
- @param ocb The OCB state
- @param pt Remaining plaintext (if any)
- @param ptlen The length of the plaintext (octets)
- @param ct [out] The ciphertext (if any)
- @param tag [out] The tag for the OCB stream
- @param taglen [in/out] The max size and resulting size of the tag
- @return CRYPT_OK if successful
-*/
-int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct, unsigned char *tag, unsigned long *taglen)
-{
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(taglen != NULL);
- return s_ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
-}
-
-#endif
-
diff --git a/src/encauth/ocb/ocb_encrypt.c b/src/encauth/ocb/ocb_encrypt.c
deleted file mode 100644
index a38765a7b..000000000
--- a/src/encauth/ocb/ocb_encrypt.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_encrypt.c
- OCB implementation, encrypt data, by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Encrypt a block of data with OCB.
- @param ocb The OCB state
- @param pt The plaintext (length of the block size of the block cipher)
- @param ct [out] The ciphertext (same size as the pt)
- @return CRYPT_OK if successful
-*/
-int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
-{
- unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
- int err, x;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
-
- /* compute checksum */
- for (x = 0; x < ocb->block_len; x++) {
- ocb->checksum[x] ^= pt[x];
- }
-
- /* Get Z[i] value */
- ocb_shift_xor(ocb, Z);
-
- /* xor pt in, encrypt, xor Z out */
- for (x = 0; x < ocb->block_len; x++) {
- tmp[x] = pt[x] ^ Z[x];
- }
- if ((err = ecb_encrypt_block(tmp, ct, &ocb->key)) != CRYPT_OK) {
- return err;
- }
- for (x = 0; x < ocb->block_len; x++) {
- ct[x] ^= Z[x];
- }
-
-#ifdef LTC_CLEAN_STACK
- zeromem(Z, sizeof(Z));
- zeromem(tmp, sizeof(tmp));
-#endif
- return CRYPT_OK;
-}
-
-#endif
diff --git a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c b/src/encauth/ocb/ocb_encrypt_authenticate_memory.c
deleted file mode 100644
index 7560a6e71..000000000
--- a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_encrypt_authenticate_memory.c
- OCB implementation, encrypt block of memory, by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Encrypt and generate an authentication code for a buffer of memory
- @param cipher The index of the cipher desired
- @param key The secret key
- @param keylen The length of the secret key (octets)
- @param nonce The session nonce (length of the block ciphers block size)
- @param pt The plaintext
- @param ptlen The length of the plaintext (octets)
- @param ct [out] The ciphertext
- @param tag [out] The authentication tag
- @param taglen [in/out] The max size and resulting size of the authentication tag
- @return CRYPT_OK if successful
-*/
-int ocb_encrypt_authenticate_memory(int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce,
- const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct,
- unsigned char *tag, unsigned long *taglen)
-{
- int err;
- ocb_state *ocb;
-
- LTC_ARGCHK(key != NULL);
- LTC_ARGCHK(nonce != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(taglen != NULL);
-
- /* allocate ram */
- ocb = XMALLOC(sizeof(ocb_state));
- if (ocb == NULL) {
- return CRYPT_MEM;
- }
-
- if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- while (ptlen > (unsigned long)ocb->block_len) {
- if ((err = ocb_encrypt(ocb, pt, ct)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- ptlen -= ocb->block_len;
- pt += ocb->block_len;
- ct += ocb->block_len;
- }
-
- err = ocb_done_encrypt(ocb, pt, ptlen, ct, tag, taglen);
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(ocb, sizeof(ocb_state));
-#endif
-
- XFREE(ocb);
-
- return err;
-}
-
-#endif
diff --git a/src/encauth/ocb/ocb_init.c b/src/encauth/ocb/ocb_init.c
deleted file mode 100644
index 9460e4044..000000000
--- a/src/encauth/ocb/ocb_init.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_init.c
- OCB implementation, initialize state, by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-#define polys ocb_polys
-static const struct {
- int len;
- unsigned char poly_div[MAXBLOCKSIZE],
- poly_mul[MAXBLOCKSIZE];
-} polys[] = {
-{
- 8,
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B }
-}, {
- 16,
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 }
-}
-};
-
-/**
- Initialize an OCB context.
- @param ocb [out] The destination of the OCB state
- @param cipher The index of the desired cipher
- @param key The secret key
- @param keylen The length of the secret key (octets)
- @param nonce The session nonce (length of the block size of the cipher)
- @return CRYPT_OK if successful
-*/
-int ocb_init(ocb_state *ocb, int cipher,
- const unsigned char *key, unsigned long keylen, const unsigned char *nonce)
-{
- int poly, x, y, m, err;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(key != NULL);
- LTC_ARGCHK(nonce != NULL);
-
- /* valid cipher? */
- if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
- return err;
- }
-
- /* determine which polys to use */
- ocb->block_len = cipher_descriptor[cipher].block_length;
- x = (int)LTC_ARRAY_SIZE(polys);
- for (poly = 0; poly < x; poly++) {
- if (polys[poly].len == ocb->block_len) {
- break;
- }
- }
- if (poly == x) {
- return CRYPT_INVALID_ARG; /* block_len not found in polys */
- }
- if (polys[poly].len != ocb->block_len) {
- return CRYPT_INVALID_ARG;
- }
-
- /* schedule the key */
- if ((err = ecb_start(cipher, key, keylen, 0, &ocb->key)) != CRYPT_OK) {
- return err;
- }
-
- /* find L = E[0] */
- zeromem(ocb->L, ocb->block_len);
- if ((err = ecb_encrypt_block(ocb->L, ocb->L, &ocb->key)) != CRYPT_OK) {
- return err;
- }
-
- /* find R = E[N xor L] */
- for (x = 0; x < ocb->block_len; x++) {
- ocb->R[x] = ocb->L[x] ^ nonce[x];
- }
- if ((err = ecb_encrypt_block(ocb->R, ocb->R, &ocb->key)) != CRYPT_OK) {
- return err;
- }
-
- /* find Ls[i] = L << i for i == 0..31 */
- XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len);
- for (x = 1; x < 32; x++) {
- m = ocb->Ls[x-1][0] >> 7;
- for (y = 0; y < ocb->block_len-1; y++) {
- ocb->Ls[x][y] = ((ocb->Ls[x-1][y] << 1) | (ocb->Ls[x-1][y+1] >> 7)) & 255;
- }
- ocb->Ls[x][ocb->block_len-1] = (ocb->Ls[x-1][ocb->block_len-1] << 1) & 255;
-
- if (m == 1) {
- for (y = 0; y < ocb->block_len; y++) {
- ocb->Ls[x][y] ^= polys[poly].poly_mul[y];
- }
- }
- }
-
- /* find Lr = L / x */
- m = ocb->L[ocb->block_len-1] & 1;
-
- /* shift right */
- for (x = ocb->block_len - 1; x > 0; x--) {
- ocb->Lr[x] = ((ocb->L[x] >> 1) | (ocb->L[x-1] << 7)) & 255;
- }
- ocb->Lr[0] = ocb->L[0] >> 1;
-
- if (m == 1) {
- for (x = 0; x < ocb->block_len; x++) {
- ocb->Lr[x] ^= polys[poly].poly_div[x];
- }
- }
-
- /* set Li, checksum */
- zeromem(ocb->Li, ocb->block_len);
- zeromem(ocb->checksum, ocb->block_len);
-
- /* set other params */
- ocb->block_index = 1;
-
- return CRYPT_OK;
-}
-
-#undef polys
-
-#endif
diff --git a/src/encauth/ocb/ocb_ntz.c b/src/encauth/ocb/ocb_ntz.c
deleted file mode 100644
index bf933fd94..000000000
--- a/src/encauth/ocb/ocb_ntz.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_ntz.c
- OCB implementation, internal function, by Tom St Denis
-*/
-
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Returns the number of leading zero bits [from lsb up]
- @param x The 32-bit value to observe
- @return The number of bits [from the lsb up] that are zero
-*/
-int ocb_ntz(unsigned long x)
-{
-#if defined(LTC_HAVE_CTZL_BUILTIN)
- if (x == 0)
- return sizeof(unsigned long) * CHAR_BIT;
- return __builtin_ctzl(x);
-#else
- int c;
- x &= 0xFFFFFFFFUL;
- c = 0;
- while ((x & 1) == 0) {
- ++c;
- x >>= 1;
- }
- return c;
-#endif
-}
-
-#endif
diff --git a/src/encauth/ocb/ocb_shift_xor.c b/src/encauth/ocb/ocb_shift_xor.c
deleted file mode 100644
index 2f7bb3b88..000000000
--- a/src/encauth/ocb/ocb_shift_xor.c
+++ /dev/null
@@ -1,27 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_shift_xor.c
- OCB implementation, internal function, by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Compute the shift/xor for OCB (internal function)
- @param ocb The OCB state
- @param Z The destination of the shift
-*/
-void ocb_shift_xor(ocb_state *ocb, unsigned char *Z)
-{
- int x, y;
- y = ocb_ntz(ocb->block_index++);
- for (x = 0; x < ocb->block_len; x++) {
- ocb->Li[x] ^= ocb->Ls[y][x];
- Z[x] = ocb->Li[x] ^ ocb->R[x];
- }
-}
-
-#endif
diff --git a/src/encauth/ocb/ocb_test.c b/src/encauth/ocb/ocb_test.c
deleted file mode 100644
index c1ea9a8f0..000000000
--- a/src/encauth/ocb/ocb_test.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file ocb_test.c
- OCB implementation, self-test by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Test the OCB protocol
- @return CRYPT_OK if successful
-*/
-int ocb_test(void)
-{
-#ifndef LTC_TEST
- return CRYPT_NOP;
-#else
- static const struct {
- int ptlen;
- unsigned char key[16], nonce[16], pt[34], ct[34], tag[16];
- } tests[] = {
-
- /* OCB-AES-128-0B */
-{
- 0,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0 },
- /* ct */
- { 0 },
- /* tag */
- { 0x15, 0xd3, 0x7d, 0xd7, 0xc8, 0x90, 0xd5, 0xd6,
- 0xac, 0xab, 0x92, 0x7b, 0xc0, 0xdc, 0x60, 0xee },
-},
-
-
- /* OCB-AES-128-3B */
-{
- 3,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02 },
- /* ct */
- { 0xfc, 0xd3, 0x7d },
- /* tag */
- { 0x02, 0x25, 0x47, 0x39, 0xa5, 0xe3, 0x56, 0x5a,
- 0xe2, 0xdc, 0xd6, 0x2c, 0x65, 0x97, 0x46, 0xba },
-},
-
- /* OCB-AES-128-16B */
-{
- 16,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* ct */
- { 0x37, 0xdf, 0x8c, 0xe1, 0x5b, 0x48, 0x9b, 0xf3,
- 0x1d, 0x0f, 0xc4, 0x4d, 0xa1, 0xfa, 0xf6, 0xd6 },
- /* tag */
- { 0xdf, 0xb7, 0x63, 0xeb, 0xdb, 0x5f, 0x0e, 0x71,
- 0x9c, 0x7b, 0x41, 0x61, 0x80, 0x80, 0x04, 0xdf },
-},
-
- /* OCB-AES-128-20B */
-{
- 20,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13 },
- /* ct */
- { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
- 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
- 0x70, 0x03, 0xeb, 0x55},
- /* tag */
- { 0x75, 0x30, 0x84, 0x14, 0x4e, 0xb6, 0x3b, 0x77,
- 0x0b, 0x06, 0x3c, 0x2e, 0x23, 0xcd, 0xa0, 0xbb },
-},
-
- /* OCB-AES-128-32B */
-{
- 32,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
- /* ct */
- { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
- 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
- 0x4a, 0xfc, 0xbb, 0x7f, 0xed, 0xc0, 0x8c, 0xa8,
- 0x65, 0x4c, 0x6d, 0x30, 0x4d, 0x16, 0x12, 0xfa },
-
- /* tag */
- { 0xc1, 0x4c, 0xbf, 0x2c, 0x1a, 0x1f, 0x1c, 0x3c,
- 0x13, 0x7e, 0xad, 0xea, 0x1f, 0x2f, 0x2f, 0xcf },
-},
-
- /* OCB-AES-128-34B */
-{
- 34,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21 },
- /* ct */
- { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
- 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
- 0xd4, 0x90, 0x3d, 0xd0, 0x02, 0x5b, 0xa4, 0xaa,
- 0x83, 0x7c, 0x74, 0xf1, 0x21, 0xb0, 0x26, 0x0f,
- 0xa9, 0x5d },
-
- /* tag */
- { 0xcf, 0x83, 0x41, 0xbb, 0x10, 0x82, 0x0c, 0xcf,
- 0x14, 0xbd, 0xec, 0x56, 0xb8, 0xd7, 0xd6, 0xab },
-},
-
-};
-
- int err, x, idx, res;
- unsigned long len;
- unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE], outpt[MAXBLOCKSIZE];
-
- /* AES can be under rijndael or aes... try to find it */
- if ((idx = find_cipher("aes")) == -1) {
- if ((idx = find_cipher("rijndael")) == -1) {
- return CRYPT_NOP;
- }
- }
-
- for (x = 0; x < (int)LTC_ARRAY_SIZE(tests); x++) {
- len = sizeof(outtag);
- if ((err = ocb_encrypt_authenticate_memory(idx, tests[x].key, 16,
- tests[x].nonce, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) {
- return err;
- }
-
- if (ltc_compare_testvector(outtag, len, tests[x].tag, sizeof(tests[x].tag), "OCB Tag", x) ||
- ltc_compare_testvector(outct, tests[x].ptlen, tests[x].ct, tests[x].ptlen, "OCB CT", x)) {
- return CRYPT_FAIL_TESTVECTOR;
- }
-
- /* Decrypt with separate input and output buffers. Historically
- * s_ocb_done() had an aliasing bug in its decrypt path that only
- * surfaced when ct and pt were distinct buffers (the earlier
- * in-place call below masked it). Run this case first so it is
- * exercised on every test vector.
- */
- XMEMSET(outpt, 0, sizeof(outpt));
- if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen,
- outpt, tests[x].tag, len, &res)) != CRYPT_OK) {
- return err;
- }
- if ((res != 1) || ltc_compare_testvector(outpt, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB separate-buffer", x)) {
-#ifdef LTC_TEST_DBG
- printf("\n\nOCB: Failure-decrypt (separate buffers) - res = %d\n", res);
-#endif
- return CRYPT_FAIL_TESTVECTOR;
- }
-
- /* Also exercise the in-place form for backward compatibility. */
- if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen,
- outct, tests[x].tag, len, &res)) != CRYPT_OK) {
- return err;
- }
- if ((res != 1) || ltc_compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB", x)) {
-#ifdef LTC_TEST_DBG
- printf("\n\nOCB: Failure-decrypt - res = %d\n", res);
-#endif
- return CRYPT_FAIL_TESTVECTOR;
- }
- }
- return CRYPT_OK;
-#endif /* LTC_TEST */
-}
-
-#endif /* LTC_OCB_MODE */
-
-
-/* some comments
-
- -- it's hard to seek
- -- hard to stream [you can't emit ciphertext until full block]
- -- The setup is somewhat complicated...
-*/
diff --git a/src/encauth/ocb/s_ocb_done.c b/src/encauth/ocb/s_ocb_done.c
deleted file mode 100644
index a889372db..000000000
--- a/src/encauth/ocb/s_ocb_done.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
-/* SPDX-License-Identifier: Unlicense */
-
-/**
- @file s_ocb_done.c
- OCB implementation, internal helper, by Tom St Denis
-*/
-#include "tomcrypt_private.h"
-
-#ifdef LTC_OCB_MODE
-
-/* Since the last block is encrypted in CTR mode the same code can
- * be used to finish a decrypt or encrypt stream. The only difference
- * is we XOR the final ciphertext into the checksum so we have to xor it
- * before we CTR [decrypt] or after [encrypt]
- *
- * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it...
- */
-
-/**
- Shared code to finish an OCB stream
- @param ocb The OCB state
- @param pt The remaining plaintext [or input]
- @param ptlen The length of the input (octets)
- @param ct [out] The output buffer
- @param tag [out] The destination for the authentication tag
- @param taglen [in/out] The max size and resulting size of the authentication tag
- @param mode The mode we are terminating, 0==encrypt, 1==decrypt
- @return CRYPT_OK if successful
-*/
-int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
-
-{
- unsigned char *Z, *Y, *X;
- int err, x;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(taglen != NULL);
- if ((int)ptlen > ocb->block_len || (int)ptlen < 0) {
- return CRYPT_INVALID_ARG;
- }
-
- /* allocate ram */
- Z = XMALLOC(MAXBLOCKSIZE);
- Y = XMALLOC(MAXBLOCKSIZE);
- X = XMALLOC(MAXBLOCKSIZE);
- if (X == NULL || Y == NULL || Z == NULL) {
- if (X != NULL) {
- XFREE(X);
- }
- if (Y != NULL) {
- XFREE(Y);
- }
- if (Z != NULL) {
- XFREE(Z);
- }
- return CRYPT_MEM;
- }
-
- /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */
- ocb_shift_xor(ocb, X);
- XMEMCPY(Z, X, ocb->block_len);
-
- X[ocb->block_len-1] ^= (ptlen*8)&255;
- X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255;
- for (x = 0; x < ocb->block_len; x++) {
- X[x] ^= ocb->Lr[x];
- }
-
- /* Y[m] = E(X[m])) */
- if ((err = ecb_encrypt_block(X, Y, &ocb->key)) != CRYPT_OK) {
- goto error;
- }
-
- if (mode == 1) {
- /* decrypt mode: xor C[m] into checksum. The function's parameter
- * names are misleading (see header comment) -- in decrypt mode the
- * input ciphertext lives in `pt` (not `ct`), and `ct` is the output
- * plaintext buffer that has not been written yet. Reading from `ct`
- * here only happens to work when the caller aliases the input and
- * output buffers (in-place decryption); with separate buffers the
- * checksum is computed against uninitialised memory and the tag
- * verification fails. Use `pt` (the input parameter) so the code
- * works for both in-place and separate-buffer callers.
- */
- for (x = 0; x < (int)ptlen; x++) {
- ocb->checksum[x] ^= pt[x];
- }
- }
-
- /* C[m] = P[m] xor Y[m] */
- for (x = 0; x < (int)ptlen; x++) {
- ct[x] = pt[x] ^ Y[x];
- }
-
- if (mode == 0) {
- /* encrypt mode */
- /* xor C[m] into checksum */
- for (x = 0; x < (int)ptlen; x++) {
- ocb->checksum[x] ^= ct[x];
- }
- }
-
- /* xor Y[m] and Z[m] into checksum */
- for (x = 0; x < ocb->block_len; x++) {
- ocb->checksum[x] ^= Y[x] ^ Z[x];
- }
-
- /* encrypt checksum, er... tag!! */
- if ((err = ecb_encrypt_block(ocb->checksum, X, &ocb->key)) != CRYPT_OK) {
- goto error;
- }
- ecb_done(&ocb->key);
-
- /* now store it */
- for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) {
- tag[x] = X[x];
- }
- *taglen = x;
-
-#ifdef LTC_CLEAN_STACK
- zeromem(X, MAXBLOCKSIZE);
- zeromem(Y, MAXBLOCKSIZE);
- zeromem(Z, MAXBLOCKSIZE);
- zeromem(ocb, sizeof(*ocb));
-#endif
-error:
- XFREE(X);
- XFREE(Y);
- XFREE(Z);
-
- return err;
-}
-
-#endif
-
diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h
index ed1440082..45072b69a 100644
--- a/src/headers/tomcrypt_custom.h
+++ b/src/headers/tomcrypt_custom.h
@@ -303,7 +303,6 @@
#define LTC_EAX_MODE
-#define LTC_OCB_MODE
#define LTC_OCB3_MODE
#define LTC_CCM_MODE
#define LTC_GCM_MODE
@@ -747,7 +746,7 @@
#error LTC_ECB_MODE not defined, but all other modes depend on it
#endif
#if defined(LTC_OMAC) || defined(LTC_PMAC) || defined(LTC_XCBC) || defined(LTC_F9_MODE) || defined(LTC_EAX_MODE) || \
- defined(LTC_OCB_MODE) || defined(LTC_OCB3_MODE) || defined(LTC_CCM_MODE) || defined(LTC_GCM_MODE) )
+ defined(LTC_OCB3_MODE) || defined(LTC_CCM_MODE) || defined(LTC_GCM_MODE) )
#error LTC_ECB_MODE not defined, but most MAC and AEAD modes depend on it
#endif
#endif
diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h
index 2e067bc87..103d34b83 100644
--- a/src/headers/tomcrypt_mac.h
+++ b/src/headers/tomcrypt_mac.h
@@ -285,61 +285,6 @@ int eax_decrypt_verify_memory(int cipher,
int eax_test(void);
#endif /* EAX MODE */
-#ifdef LTC_OCB_MODE
-typedef struct {
- unsigned char L[MAXBLOCKSIZE], /* L value */
- Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
- Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
- Lr[MAXBLOCKSIZE], /* L * x^-1 */
- R[MAXBLOCKSIZE], /* R value */
- checksum[MAXBLOCKSIZE]; /* current checksum */
-
- symmetric_ECB key; /* scheduled key for cipher */
- unsigned long block_index; /* index # for current block */
- int block_len; /* length of block */
-} ocb_state;
-
-int ocb_init(ocb_state *ocb, int cipher,
- const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
-
-int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
-int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
-
-int ocb_done_encrypt(ocb_state *ocb,
- const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct,
- unsigned char *tag, unsigned long *taglen);
-
-int ocb_done_decrypt(ocb_state *ocb,
- const unsigned char *ct, unsigned long ctlen,
- unsigned char *pt,
- const unsigned char *tag, unsigned long taglen, int *stat);
-
-int ocb_encrypt_authenticate_memory(int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce,
- const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct,
- unsigned char *tag, unsigned long *taglen);
-
-int ocb_decrypt_verify_memory(int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce,
- const unsigned char *ct, unsigned long ctlen,
- unsigned char *pt,
- const unsigned char *tag, unsigned long taglen,
- int *stat);
-
-int ocb_test(void);
-
-/* internal functions */
-void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
-int ocb_ntz(unsigned long x);
-int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
-
-#endif /* LTC_OCB_MODE */
-
#ifdef LTC_OCB3_MODE
typedef struct {
unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */
diff --git a/src/misc/crypt/crypt_sizes.c b/src/misc/crypt/crypt_sizes.c
index 26f2d13fc..47830aed1 100644
--- a/src/misc/crypt/crypt_sizes.c
+++ b/src/misc/crypt/crypt_sizes.c
@@ -206,9 +206,6 @@ static const crypt_size s_crypt_sizes[] = {
#ifdef LTC_EAX_MODE
SZ_STRINGIFY_T(eax_state),
#endif
-#ifdef LTC_OCB_MODE
- SZ_STRINGIFY_T(ocb_state),
-#endif
#ifdef LTC_OCB3_MODE
SZ_STRINGIFY_T(ocb3_state),
#endif
diff --git a/tests/mac_test.c b/tests/mac_test.c
index da1d95372..4e7119029 100644
--- a/tests/mac_test.c
+++ b/tests/mac_test.c
@@ -23,9 +23,6 @@ int mac_test(void)
#ifdef LTC_EAX_MODE
DO(eax_test());
#endif
-#ifdef LTC_OCB_MODE
- DO(ocb_test());
-#endif
#ifdef LTC_OCB3_MODE
DO(ocb3_test());
#endif