From 6896efd110a2828f647ceefac2b03bd821539eb0 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 15 Apr 2026 11:15:00 +0200 Subject: [PATCH 1/4] Update OCB docs regarding patents. Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index fc879fa9a..fb700875b 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -1820,7 +1820,7 @@ \subsection{Preface} OCB is an encryption protocol that simultaneously provides authentication. It is slightly faster to use than EAX mode but is less flexible. -Please be aware that all versions of OCB are patented and there are several licensing models provided by P. Rogaway, the patent holder +All versions of OCB were patented, but have been put into the public domain in 2013 and since then are free to use -- see \url{http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm}. \subsection{OCB} From cf893710faeba8aff124bfdd877d99a002210aef Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 15 Apr 2026 14:00:43 +0200 Subject: [PATCH 2/4] Deprecate OCB v1. Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 214 ++++++++++++++++++------------------- src/headers/tomcrypt_mac.h | 11 ++ 2 files changed, 118 insertions(+), 107 deletions(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index fb700875b..5c486a683 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -1816,6 +1816,7 @@ \subsection{Preface} LibTomCrypt provides support for a mode called OCB in version 1 ''OCB''\footnote{See P. Rogaway, M. Bellare, J. Black, T. Krovetz, \textit{OCB: A Block Cipher Mode of Operation for Efficient Authenticated Encryption}.} +-- which has been deprecated in favor of the standardized version 3 -- and version 3 ''OCB3''\footnote{See RFC7253, T. Krovetz, P. Rogaway, \textit{The OCB Authenticated-Encryption Algorithm}.}. OCB is an encryption protocol that simultaneously provides authentication. It is slightly faster to use than EAX mode but is less flexible. @@ -1823,113 +1824,6 @@ \subsection{Preface} All versions of OCB were patented, but have been put into the public domain in 2013 and since then are free to use -- see \url{http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm}. -\subsection{OCB} -\subsubsection{Initialization and processing} - -Let's review how to initialize an OCB context. - -\index{ocb\_init()} -\begin{verbatim} -int ocb_init( ocb_state *ocb, - int cipher, - const unsigned char *key, - unsigned long keylen, - const unsigned char *nonce); -\end{verbatim} - -This will initialize the \textit{ocb} context using cipher descriptor \textit{cipher}. It will use a \textit{key} of length \textit{keylen} -and the random \textit{nonce}. Note that \textit{nonce} must be a random (public) string the same length as the block ciphers -block size (e.g. 16 bytes for AES). - -This mode has no \textit{Associated Data} like EAX mode does which means you cannot authenticate metadata along with the stream. -To encrypt or decrypt data use the following. - -\index{ocb\_encrypt()} \index{ocb\_decrypt()} -\begin{verbatim} -int ocb_encrypt( ocb_state *ocb, - const unsigned char *pt, - unsigned char *ct); - -int ocb_decrypt( ocb_state *ocb, - const unsigned char *ct, - unsigned char *pt); -\end{verbatim} - -This will encrypt (or decrypt for the latter) a fixed length of data from \textit{pt} to \textit{ct} (vice versa for the latter). -They assume that \textit{pt} and \textit{ct} are the same size as the block cipher's block size. Note that you cannot call -both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb} -states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory. - -\subsubsection{State Termination} - -When you are finished encrypting the message you call the following function to compute the tag. - -\index{ocb\_done\_encrypt()} -\begin{verbatim} -int ocb_done_encrypt( ocb_state *ocb, - const unsigned char *pt, - unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, - unsigned long *taglen); -\end{verbatim} - -This will terminate an encrypt stream \textit{ocb}. If you have trailing bytes of plaintext that will not complete a block -you can pass them here. This will also encrypt the \textit{ptlen} bytes in \textit{pt} and store them in \textit{ct}. It will also -store up to \textit{taglen} bytes of the tag into \textit{tag}. - -Note that \textit{ptlen} must be less than or equal to the block size of block cipher chosen. Also note that if you have -an input message equal to the length of the block size then you pass the data here (not to ocb\_encrypt()) only. - -To terminate a decrypt stream and compared the tag you call the following. - -\index{ocb\_done\_decrypt()} -\begin{verbatim} -int ocb_done_decrypt( ocb_state *ocb, - const unsigned char *ct, - unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, - unsigned long taglen, - int *res); -\end{verbatim} -Similarly to the previous function you can pass trailing message bytes into this function. This will compute the -tag of the message (internally) and then compare it against the \textit{taglen} bytes of \textit{tag} provided. By default -\textit{res} is set to zero. If all \textit{taglen} bytes of \textit{tag} can be verified then \textit{res} is set to one (authenticated -message). - -\subsubsection{Packet Functions} -To make life simpler the following two functions are provided for memory bound OCB. - -%\index{ocb\_encrypt\_authenticate\_memory()} -\begin{verbatim} -int ocb_encrypt_authenticate_memory( - int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); -\end{verbatim} - -This will OCB encrypt the message \textit{pt} of length \textit{ptlen}, and store the ciphertext in \textit{ct}. The length \textit{ptlen} -can be any arbitrary length. - -\index{ocb\_decrypt\_verify\_memory()} -\begin{verbatim} -int ocb_decrypt_verify_memory( - int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *res); -\end{verbatim} - -Similarly, this will OCB decrypt, and compare the internally computed tag against the tag provided. \textit{res} is set -appropriately to \textit{1} if the tag matches or to \textit{0} if it doesn't match. - \subsection{OCB3} \subsubsection{Initialization and processing} @@ -10737,6 +10631,112 @@ \subsection{Extended Verification} rsa_key *key); \end{verbatim} +\subsection{OCB} +\subsubsection{Initialization and processing} + +Let's review how to initialize an OCB context. + +\index{ocb\_init()} +\begin{verbatim} +int ocb_init( ocb_state *ocb, + int cipher, + const unsigned char *key, + unsigned long keylen, + const unsigned char *nonce); +\end{verbatim} + +This will initialize the \textit{ocb} context using cipher descriptor \textit{cipher}. It will use a \textit{key} of length \textit{keylen} +and the random \textit{nonce}. Note that \textit{nonce} must be a random (public) string the same length as the block ciphers +block size (e.g. 16 bytes for AES). + +This mode has no \textit{Associated Data} like EAX mode does which means you cannot authenticate metadata along with the stream. +To encrypt or decrypt data use the following. + +\index{ocb\_encrypt()} \index{ocb\_decrypt()} +\begin{verbatim} +int ocb_encrypt( ocb_state *ocb, + const unsigned char *pt, + unsigned char *ct); + +int ocb_decrypt( ocb_state *ocb, + const unsigned char *ct, + unsigned char *pt); +\end{verbatim} + +This will encrypt (or decrypt for the latter) a fixed length of data from \textit{pt} to \textit{ct} (vice versa for the latter). +They assume that \textit{pt} and \textit{ct} are the same size as the block cipher's block size. Note that you cannot call +both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb} +states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory. + +\subsubsection{State Termination} + +When you are finished encrypting the message you call the following function to compute the tag. + +\index{ocb\_done\_encrypt()} +\begin{verbatim} +int ocb_done_encrypt( ocb_state *ocb, + const unsigned char *pt, + unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, + unsigned long *taglen); +\end{verbatim} + +This will terminate an encrypt stream \textit{ocb}. If you have trailing bytes of plaintext that will not complete a block +you can pass them here. This will also encrypt the \textit{ptlen} bytes in \textit{pt} and store them in \textit{ct}. It will also +store up to \textit{taglen} bytes of the tag into \textit{tag}. + +Note that \textit{ptlen} must be less than or equal to the block size of block cipher chosen. Also note that if you have +an input message equal to the length of the block size then you pass the data here (not to ocb\_encrypt()) only. + +To terminate a decrypt stream and compared the tag you call the following. + +\index{ocb\_done\_decrypt()} +\begin{verbatim} +int ocb_done_decrypt( ocb_state *ocb, + const unsigned char *ct, + unsigned long ctlen, + unsigned char *pt, + const unsigned char *tag, + unsigned long taglen, + int *res); +\end{verbatim} +Similarly to the previous function you can pass trailing message bytes into this function. This will compute the +tag of the message (internally) and then compare it against the \textit{taglen} bytes of \textit{tag} provided. By default +\textit{res} is set to zero. If all \textit{taglen} bytes of \textit{tag} can be verified then \textit{res} is set to one (authenticated +message). + +\subsubsection{Packet Functions} +To make life simpler the following two functions are provided for memory bound OCB. + +%\index{ocb\_encrypt\_authenticate\_memory()} +\begin{verbatim} +int ocb_encrypt_authenticate_memory( + int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, + const unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen); +\end{verbatim} + +This will OCB encrypt the message \textit{pt} of length \textit{ptlen}, and store the ciphertext in \textit{ct}. The length \textit{ptlen} +can be any arbitrary length. + +\index{ocb\_decrypt\_verify\_memory()} +\begin{verbatim} +int ocb_decrypt_verify_memory( + int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, + const unsigned char *ct, unsigned long ctlen, + unsigned char *pt, + const unsigned char *tag, unsigned long taglen, + int *res); +\end{verbatim} + +Similarly, this will OCB decrypt, and compare the internally computed tag against the tag provided. \textit{res} is set +appropriately to \textit{1} if the tag matches or to \textit{0} if it doesn't match. \clearpage \addcontentsline{toc}{chapter}{Index} diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h index 2e067bc87..cfc367973 100644 --- a/src/headers/tomcrypt_mac.h +++ b/src/headers/tomcrypt_mac.h @@ -299,22 +299,28 @@ typedef struct { int block_len; /* length of block */ } ocb_state; +LTC_DEPRECATED(ocb3_init) int ocb_init(ocb_state *ocb, int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *nonce); +LTC_DEPRECATED(ocb3_encrypt) int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct); +LTC_DEPRECATED(ocb3_decrypt) int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt); +LTC_DEPRECATED(ocb3_done) int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct, unsigned char *tag, unsigned long *taglen); +LTC_DEPRECATED(ocb3_done) int ocb_done_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt, const unsigned char *tag, unsigned long taglen, int *stat); +LTC_DEPRECATED(ocb3_encrypt_authenticate_memory) int ocb_encrypt_authenticate_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *nonce, @@ -322,6 +328,7 @@ int ocb_encrypt_authenticate_memory(int cipher, unsigned char *ct, unsigned char *tag, unsigned long *taglen); +LTC_DEPRECATED(ocb3_decrypt_verify_memory) int ocb_decrypt_verify_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *nonce, @@ -330,11 +337,15 @@ int ocb_decrypt_verify_memory(int cipher, const unsigned char *tag, unsigned long taglen, int *stat); +LTC_DEPRECATED(ocb3_test) int ocb_test(void); /* internal functions */ +LTC_DEPRECATED(nothing. API will be removed.) void ocb_shift_xor(ocb_state *ocb, unsigned char *Z); +LTC_DEPRECATED(nothing. API will be removed.) int ocb_ntz(unsigned long x); +LTC_DEPRECATED(nothing. API will be removed.) int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode); From 3089ae3757cb1df24fb3293b9df615104c8e5da0 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 15 Apr 2026 11:27:51 +0200 Subject: [PATCH 3/4] Remove OCB v1. Signed-off-by: Steffen Jaeckel --- demos/timing.c | 18 +- demos/tv_gen.c | 72 -- doc/crypt.tex | 125 +--- notes/ocb_tv.txt | 696 ------------------ src/encauth/ocb/ocb_decrypt.c | 59 -- src/encauth/ocb/ocb_decrypt_verify_memory.c | 74 -- src/encauth/ocb/ocb_done_decrypt.c | 68 -- src/encauth/ocb/ocb_done_encrypt.c | 34 - src/encauth/ocb/ocb_encrypt.c | 54 -- .../ocb/ocb_encrypt_authenticate_memory.c | 72 -- src/encauth/ocb/ocb_init.c | 131 ---- src/encauth/ocb/ocb_ntz.c | 36 - src/encauth/ocb/ocb_shift_xor.c | 27 - src/encauth/ocb/ocb_test.c | 224 ------ src/encauth/ocb/s_ocb_done.c | 140 ---- src/headers/tomcrypt_custom.h | 3 +- src/headers/tomcrypt_mac.h | 66 -- src/misc/crypt/crypt_sizes.c | 3 - tests/mac_test.c | 3 - 19 files changed, 9 insertions(+), 1896 deletions(-) delete mode 100644 notes/ocb_tv.txt delete mode 100644 src/encauth/ocb/ocb_decrypt.c delete mode 100644 src/encauth/ocb/ocb_decrypt_verify_memory.c delete mode 100644 src/encauth/ocb/ocb_done_decrypt.c delete mode 100644 src/encauth/ocb/ocb_done_encrypt.c delete mode 100644 src/encauth/ocb/ocb_encrypt.c delete mode 100644 src/encauth/ocb/ocb_encrypt_authenticate_memory.c delete mode 100644 src/encauth/ocb/ocb_init.c delete mode 100644 src/encauth/ocb/ocb_ntz.c delete mode 100644 src/encauth/ocb/ocb_shift_xor.c delete mode 100644 src/encauth/ocb/ocb_test.c delete mode 100644 src/encauth/ocb/s_ocb_done.c diff --git a/demos/timing.c b/demos/timing.c index 1d9bd5ca8..081ab53bd 100644 --- a/demos/timing.c +++ b/demos/timing.c @@ -1193,7 +1193,7 @@ static void time_macs(void) static void time_encmacs_(unsigned long MAC_SIZE) { -#if defined(LTC_EAX_MODE) || defined(LTC_OCB_MODE) || defined(LTC_OCB3_MODE) || \ +#if defined(LTC_EAX_MODE) || defined(LTC_OCB3_MODE) || \ defined(LTC_CCM_MODE) || defined(LTC_GCM_MODE) || defined(LTC_SIV_MODE) #if defined(LTC_SIV_MODE) unsigned char *aad[4]; @@ -1235,22 +1235,6 @@ static void time_encmacs_(unsigned long MAC_SIZE) fprintf(stderr, "EAX \t\t\t%9"PRI64"u\n", t2/(ulong64)(MAC_SIZE*1024)); #endif -#ifdef LTC_OCB_MODE - t2 = -1; - for (x = 0; x < 10000; x++) { - t_start(); - t1 = t_read(); - z = 16; - if ((err = ocb_encrypt_authenticate_memory(cipher_idx, key, 16, IV, buf, MAC_SIZE*1024, buf, tag, &z)) != CRYPT_OK) { - fprintf(stderr, "\nOCB error... %s\n", error_to_string(err)); - exit(EXIT_FAILURE); - } - t1 = t_read() - t1; - if (t1 < t2) t2 = t1; - } - fprintf(stderr, "OCB \t\t\t%9"PRI64"u\n", t2/(ulong64)(MAC_SIZE*1024)); -#endif - #ifdef LTC_OCB3_MODE t2 = -1; for (x = 0; x < 10000; x++) { diff --git a/demos/tv_gen.c b/demos/tv_gen.c index d6ba2c6f6..5eba374a1 100644 --- a/demos/tv_gen.c +++ b/demos/tv_gen.c @@ -363,75 +363,6 @@ static void eax_gen(void) } #endif -#ifdef LTC_OCB_MODE -static void ocb_gen(void) -{ - int err, kl, x, y1, z; - FILE *out; - unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], - plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE]; - unsigned long len; - - OPEN_FILE("ocb_tv.txt", out); - fprintf(out, "OCB Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. The outputs\n" - "are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous\n" - "step repeated sufficiently. The nonce is fixed throughout.\n\n"); - - for (x = 0; cipher_descriptor[x].name != NULL; x++) { - kl = cipher_descriptor[x].block_length; - - /* skip ciphers which do not have 64 or 128 bit block sizes */ - if (kl != 8 && kl != 16) continue; - - if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) { - kl = cipher_descriptor[x].max_key_length; - } - fprintf(out, "OCB-%s (%d byte key)\n", cipher_descriptor[x].name, kl); - - /* the key */ - for (z = 0; z < kl; z++) { - key[z] = (z & 255); - } - - /* fixed nonce */ - for (z = 0; z < cipher_descriptor[x].block_length; z++) { - nonce[z] = z; - } - - for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){ - for (z = 0; z < y1; z++) { - plaintext[z] = (unsigned char)(z & 255); - } - len = sizeof(tag); - if ((err = ocb_encrypt_authenticate_memory(x, key, kl, nonce, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) { - printf("Error OCB'ing: %s\n", error_to_string(err)); - exit(EXIT_FAILURE); - } - if (len == 0) { - printf("Error OCB'ing: zero length\n"); - exit(EXIT_FAILURE); - } - fprintf(out, "%3d: ", y1); - for (z = 0; z < y1; z++) { - fprintf(out, "%02X", plaintext[z]); - } - fprintf(out, ", "); - for (z = 0; z <(int)len; z++) { - fprintf(out, "%02X", tag[z]); - } - fprintf(out, "\n"); - - /* forward the key */ - for (z = 0; z < kl; z++) { - key[z] = tag[z % len]; - } - } - fprintf(out, "\n"); - } - fclose(out); -} -#endif - #ifdef LTC_OCB3_MODE static void ocb3_gen(void) { @@ -817,9 +748,6 @@ int main(int argc, char **argv) #ifdef LTC_EAX_MODE printf("Generating EAX vectors..."); fflush(stdout); eax_gen(); printf("done\n"); #endif -#ifdef LTC_OCB_MODE - printf("Generating OCB vectors..."); fflush(stdout); ocb_gen(); printf("done\n"); -#endif #ifdef LTC_OCB3_MODE printf("Generating OCB3 vectors..."); fflush(stdout); ocb3_gen(); printf("done\n"); #endif diff --git a/doc/crypt.tex b/doc/crypt.tex index 5c486a683..a3ec9143e 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -1811,21 +1811,18 @@ \chapter{Authenticated Encryption} The only difference is eax\_decrypt\_verify\_memory() does not emit a tag. Instead you pass it a tag as input and it compares it against the tag it computed while decrypting the message. If the tags match then it stores a $1$ in \textit{res}, otherwise it stores a $0$. -\mysection{OCB Modes} +\mysection{OCB Mode} \subsection{Preface} -LibTomCrypt provides support for a mode called OCB in version 1 ''OCB''\footnote{See -P. Rogaway, M. Bellare, J. Black, T. Krovetz, \textit{OCB: A Block Cipher Mode of Operation for Efficient Authenticated Encryption}.} --- which has been deprecated in favor of the standardized version 3 -- -and version 3 ''OCB3''\footnote{See RFC7253, T. Krovetz, P. Rogaway, \textit{The OCB Authenticated-Encryption Algorithm}.}. +LibTomCrypt provides support for a mode called OCB in version 3 +''OCB3''\footnote{See RFC7253, T. Krovetz, P. Rogaway, \textit{The OCB Authenticated-Encryption Algorithm}.}. OCB is an encryption protocol that simultaneously provides authentication. It is slightly faster to use than EAX mode but is less flexible. All versions of OCB were patented, but have been put into the public domain in 2013 and since then are free to use -- see \url{http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm}. -\subsection{OCB3} -\subsubsection{Initialization and processing} +\subsection{Initialization and processing} \index{ocb3\_init()} \begin{verbatim} @@ -1842,7 +1839,7 @@ \subsubsection{Initialization and processing} Note that you can only use ciphers with a block length of 16. -\subsubsection{Additional Authenticated Data} +\subsection{Additional Authenticated Data} OCB3 has, in contrary to OCB, the possibility to add "Additional Authenticated Data" (AAD) when performing cryptographic operations. @@ -1871,7 +1868,7 @@ \subsubsection{Additional Authenticated Data} both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb} states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory. -\subsubsection{State Termination} +\subsection{State Termination} \index{ocb3\_encrypt\_last()} \index{ocb3\_decrypt\_last()} \begin{verbatim} @@ -1900,7 +1897,7 @@ \subsubsection{State Termination} The \textit{taglen} parameter defines on input the length of the tag to output and will be set to the actual length written, which is at most 16 octets. -\subsubsection{Packet Functions} +\subsection{Packet Functions} To make life simpler the following two functions are provided for memory bound OCB3. \index{ocb3\_encrypt\_authenticate\_memory()} @@ -10290,7 +10287,6 @@ \subsection{Elliptic Curve Cryptography - $GF(p)$} These two ECC verify functions have been deprecated in favor of \code{ecc\_verify\_hash\_v2()}. Please check Chapter \ref{ecc-verify} for details. - \subsection{PKCS \#1 Padding} PKCS \#1 v1.5 padding is so simple that both signature and encryption padding are performed by the same function. Note: the signature padding does \textbf{not} include the ASN.1 padding required. That is performed by the rsa\_sign\_hash\_ex() function @@ -10631,113 +10627,6 @@ \subsection{Extended Verification} rsa_key *key); \end{verbatim} -\subsection{OCB} -\subsubsection{Initialization and processing} - -Let's review how to initialize an OCB context. - -\index{ocb\_init()} -\begin{verbatim} -int ocb_init( ocb_state *ocb, - int cipher, - const unsigned char *key, - unsigned long keylen, - const unsigned char *nonce); -\end{verbatim} - -This will initialize the \textit{ocb} context using cipher descriptor \textit{cipher}. It will use a \textit{key} of length \textit{keylen} -and the random \textit{nonce}. Note that \textit{nonce} must be a random (public) string the same length as the block ciphers -block size (e.g. 16 bytes for AES). - -This mode has no \textit{Associated Data} like EAX mode does which means you cannot authenticate metadata along with the stream. -To encrypt or decrypt data use the following. - -\index{ocb\_encrypt()} \index{ocb\_decrypt()} -\begin{verbatim} -int ocb_encrypt( ocb_state *ocb, - const unsigned char *pt, - unsigned char *ct); - -int ocb_decrypt( ocb_state *ocb, - const unsigned char *ct, - unsigned char *pt); -\end{verbatim} - -This will encrypt (or decrypt for the latter) a fixed length of data from \textit{pt} to \textit{ct} (vice versa for the latter). -They assume that \textit{pt} and \textit{ct} are the same size as the block cipher's block size. Note that you cannot call -both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb} -states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory. - -\subsubsection{State Termination} - -When you are finished encrypting the message you call the following function to compute the tag. - -\index{ocb\_done\_encrypt()} -\begin{verbatim} -int ocb_done_encrypt( ocb_state *ocb, - const unsigned char *pt, - unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, - unsigned long *taglen); -\end{verbatim} - -This will terminate an encrypt stream \textit{ocb}. If you have trailing bytes of plaintext that will not complete a block -you can pass them here. This will also encrypt the \textit{ptlen} bytes in \textit{pt} and store them in \textit{ct}. It will also -store up to \textit{taglen} bytes of the tag into \textit{tag}. - -Note that \textit{ptlen} must be less than or equal to the block size of block cipher chosen. Also note that if you have -an input message equal to the length of the block size then you pass the data here (not to ocb\_encrypt()) only. - -To terminate a decrypt stream and compared the tag you call the following. - -\index{ocb\_done\_decrypt()} -\begin{verbatim} -int ocb_done_decrypt( ocb_state *ocb, - const unsigned char *ct, - unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, - unsigned long taglen, - int *res); -\end{verbatim} -Similarly to the previous function you can pass trailing message bytes into this function. This will compute the -tag of the message (internally) and then compare it against the \textit{taglen} bytes of \textit{tag} provided. By default -\textit{res} is set to zero. If all \textit{taglen} bytes of \textit{tag} can be verified then \textit{res} is set to one (authenticated -message). - -\subsubsection{Packet Functions} -To make life simpler the following two functions are provided for memory bound OCB. - -%\index{ocb\_encrypt\_authenticate\_memory()} -\begin{verbatim} -int ocb_encrypt_authenticate_memory( - int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); -\end{verbatim} - -This will OCB encrypt the message \textit{pt} of length \textit{ptlen}, and store the ciphertext in \textit{ct}. The length \textit{ptlen} -can be any arbitrary length. - -\index{ocb\_decrypt\_verify\_memory()} -\begin{verbatim} -int ocb_decrypt_verify_memory( - int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *res); -\end{verbatim} - -Similarly, this will OCB decrypt, and compare the internally computed tag against the tag provided. \textit{res} is set -appropriately to \textit{1} if the tag matches or to \textit{0} if it doesn't match. - \clearpage \addcontentsline{toc}{chapter}{Index} \printindex diff --git a/notes/ocb_tv.txt b/notes/ocb_tv.txt deleted file mode 100644 index e517341e9..000000000 --- a/notes/ocb_tv.txt +++ /dev/null @@ -1,696 +0,0 @@ -OCB Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. The outputs -are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous -step repeated sufficiently. The nonce is fixed throughout. - -OCB-aes (16 byte key) - 0: , 04ADA45E947BC5B6E00F4C8B8053902D - 1: 07, 987354C062CD6251CAA6D93280EFE9BE - 2: 1CB7, B9F1620EA8374E1C2D05110878D93069 - 3: B98C59, 3793FB737C2DFB29E73DD1AD8B8F71C7 - 4: 8978F240, 5E25316ED13D3300F2EC12D718A0BA8E - 5: CB4D261594, EDA252A1A5C7D0A4AB4620F771446DD3 - 6: 30D6B6688D59, 684037DE07832C6FC38CA42BDF2A7D53 - 7: D0583F9741BFA4, 3DF53DFF73431C0245982F4EEEAD432F - 8: EE3B9596CBEFF520, D283D1B9D990739EA05F4BAE2E96BE4E - 9: 6570FC25E6103AC125, 90D3F1FA6595B775749FAE7B00A8E5B1 - 10: F56750C98C370DFDC4A0, 19389A6875FAB432B72D64BCDD6BD26C - 11: 3344AE6D9528603CC1E4E1, 87AB6FBC7F919125A7DB0D17D19056B8 - 12: F3D9D816A727D3E67330C779, 07AC0F3841DFCFEC58A5AAC22270538C - 13: 976651E63ABC3B276799BC1FE4, EE603A8C66099AD6FF8667B3F34ABF29 - 14: A48E3ABC31336C6B717A96170A9B, A9D1B973D84D3125F5F9D7923BA0A8FF - 15: F60E9B2A911FAFB0080FAA3ECDEE42, 4902F8AEB7685F7B255ECC45B5B7D3D4 - 16: 0855DE488940144AF18C65A9966DDB66, A66B3E7A75D394273AC196FFD062F9DD - 17: 172DC1740F75AB2A27B2B80895961A69AB, D6986BB95F7E4137430CAC67F773623B - 18: A414234DCCC61B65A79B7C618A6B91ACA410, 6CE32E55E158BC3E51E94116A615F3A2 - 19: 16A1B16BC0F63D63179901F1CBC772D612C102, 54007EF9822E0E4A4F953838577C76FA - 20: 539788EBF85C15B3A638017B4054D71315BFF25F, 9B2511322E16CECD53E3241F3D51EB97 - 21: 7E74595A3DCFE1EA2C91B67738765463D50A22924A, AC9C9B526251C16F112E769F9FBE74E4 - 22: A2B61792102B2E44F1DC0E48B40472CE883730504FEB, 76452A49C2524404C8A4B098D6390F98 - 23: F58174BC06A022AB7D81991E9346F5E4B0AEC535D93473, 47F96374BC094BB2C1A5D1D291806912 - 24: A3A7713895D178A85D9092EA6138323DC2FF9090D7F01AC5, 3814208FA7009A2934F9A172D029667D - 25: 385525DAF9949DCDEB22F7518AF96438E40F7D94933706A9F2, 1249F3DF50084A6D1A76AA350FD85B0B - 26: 6838E207D98A5BF8D8E41454CF51663D8F8B76FD26092D45D1D9, 301723D0F49BF8CF37828340B894689C - 27: 736413C025A549CB2550E93139DFD5DC3CE241C296C9FE641FF520, BE07259963F251743A85DF51EB1B47FB - 28: 7F2CD26367A885BD9E2B515D4E871272AC1BEA1C650B530E5616B2D3, EEB37E8451597E5A53CB49072EDA9346 - 29: 68F23DCDEF223B60B46E3D724A93BEEF8B110D4394C990AC3D0E34E1B6, 9A60344982F852EFE02CBE9CBBAB60F1 - 30: 66C5DE3EB27139983D48BED81D0E5FCE6BA1AB402C357062FE989D31C69C, BAFA0A7997A529039F0CE8528E670415 - 31: D3B9009C1A930EE288C61B0B15C7E92CB73484C345594DC5A3F377147981DB, 1EDAACF7F1F3AC7EA613F94DA4DEF930 - 32: F7818DF15FE6FBC42A28FDE1D55A2C07EC8D82AA0E7A680DBD3CF26C13448F9B, 67FEB344108008A88067E92B210766D5 - -OCB-blowfish (8 byte key) - 0: , 07B7752047F9E0AE - 1: CE, 7D69017C42B06204 - 2: 1D6F, 4DFD4BD58439062F - 3: 30A011, DB49D988798F8842 - 4: B71C8951, AA3261584B0C20FD - 5: 06F89957DA, 88BFA80D36427F64 - 6: 45BC4CE5FABD, 4CAF71136ED166A7 - 7: A7405F124D0296, 5D8993CE64FFF0E7 - 8: ECABEFD9E6574E4D, B69349673CF86E41 - 9: F7D26A7E82A34ACC71, AFFDEE843ABEA68A - 10: E225C5F0FA1D649F81A3, 03AC1D5DF1323EF8 - 11: 58722FBFB86C2697061217, CE731D80E6355710 - 12: E577EB8FA70225C5A18D31DC, 2F08B140F0D3A255 - 13: 92154A94CD7D42EBADB6CFEE14, DC949170E84D3CA2 - 14: 5A3C08744FD85CA262D51AC6CD25, E83CE45547403BAD - 15: 8B2E4980ABA10A20573A402D89AD12, E3D978611DD831D0 - 16: 3EDC4A0FA95BD8F944BCE4F252B6470C, 87B54BBEA86A5B5C - -OCB-xtea (16 byte key) - 0: , F996E5CC593FD6E9 - 1: 88, 64636E3C48940F8D - 2: 223D, 230D7718A8BCB965 - 3: 32531B, 37FEA4728FAE474D - 4: BDCF3E96, A9F30B4187CD174C - 5: 7B0CCDE546, E7328648817987FE - 6: 824BD771B724, 0BDF80C14EDB758B - 7: 8F0E73B1280717, 2DEDBF2C87180CC4 - 8: 6F7EFA44AF774B1F, 1A9C5509D54A7185 - 9: 9749BCF684F68755AC, E46941DBE948BDD5 - 10: DCD32D91FE2D5590355D, E17DFA54A5B60E07 - 11: 3CBBF6464D438AB95B3ACF, C207876D030362EC - 12: 1C804A611F6CE4CFD2657366, B957F48EA00C428C - 13: 5A2F6927951D8F60C754893790, EB3A27A9E5B8928F - 14: C710D28CD02726002596D9196021, C6C9EBF090A20C07 - 15: 298FFCE0CD42BC329697AEB5F53A56, BB2F0C415317928C - 16: 59F6395260ECEAB2E3511991EEEF9656, 278A218A720F8E05 - -OCB-rc5 (8 byte key) - 0: , E7462C3C0C95A73E - 1: C5, 83CB00E780937259 - 2: 1533, 022FF70566E0BA87 - 3: 57543B, AC4EF15FC83BDF2D - 4: 01E4474B, BD817C06AC2141E0 - 5: 4CD7E850EE, 7BB6B3BDA5373422 - 6: 489C0CD1502A, 23DD4406F87EB164 - 7: 0CBAAE08E07EFF, 92569C958B722413 - 8: 073612F283F8A6E4, 1DD978D01CE8D1DF - 9: CDE676B1A3AC98B00E, C033F099E2620668 - 10: AD3BC88EEEDA40A83685, 36DA44E13C0C8A4D - 11: CA60E8B918F73E99986021, 45634CA0E43E4B13 - 12: 3B3CF82157ECEACAD8658EF5, E681F57616146CC7 - 13: EBC1A7068346EC1B7EB815A7DC, 2C806D2A909CCAF1 - 14: 97CDB3EF8276F1E7D6B6677DA2DB, 53F00B9A2E43DE08 - 15: 44169B3EDAD9506C51A6DA055EF9C2, 5BB6DD996130896B - 16: 35EC29065B1FC640015B0F779E7A358A, 867EBD0E86823F09 - -OCB-rc6 (16 byte key) - 0: , 27B9E3F544B8F567EEBF98ED5FD55C76 - 1: 92, 219FD2D74D7E3F21AA6C2A507C0A546B - 2: BECF, 96A656A16FB3C4579E6955D592AECAE1 - 3: 4DDE09, 7D1882879B5D6FD8C151502BD8AB220A - 4: 0D6B4FCC, E01FBD1ECA2A6A8DC6697A06AB12BDB0 - 5: E5E19C973B, E5A86AADF2F333D5DEDCE410688CC6A4 - 6: 90BA7D2A6965, 80523A2CAB2A7BB2E90B121DE80F46A9 - 7: 6FE258148EC8D0, B7254B11276A77C5F99FE5EC91D81F57 - 8: D887080095DF8817, F3FB938068A01EF89DE0F1226C544362 - 9: D9823313289D597614, A547764EF20BD4B4B303882B64FAF2C5 - 10: FF68942112CF01701E86, 94F3860D4438428EE296CEACB3EB67F5 - 11: FFD390D3E0B64F64D3192F, 99D2E424C67EBACCD4E2EB9A0CDB8CDD - 12: 3162235748BDDECC84FC8C94, BDD400A58AF59100A731DD5B4386444E - 13: D2A0EC8B1F20672289F7236C56, B245CF42644BDAC5F077143AF2A57BA7 - 14: 830929B2850E22F6C1BA2027248C, B6B522F7D6BA3CFFA92D093B383542FE - 15: 2A5FCCCCF43F845AA77750D3BC6B1E, 53A0A0882C7844636900509921661FCA - 16: 8480234796F9EAC313140CE014B0265C, 0656CA8D851B53FD5C1AAC303B264E43 - 17: F011A67C22F16A42CEA5E493CB766964AA, 830B8158B7A96224A53FB7F3A08CD128 - 18: F76274A730A608C2AB37497A049C3699882E, 4DC4DD4DF39D0E68D6169F9DC7F4A6D5 - 19: 7B38DD237DE552A72E4369A81C30AFEA5E5063, 01A62CBD30153702A5B29FB2A1683899 - 20: 58EB866F1FCB060ACC821D776AAC4AD9E87C326A, 25AFB8FC48605E1396EA8471F55C1294 - 21: A25F2C0FAD66B3580627498EC66C994B49C5445911, 0182A951D9A3DA53675612DE8EED1FB9 - 22: 8813977F092F07F251A1497C898967F3F98F5CB878CB, 80BC353E310880A83DD4DE4FE96AB6F0 - 23: 52DC8B76F5A6F78D51FB7DB51048E2663563335EC876A5, DC3689AA079C04C19D83646B272F9DEC - 24: 965437D3FDF91784B63C73C8CD001BD9372167963DF36B89, 9FF84E2845E3C1E3E6711D1646B18F21 - 25: ADD40F674BD56FFC8F9B4047FAAD2471F0A48F4544C894F806, 9D684F74F9734F1C497E33D96A27E00C - 26: 7B049B688839BC62785082397DEC7AA94B837D094AECA4B14571, EE711DF1C15B5C9E36B6E38B6F7152D2 - 27: DD4681F9C498A3CF69A9AC876E02BD9CDC4FB1F6798F772013B62D, C5A50676EFAA2A56CBDBE55CFED3050D - 28: 471B5E89A1337E75E88AFBAACA1C011790F1657425483229E55C34EE, 20F73F2AC452FFEA423BE2EBDF33CFA1 - 29: 71812C83DE34DB329C8DCD98890AFB1F7719E890DAE5CEB7AC9668CAD0, 6FAA03E10C6FB67D425C683C6D85FD76 - 30: 4BC2DB33786CFD29B5CA5B804454169906138E90E29E7BE9197971027AF7, 75053C433EF5572A70C58EEC96F56C53 - 31: 5E3A0AB41264AB65365458ED3B7E6A25827E50075A9E347F1622ED0723E229, C8F1ECD19AD5FC970CF0D31BF46B0F2B - 32: 2E48DEE4B379CD59F5367D17DC397C1BFD53B8C4CE46A8202518614076174EB6, EFCE758ECCB6BE875D16B7E03A498D31 - -OCB-safer+ (16 byte key) - 0: , 88618DEF98FE588E23107E9A5D89C26B - 1: 39, 2B01B202E751F957E331ECD1CEDE3456 - 2: 13CB, 17071E5AFD5D8CE953A73F49412BE8C4 - 3: DC4428, 4B0B1881C2540FF92E7DE63C479A7750 - 4: 120382B0, 0BB11D57B5BD9D846CF31033CD4CCB92 - 5: 97F332F95B, 335E0424D0A820F60DBB968B8B5AA057 - 6: 3C7AAE72037B, C8034C2C76C1CCD7C1B3F36DD8907E1D - 7: 8A99E4A1B89B6D, 06A8165DFADF1EA5ABD89E574422DF7F - 8: 676587065F0342B8, 93ADE63994DF2189079234DC204BF92B - 9: 8EC394CBC6877B245A, 1A89F0AB0B44BC708EBD9DE489E2EEB8 - 10: 5FB5366E5CAE4DB72411, 5CA5881A5805D53ACA4904A5EEC01550 - 11: 72A1994028F09ED6A4E45C, 0FFC0052996CE45DF4A28F7A6E9CFEA6 - 12: 1D5EF20F52A9B72386D1A601, A697DF1179628DE1120D5E8D9F39DA6E - 13: 79BD002AA59D74F125AD9E32DE, 2F02CB6F70BF57BBA0DF100DE503F633 - 14: 442C6F9016DF4C090056258756A9, 58C6FD3180B9B74459D70B5684BE3F4C - 15: 4FC5543D9A892B44ED04EE8B25E232, B8B858B3D3EB4B26E867E429F88A56B4 - 16: F06E7503167C2210AB332259BAFD6AB4, 73CE2589D1DF34CA3DC2B14CC9FA6276 - 17: BCCC260BD4823B64090FB33E6816F9C330, 81ABBDC83B2544907840FEB5AF4479EC - 18: 450C1105B76F960D1A5F33D7F9D37DAE20C3, C41DDC8980E88E3986D9C84857BBE1E7 - 19: C9F36EF3A990E0554EDB59E6788F8E9BF1DBC7, 90DD543E148D9A0B79A8B376C5509E09 - 20: 3666FEEA98A4FC434EDB7517E7FCEE2320C69BCB, 99F11B360DDB3A15C42110831CCBF21C - 21: 126F39C19D1E0B87F1180F6589A75712B66209E2CE, B4D268FB8EF5C048CA9A35337D57828A - 22: C1B6D14EE8B6D0A653BFCC295D5F94E6BCA09E181D8A, 4B4883B614D5CC412B53ED4203EA93B7 - 23: D1F2A10F1A9DAB738C61CD0EF66FE5F6D1DA95DC671128, 3F1EFDA55EFEF1A0B24708E132BC4D25 - 24: 9D457216C584F43DBA1DD55C54822A8B6A86D22DBFFA14D4, 53402970B128E98A5F0D62476A38F959 - 25: 012828614B5D67C9A1EE24A1EBCD322FE9C8BE0C3F20A53714, 2BFF288D90DBDC638084F80F3F7AADF3 - 26: B1904AECF599F6C74557475E409E75E646271DEDEC7A830260DB, BF119BDBDA27773E038B7067D2B0EECD - 27: ED831771C4346FC19435354AE29F7A9436D6E8D4D42CFF26207DBD, C3F029FC8AE690E84FBD0EF806B801F3 - 28: E051B958601223FECEADF932A277BCF18C25025AE4DA791155B85035, EB75E56BE7856F1B5ED3D125C092D38A - 29: AB3449537C5E22125BC32D483F74C3A3DBDBD5232839A85D300F65B4FD, 851B0FBABD080F783BDE4F47ADCD6D76 - 30: 4E68550837130652795A8C9D68530717D2B0AA5A17F3AEF92FFB502E46AC, 10E222706527A64E757EDE4B9EFC09DD - 31: C2D7033DA7A1857D79497EA6C64779EB969046CCEE6C74E6592FEE6E7C94C4, 2015674ECA80AC9B67AE854E18A7D56E - 32: 2F3F0374DDC24AE21F02D4DA74D46C71F0CD2269A68F32F7FAA0BAB64AA8E9BC, 737C8BA1677A8CE97D42FBB07530EE99 - -OCB-twofish (16 byte key) - 0: , 2CD8EF22E5457C7FE4016B0FB82FD204 - 1: 64, EB7BB60E4932C0E97A7A5906BD044ACF - 2: 3A59, E3D2024241666369BB542ED096F20C71 - 3: 67C038, 7E6F1EB3F2088F6416BB675DCAC0D484 - 4: BB36BF02, BDEEEF07EBB7A50A5201C8A2D72C0036 - 5: 6F06C0E293, C63557681D84ACCFFBFEE87D82EF1D3C - 6: 2015F94CC5AA, EF1DEAD4134D2A1A47A20F26FAA3554D - 7: A5F8CDD07964B0, 672B74D88C8AA7567C6AC4A896E0F6D1 - 8: 5EFC9D8C3B9E7F3F, DB9160C53AD429D4C22BC0E2E6C509C5 - 9: B62CB80F75594BC54F, 20020A798FF59F0472E750C796B5CC94 - 10: 970983B0F889760EEEF0, 360AE43CEBCC27755548D4984CEEA10C - 11: 75C3A8CCB30A94CD57D1F8, 79820F3B1625E216B5BC1D1A22B198F9 - 12: 033DA41CCBFE3C6897230FCE, CFE3EDD11627270CD63916508B058B7A - 13: 15358032F30043A66F49D3F76A, 98B8056A7991D5EF498E7C09DAC7B25D - 14: 71FBA7D6C2C8DC4A0E2773766F26, 22BA0ECEF19532554335D8F1A1C7DEFC - 15: BD761CD92C6F9FB651B38555CDFDC7, 8E3C7E1D8C4702B85C6FCD04184739E4 - 16: EB6D310E2B7F84C24872EC48BFAA6BD7, 12DE548D982A122716CEDF5B5D2176D9 - 17: 8DDF6CE25A67B409D3FB42A25C3AA7A842, 3E9FA2C6C65341A8E1101C15E1BBD936 - 18: 5563DFC29B750FBC647E427C5480B65846DB, 90881C6820901BD41F7B3C2DF529B8A9 - 19: 93343C1E9624321C2A0A155BA8B4E66FD92BE2, 71A641DDCD49825E10880D54BEF30E91 - 20: C256BCA0CF0ACCEEC1AA4B9372AF27D2C3C65AFC, 91D45C4DA49BBAD1809A11F4041C7D09 - 21: 3DE69FDB72C93518A3E317F7B26C425EE3DD42DA7E, 85E37B3E8EC3AF476DB7819D739D07D5 - 22: 676AC7885C7C8FBE9862242FCCC46C181440EE49AE59, BCDB42B53AC4FDDF9C3BF8849AB96EEC - 23: D71B98B88F46CC47D90BB931564CDF0157F0ABCB5E6954, 289CD5799D9E49F36D70F67726A59610 - 24: 669C16DB9DC175200C08476832155DAA52F1F8969DF3B79A, 835B210EBBE5C9D34C2E052E1843C1F8 - 25: 2F39346E14A34BBED0491929CD9F1FB3CEC412C25AB703372A, DC4B42E8BA676BA100B87BEE328C5229 - 26: 1FD0F8BD0AC95E91881635EB0CF0E4FB099CBB214CE556422E2D, 898CEB3CA8FCA565CE5B01EF932FD391 - 27: 7FBD32B3D88B7E002BA6055585B5D0E1CC648315A81CFECA363CC8, 804820B1E3813D244164F778B9C2A8C8 - 28: 877A5F336A1D33AB94751A33E285C21666F0D8F103AC1187FC205372, AF9F0AC165EAFCEE8C2A831608F166B4 - 29: ECCA297705B0395E71B9E4263343D486B29207DA188C2F1BA626EDBF46, A05DC873406B236E4DDBC038DC4D2627 - 30: FF3BD8D4E1108E98FBAE2E28BC12819CD7956BC491C0B3A291FBEE739599, 68DFE58473BA2818A23095D1D6EC065C - 31: F175230606040ADACEBAFE4D58BBD140B2D45E8BF7E5C904510B58E4B53D3F, DAF579E1A12481D39F4DCFB7C28794B1 - 32: 261388D491EF1CB92C261FD9B91CAD5B95440DE0A747144EB8697699F600801D, 749056EBEAF4F20CD8746AA8C8846C47 - -OCB-safer-k64 (8 byte key) - 0: , 0EDD2A1AB692AA7A - 1: 3E, 306F814F3C2C109E - 2: 0593, 063D19B734C34715 - 3: CA72C6, DF6DAAFAD91BE697 - 4: 08924AEE, 15095FA49E789483 - 5: 359908A6CD, 16CB7F0741BA4091 - 6: 97F3BD820CF4, A59DB15B67B95EE8 - 7: 0A267201AC039E, B4FFC31DBCD8284A - 8: 9F6ACD9705C9ECC5, 6B41A938F0B1CAEB - 9: F355D5A937DD1582C2, 9D1F932E521CB955 - 10: ED39758CAF89E7932E48, 398EF517015F118F - 11: D8ACF19363A0E0ADC9321B, F98B2A30217766AA - 12: F8F54A8202B0F281ED610F33, 36EF7FA4A20E04B7 - 13: 0F8677DF64B5982DB6E2299140, 4DED2DA806834C81 - 14: 0C357A9DC321C93B3872881503B0, 7814D1C0C6A8900A - 15: 10B6B1A261C3015A18110AD200A7B6, 9A814D6D2BAD850C - 16: AA9EA9D1BA7818C0D2EBF23781A5467D, 236A24FC98826702 - -OCB-safer-sk64 (8 byte key) - 0: , 76F16BDCE55B3E23 - 1: 63, F34B0B471F6F8F75 - 2: 8651, D7EFE17943D35193 - 3: D45504, 263224E50E7E9E75 - 4: 57B414C3, A553D6CABCA0F285 - 5: 4976E3B303, AC5E9969F739EBD9 - 6: F10AB8EB94E0, 8301FFE68848D46D - 7: 6E954593AC427D, C1CF93BBC0F92644 - 8: F48F44441B898C0F, 698FFAED1A95E8E4 - 9: 1DC60156D62782E3D0, 6AFF0DCC65D4C933 - 10: 71920ADC8997CB8B3A72, 1C101C6A27CFBBBD - 11: 890ED7492ED914AC20391B, F66DCD6205D945C6 - 12: 1B9FAB84A8748BAC187C7393, B450757FCAFAAD52 - 13: B4C89E1BB280DBC265E43ACE15, AE6BB3D2E6A371FF - 14: 24B0C28944BDF22048E2E86644F5, 84E93E2191CEF17A - 15: 8F2D5694D55EE235168AAA735943AF, 514252AEF2F2A2D9 - 16: 568B7E31FFDA726718E40397CFC8DCC6, 3C80BA7FCA9E419E - -OCB-safer-k128 (16 byte key) - 0: , 4919F68F6BC44ABC - 1: 65, C6785F7BE4DE54D3 - 2: E1B0, C197C93B63F58355 - 3: BB7247, DFE092EF8184443B - 4: 38C2D022, 943FD999227C5596 - 5: D71E4FD0ED, 51040FE9A01EA901 - 6: C4B211EADC2A, 329429BE3366F22F - 7: 426DEB3FC3A4BC, CF1C976F6A19CE88 - 8: A6F813C09CE84800, 98D9FF427B3BD571 - 9: 4D1A9948FD157814B4, 5A389FAEEB85B8C6 - 10: EC3EA142C3F07F5A9EEB, 31E26E13F032A48F - 11: A75FB14365D1533CD3FBE7, 8EF01ACC568C0591 - 12: 891582B5853DD546FF3EA071, E013CFFE43219C21 - 13: 54CA848C49DCDEE076780F21F4, 298EFC7B4D6B6CFE - 14: EA7611C69A60F1A2EF71D6A7762D, 7D9AA51CFCEC8101 - 15: B2D1A211BC524B965A084BB4B21710, 7B2AC0EEB5216892 - 16: 5E81F1BFA270E804A488C9BFAB75811D, A67F627CE1E37851 - -OCB-safer-sk128 (16 byte key) - 0: , E523C6DBB3CA178D - 1: 5E, B1CB7EBE5780DF98 - 2: F4D8, 8036235F2BE7A817 - 3: 4FE268, 123320394EAC24F6 - 4: A5BA02B4, B8276B5E027D45DA - 5: 1571859CCC, 29406C5F2DF2CFC4 - 6: CA1E47447B95, 5D4FAF8FD5341791 - 7: 8710DB37022D96, E10040FEA9AEA9C2 - 8: 205990DC9A34DA3C, AE25CB49AA7A697B - 9: 757AFCB3191DC811C3, AA8CADA8638D6118 - 10: 6994F8C153522361BB92, 1BCEE09E928EB18B - 11: A86FA0CDD051BB60AF5AA8, 50A38F8E9889354D - 12: 8D3FD3EB7FF2269AACFD24BA, CB51CF84CEFC45F0 - 13: 03D2A313925D9490FC5547F95F, A1FF9D72E11C420B - 14: D77C0F0F600FE92F14F479FA457C, 1EBE1B4B9685EDFA - 15: 0CAF0A8BEB864E26058C7DF8EBA0EB, 1B153DDAE807561F - 16: 113D12716DFE0596A2F30C875EC6BA0E, C61F5AC0245154A6 - -OCB-rc2 (8 byte key) - 0: , 1A073F25FF5690BE - 1: F4, 3D3221E92E40F634 - 2: 2C76, C22C20B7231A0DB9 - 3: C647CB, 3E6348D996399629 - 4: 2021891A, 8EF76B24E9D55FDA - 5: 1966CBCBBF, 310D24024D573E8D - 6: 42C15AC9AAF0, 217E83C0CDE4F077 - 7: AB70F3F73DF0B6, 16AB2679D96A591B - 8: B7C7DD845D7E76DD, F33065EA531545CA - 9: 468CC16A37CF63EA73, 88879733F70AE3D3 - 10: 4F769E25A7346E22A932, 26E1A92FEDEE0597 - 11: 304A8B53B1CD24C6C27C17, 48B46E9F091B0B2E - 12: 4E3DF867FEFF0B8E06D5FA70, 53BB48BFB8AB4750 - 13: 2BAB3F0A8C38A3BD3C49DBBA5A, 52303CADCBB6D312 - 14: 3D04A29924589AAEF93A29003EE7, 120EF9364B83748F - 15: 486127A80E4EC599C461451CF1D79B, 2245D51599CAD629 - 16: AF8FB3FD2DB343F1AFF564FCBEA58785, 805BF441E660B0B0 - -OCB-des (8 byte key) - 0: , 8A65BD7DE54082AD - 1: A8, 3A83897CC8EC7CF6 - 2: 9256, DC66C39C7DD87D93 - 3: C145A0, 45967F3764F62F48 - 4: CD314BAB, EF38B0213259C3D4 - 5: 7074014741, 6748F4BAF06DD7BD - 6: 9A874CAE01F1, E382DB7235624104 - 7: DFA0D86DC4CA84, 627ABB432E50455E - 8: 685C2B2CBDD8D144, D166082E085063BA - 9: 53515DAAC7F7B8CE1D, 6680B6C26E1B0994 - 10: 2B3967812BF4155A8D36, AFED7F38AFEFC543 - 11: F4E5AC3CC5913B8A7F35FB, 6181DD3C46A6C24F - 12: F3EC89AD4235287D53715A81, 12CC354833FE5BD8 - 13: 66D554AC2CA85C079F051B8459, 097F31088CFBA239 - 14: 8746061C26D72771A7586949A3E4, 6CEF3565D0E45C6B - 15: FB3BCC650B29F418930A467EA4FB73, 64D12723E100F08B - 16: DE1C27E9B3C391AF5DF403291F2C084A, 6BADE4638AE46BE2 - -OCB-desx (24 byte key) - 0: , 972B4CC480AEA6A9 - 1: CB, C46CC58DE9615963 - 2: 2911, 9B5117BF9530018F - 3: 844501, 308F0F36D3313B67 - 4: 0C8CB549, 3F72789FB54CC9B1 - 5: 581FA34114, 1B86E66203EBF9EE - 6: D0BBE3E43961, 59F730D5ABF13265 - 7: 046529AB0EDD17, 240FF6134AA5327B - 8: FF4F32C3A96D61D9, 5DE9B81CC39ACC61 - 9: E94A99D609BE5B1A6D, 443F4948DE64E6A0 - 10: B3E783B59853EE1EBD36, F04B41EAAB9CDE18 - 11: 0BB36CE35BB8050169F6F2, 598A0705C800BC04 - 12: BE946B1CB03E7E5DA1CC12B8, 288B827CEA810662 - 13: 3FEC137C657FF1F2B34F4C5E56, F9248F59D1033253 - 14: 626DC4527055E80E68A6A1FE0F78, D8AA67D5ABD0B6A5 - 15: 476247537A509BC42BCD6DEC7F9506, 2C2D0385066B4815 - 16: 5D32BFE0B9ACB62B6AC29D43A0535A25, DE247F5F809C6CEC - -OCB-3des (24 byte key) - 0: , 9CB7074F93CD37DD - 1: 4D, 51541A838A154E0B - 2: 5C77, 60E86F2F1F4C6F96 - 3: B3D2F0, 7D74A9E6A061457D - 4: B3556075, EAF7A89A07453460 - 5: 1B61CE7230, F90D18620E1AB877 - 6: 3987FEC8D0D7, B5EF04DEE2E528F9 - 7: EBD0A7EBEEFF3B, A72CA24DD77A5DDA - 8: 429FB38DDABF76D4, D0578484C37227C8 - 9: F8DF28BF5C4CD28B1B, 5E7C4DC8E694E3B4 - 10: 2BF436BBE063F7E830C2, 8D919637C973C71B - 11: ED21656C8878319F1B7D29, 8813280C1277DF26 - 12: F45F90980D38EDF5D0FEC926, F9619341E273A31F - 13: 52F2D3CACC294B141B35D73BBF, 7BBC3F1A0D38F61F - 14: 2E6DA0FB55962F79B8E890E8DD8D, 8060799DCAB802E4 - 15: D6F9A6B2420174C499F9FE91178784, D3AAF969ED2F7215 - 16: 4F1CF285B8748C4F8F4D201C06B343CA, 203A2692C077F1B5 - -OCB-sm4 (16 byte key) - 0: , 644D127C5F75F64F48808EEE68350817 - 1: 6B, EE408CBD07CEC607EAA25CB0CF063DE4 - 2: 74E6, FE58AB1D0A951F156D0B78597DE88981 - 3: 049E45, 9674DCB58ED4981CFFCA8725B5BDCBD8 - 4: 416F6FAC, AB0981B209CEB024447861D113FE74AE - 5: CC01AFD1B6, 9125092E4696FE0939A256C03A37FD8C - 6: 1B32E33A7BA2, 80714FA9C1EAE774CF9C754F5FE7374A - 7: 6F91118A6F5E0F, 7065639ADBE5265F0B61836950C39871 - 8: C40E934B952D0108, A8D1ACC7CA93B14C2A187441C794D31E - 9: 06B7FF294A85CD8F8F, 3C433077C03E9B6A481B6A78565A865E - 10: 123093E41AAA91EEA2D1, 9EEF81BFAA0C7116C632DAE3D447BEC4 - 11: 83288869EBB8D22772AA98, A52688653CC795A14D7CC5C4FB59EFD6 - 12: FD8A2A59C3BA54DE090DFFAE, CA597A88711955563025FE6F6B6CB095 - 13: DA0FD6F4B1A0A8084D92F543D3, 9F22A8F0B9EFF906DFE7438E0738FF4E - 14: 8D8090EFF0A44E96A4CB582A61E5, 11477309B525FA0B1A1B4B0F25DED574 - 15: 95DF2F968380DAF60122B8FEA2614A, B25F1C94B4F963297EF31AD01819CAD6 - 16: E63BB516DEF0A60F3503FC9578082588, 9E75B31F3A10D922A698610EDD224AC6 - 17: 4141B7D60688A6B74659FA3F988749336C, 2A4A83E828CA79F3CBA7A417E4E9149F - 18: 68A58C0AAD6A8831231DD3537D5E6284FAD7, 4372DBFA17A102118A4750E719FCC9FF - 19: 6565EE0302F1AFE357E65B56980F04EB805228, 20E09947D4A4947CD24457589303BD69 - 20: 0400E928A18B85498DB78CFAFC026CB07F3DD3A3, 9646E0737D7F75F109430336754DE155 - 21: EC2A5AE19531D964B6C03C4ACE804909F3B0260DC6, 6DEE21A1B2A14FE5F8C13C3620F35EB4 - 22: F32AEDAF0281234753F5D2903F1FEF505165D4543923, B8F486809ABD26E4CACF6C283CBFBAFA - 23: 482B2728C75FF1206E280FDDD082F2C93EE9C2C15A14E9, 70DA0D202F68BF7DCF126DFE2CC75CA9 - 24: DB67772FC481A6D2F50ECCA59134984869C91436211A24A7, A7391E9F5698DF1BC984F127A874D8F6 - 25: DF60A24E93101ED2F68D3CAAD966F51271603C8E611AB16C3F, A4C44700A6845A75B72C04C1395E9820 - 26: E14DE8BC5A2A8417783267AB659DAC26A84A02B4EB5FA4BAAE7F, 1508521641C38536DAF3B2CE65BC060A - 27: 309D876E6CCB6C8FDF963D6143E2FC091DCF7FA75D002986502500, 323AE0DB790F786252F35547554990E2 - 28: 7D8D3119EA42098509D0B1FB8FDB945E1C6C7AF4E1C9773F82A6D3DF, 8F97D69077AA1AD2BD7A8FBE6950E632 - 29: 597A5B272750C5CCE0591CE40A4CE838F3C326A9BCAB160385D6D431C0, 2F9D9980E31419966C6F5DC8E6DA216D - 30: 676720E8BB37FAD3778C4289CA1442A4905F327798C7C3584FD9518F19CE, 60D96E4249518291C68EE01AEB5A5B05 - 31: 609D0A3770F9BE06D7100E75FA0096F21FA498C28224A9406228534A43DEAD, C3148A9D60CD32EA378720262A3529EA - 32: 18BA4D72E61851F5878E07459A24BDFCB48C6A2AF719584CBE6A0B321078B967, 077031AE31FC5ED7B27ADABDBE699CDE - -OCB-cast5 (8 byte key) - 0: , 77E8002236021687 - 1: 52, D57DF1037B6A799D - 2: 31C9, 7E781759B057D695 - 3: 5C8324, 56965D6CB2C97C0C - 4: 17D99099, 7C52B5D09475F5D3 - 5: 400082C475, 3CA5CDB9B4A0FAE9 - 6: 4DF0E4000C24, DCFEE2C3384F9731 - 7: 10004C3CE32255, 0A6832F985F61658 - 8: FFA6EA76B346893C, 6202693B153254D6 - 9: E96378C94D246AB51C, 5B259FEB715B9159 - 10: A9BED2D59A92D3D9418A, 1E7E066C098A023D - 11: 4EF144B7D4622BAD4DC840, 5DAB2C1D0DF56B08 - 12: 6DBCDF56E57CE47DD3D0CF44, 2A24F2A224368F55 - 13: 43241A0AD933635D7C8EAD47DC, 86B4B5AC22177F19 - 14: 920D6BDBE073F3C75052420C883D, 10943DBB23BD894D - 15: B2C75DF024269833B039CAB19EC865, 84B7DBB425E45855 - 16: 6A9424B6A873BB7155C01DC87E23EC52, 82C5047655952B01 - -OCB-noekeon (16 byte key) - 0: , C810FFEC70BB008FD7C314A732B226E6 - 1: D0, 3C48A2C7E0CE9B9099221EF2CEC56767 - 2: 5542, 518EDB8174B067CBF2568C6911378137 - 3: 65E8A4, 3E4EFF5F6FBC99EF3B71B11F566A20FB - 4: 3D0EF863, A366D5CE05F564B5E676EC78938CCC85 - 5: 89B17BA512, 0E83095D771F654CBD630AC114501A0F - 6: E9AF5FCFEFED, 3A283F7FF02274DD4B48C2CD7E36182D - 7: F7A001CEC51C30, 8392CC274521BB452134713153F36268 - 8: D796E3F23E31D4F2, 351C7B0304E127287A9A1DE38BB3167A - 9: C4E2BBF6B4827E1A84, 275907279D0764CF80D7E6626D81F994 - 10: 6C61226E61F70408A61A, 941AD1718D272BFCB8C5ACE08F90B2D1 - 11: 3C195850E7FD63EFC11F7C, 348A975B60908445230D4D56A0CAB008 - 12: EE5FF5362DA3744C9EAD274B, 875C2167BFAEB65F5601F2DB9035444C - 13: 7DB5392ED1933ED858EC0C52F5, BE6507D8AC743805A872658C680A4D06 - 14: FEDEAE2EC2059D22B960813B5E7D, A559933509C47854176CEEDEC12EB8B4 - 15: 64C81F2169F7CEFBF51E68D4186A36, FFE84A9B49F0E77A9799EDEC7D76B987 - 16: 66532B678D23130714E088FE874C4743, AF95ADA553A68319DBEBDA4172E18A22 - 17: 53E56845C091A1E2372F3FC772017C9804, 9A6AB7CEB632429F2B31FB91C141B6F0 - 18: DAF6832520591B886E2E962ACF5B9D0A38E9, 73FFEBA8997E0C55CB0B4ABE59C86BF6 - 19: 108F04FEFCB5EE68033E57346012CDEB348D14, E08E90976E0F7868994B017D7A007AB8 - 20: 101682160DEB9667FB073F96ED1D9C063ABCE668, FB79A4BEBCA9A7832C72116AD9B98D41 - 21: E10AB0D22A6C4C253D818AB6AF1A3FF5811C6CEF24, 174CD350B069A239F9EB80A7BCADE8B7 - 22: 9F62A79B25D4F5532D78228A50516F97ACB7A2C5DF13, DD25DD14174B5667B0AD70732323C8C4 - 23: 2A0AA96147E74A3B881D62BA692EE27927A9EAB351C6DB, 9CE03AACF9318770BF7E095F90B470DB - 24: 29E38605973D0218AA8BAF2FBAB7722DB242C4775E453372, 72D6038E8927EDDE469F98B84C74A8A3 - 25: 8DBF8C2B5477DBA6E07B269293713D60D60BE29E677CA35C33, 83100BBC1401C890B36890A3FD0CD4EE - 26: 13DE9776093827F254DBF500EEBE0C65DC602A5FDF6AEFFC34D9, D142F6CE9E43633CBE94A2BDCC9AC5A8 - 27: 4A25370043862CF7A12A00A5A278623F9BF8DE33212D35661591EC, 62064DD74F9F6D77682B43D9B44E26B8 - 28: 37C6C6C40DA0581BF041770E330A40185E90426A1A4AC9BCDBC5CA7D, E77EE99F62EB1A38CCD1E90CED6EB5C7 - 29: 6B9047158068957CBF77F35988E5C926C7B262A8EBA9D33638A15B1505, 913DC491D3B2AFF172053CC4D1271F46 - 30: 949E5F05396F60722877EDBAA5D7437DDB24B3E25651458C266992D0854E, 87D4396BBC24646659F10179823066B2 - 31: D48489C360F6EB2BF4155FFD7CCAFA4793B8870BFA4A95C9BEDD372F51C04E, 173EEB238E6186D5A93AC6072A22B772 - 32: ACB6F91E8BDB4CFFE1F2A5F6C712D16177EE06842E4CF27F61C8F68D44C842FF, A1E5F2560183B0AFE466243EF3921E4D - -OCB-skipjack (10 byte key) - 0: , 90EAAB5131AEB43B - 1: 2F, 6274B82063314006 - 2: DAF6, 6A6BCCE84FD4EF02 - 3: 5C2A88, C83D54C562A62852 - 4: B6E8FB5E, C44459EF41C8F296 - 5: 6C0888C119, 269DD7657BD0225F - 6: 1FD9AD7ECCC3, 3CA090F46B107839 - 7: 1EDBFF8AE458A3, 440380BF9745132B - 8: 04DBECC1F31F9F96, 2653620A4877B0E6 - 9: 908AE5648AF988A896, 00180FF33C1DD249 - 10: 53E63E0C297C1FC7859B, 36616209504C4230 - 11: 407BE16144187B4BEBD3A3, 4754B7DD4DB2927B - 12: 9961D87CFEDDF9CC22F2C806, 5947FC41E6B9CEC9 - 13: 9F5254962E4D210ED8AC301252, 97A392BEAF9B3B04 - 14: 379FDA76ECCFDAAC10F67FBF624C, 1D895ABD932BD5EC - 15: 1D5A7AD556FF3078284BB21A536DAA, 01FAE2F4936ED9D2 - 16: 4B8B71396924880CB33EA6EC6593F969, A0F4B1BE3B9B4CCE - -OCB-anubis (16 byte key) - 0: , D22ACF880B297DB0513DFAF0D2DF57D9 - 1: 59, 210A179469D6568AB9470C760415574E - 2: AFA5, 1223F9CD160ABE2F257164C6E5533C87 - 3: 969BEC, A57EC767543CA2ADBA4F5A7423ECA78A - 4: CF8B31F1, 13B5BF9CD87CE15CE696F3AF1B082650 - 5: 9B22DF3852, 4937FDDA0AFDDA04CCD53CCBB0A82745 - 6: E11719B2F0F8, 6847931DBF0223F5CEF66AE3F4DFCF9B - 7: 5A85E0F6DD2266, A1A0AF45A68A681CC396615FE1E1DFB5 - 8: 7F2DFCC65ED86976, 13614A3C6E0E08611D8DF8EE5B7D788F - 9: 1DAF10DFA3F1D53E50, 673632B6DD553BAE90E9E6CC8CDE0FA5 - 10: AF74FD9671F9C0A9879C, B8B4DD448FE967207227B84E42126D90 - 11: 49421CED1167A882E26297, 21C8951A1761E4BD13BC85CBD14D30BD - 12: BC0BC779B83F07D30CB340DA, FAABD25E14FFD8D468AD6616021F604C - 13: 843D7E00F94E61AE950B9AA191, 08933ED5FBDCAF72F788393CD5422D0F - 14: 296F15C383C511C36258F528E331, 8BFFADF5655C1864057D69A6706D1739 - 15: E31D2E80B2DBA4FBFAF52DB0513838, C4CD36821EC631CCBF1F258EE9931288 - 16: 87F319FE9A48E2D087EDF95563896EE5, 517960488E5A118D150A1573E76C290A - 17: 9632B7DC1740BBE0A7AEEFD0F535B5AE8A, 0C24D0950873621D319A928862D3A6AC - 18: 359431ED4B3AC537238CAC2F86126972D403, 4A0CED2F4BFA3355C17D6C5DF9FABFAA - 19: E15B50172EE8DA9C552D448A5A48BEEAA2F11D, 8166B2A2D3A0745D1055F9F503FD6C03 - 20: 75842DDC0D5E3BD80225E4BFBD1298421244D7EF, BB957BB2582B67B63978BCFD7A949EDD - 21: 3DD69162716D5F3E096E614991CAD7ED8E01F926B8, 40A954F31F5B0A2C5DD220ACED8D2B3E - 22: 8A49AC14F59593D5399A10F9346E2FD36F47F64ED419, 4324D408CE7F86370495AF14FBD1A859 - 23: 6AA8FA353BCAAB4262211D75F13D27BE173526B8BC3CFC, BA3A27D79EC8ECBC5A78CB9FD095B766 - 24: B918192BB72CFEF980298EEE570460356A4BA1755576FEAA, EB341ECE0A070E769F498600EE4EBF77 - 25: BEFAE0B77E42A2FD18958D9E43202E8A338562AFF8317461B0, 444C1D6BDC026A01012BB2CEEAD89C2C - 26: 07E86D49CFFE6FB08FDF44584033AF321447003D8AD3862C00C9, DA9355A79B224EF662DA65F19BE494A7 - 27: 911BB223AC6F6E54082FBFEDEC300D73FCAF715CCA35949212B372, 3496160A46A21DCDB5A4C179F159D860 - 28: ABB563FC803715F59AA35460E98470E2E94E4270455ACEBF4297641B, 899CFE1946A060DE620879B8A7464718 - 29: 47D98E83B5849CDE19B14ABCF9EA6CA9684AB49A3AB36BD14F328D808C, 6D76CD5EFF6D4AD3B67A56DF1EB42E05 - 30: C8BF0B71A95884FFB93D64C57E327A4754EC5A1EE26632CF8E0B6B26CBDE, 2B3BE785263B1A400E5893273AFD09AE - 31: 9804D668CF2D75CA58C9671F65630E33909269B9511AF9119BE88EBB35F00C, 3DDA028B1A2339CA817DC8D9371E0FF8 - 32: F6E038A82A09BCD20BAAC7926B2296B78F9CBA9DD12C497C47EA08DBCD8CEA3A, A203FC1E68E21A52E72224891AC10EE2 - -OCB-khazad (16 byte key) - 0: , BDEDFF7AA0070063 - 1: 00, 67E951582D66ED93 - 2: 5FED, 09DC8AEAD70673DE - 3: 26A7CC, CE1436CE1E37D4B0 - 4: 3D2BD063, 574C24395F31511A - 5: 597F1AFCB1, 6FBBE820C6F26CDB - 6: 202DAE442DF6, 58CA6E5706C9852D - 7: 7C20EDA18E9444, AABF0DA252A1BAAD - 8: DEC02BF76DFD5B77, A0A97446B80EACB6 - 9: 5D7A42F73843F9200E, A1DD603372D124CB - 10: 0D4710E454C19B68369E, CC78E9D7EAA6A39F - 11: 126694191BF09A29DCF40E, 76C9B84FA3E8913F - 12: A94EBB86BD325B4FA1942FA5, 613DE312DB1666F7 - 13: 4F9462386469EA0EFDC1BFAFE9, 5247244FD4BBAA6F - 14: 4EB794DFCF3823BDC38FA5EF3B23, 0C12017B5E058398 - 15: D870479780CC5B3B13A7A39029A56F, 003D3FCD31D497B5 - 16: A47BF1218AC86A60F6002CE004AF5E50, B4EC27091D5DCD58 - -OCB-seed (16 byte key) - 0: , D80D16D2D0FB2BD9EBA4912468B893D7 - 1: 12, 8776140CB818C1CBFD2CFCD8BDFC9FFA - 2: F8A1, 597381977898AC43194C302216113CEB - 3: B35B5E, BC327275E7A552C4E0AC0FCB8403A6C4 - 4: 19F57542, 4E49DE569547B619E4187239D9B755C2 - 5: EAD2D99E86, 53DCC5FAB4DE25541A22AF0309C9FE78 - 6: 4902A8FF9AF9, 950D9A28DFBDAECE5F14D47E6B7A8B8B - 7: 45FE502602EA4E, 69CD243A3CF17FE51ABBFA2CDE510BCC - 8: D54F2EDE48207CFB, 775EE6140AACF9D56787071F08F36F67 - 9: FEDBBFD9FAABC80186, B37B2C643D62A205BD009BB55D50B918 - 10: 3541A86C889AFEB783B7, FE41A36AC076F417B6A3870DB712CC1F - 11: 62EB71A2EAFDDE1A050AFC, A953ECF1F0B53438E869F0CFB84CB142 - 12: 77AFE377460D6A51208194DB, 5CC2A9D8499F1B25D78937DAFB1DED10 - 13: A34FCDD7CA45DFAA2178CDC7E8, A14A119115143EE2B4719282C9E2356C - 14: A61FA4E9550280C8AAC87EF7A204, A87DDD9631C87ED0792C067E8D7F1D9B - 15: EE82AF5C51896AED298B0C12E00ECF, 9051873090B013508F93677D3A080E96 - 16: 5D532646FAD510E984959C4E14F853D7, 275D8DF932818030F1269804DE06A73B - 17: 1D77F8916DF479DDCE3F49A1D9DEFA40FB, 99611A067F45F140AFDB6FB7E9C23DF2 - 18: 5857267B77E7B8D7732509AEAC0AA80BDB2C, 3159BF09910493977A33268C7F7DBC01 - 19: 1CF64E54D48811F02DAAE472846E65235DC8B7, 78F88A35E2D93A0746058D1B37762A27 - 20: 8CC20A5FEFE9AAE81742DE70453F62A961188DB7, EDA9E9208EC38152E53AFD62ABC77F0B - 21: 1D6CCEEEC72CC7369C33F5CD83ED0DCD6F5613D562, 9FEFD274F3F906B11DD87CC2C0F9D0A2 - 22: 20A9C1EAD88F005DB8F69C8BE005D8A010B261FF2EAD, A341F754932DCBC6DAFE4231918A9CF1 - 23: DCEC1BB28E8D77D69B5148FB02E02C281B68BA6E9768B0, 6AAB2EEB1D25D2DF7CEEFA6054E295DA - 24: 7C4F7165943DB1EFA5731F5C75931F4391F0C40D5731BC54, 3FBFF88733ACE5289D9FB9CD24C44C3F - 25: F5E2C8A9B3A02E0BB86F9E969B0EDA5F554B0C8902BB6F4643, DFB22569019686B2EE92ABA9EE6610B0 - 26: 42B7D0E9613AFAD6E8093E4F638BC96E22413F15A84202188C31, 002F0F602F596236A8F239E81CE47FC0 - 27: 88B89B7756BD3BE09467998FABD12BCE87E5FE994ADE9B30844AE6, 05E0E8AFA55C3B571A849CE4C9F1F477 - 28: 10452565D15D1D829FC54F61960C6A749AFB91086E388269CF6B588A, DD88B0C63E040DF8878B3C919AA95218 - 29: E68619409B86082C744496FC3F645CE1134E84192D2CBCE1CFEEB12612, 83258C337EF21302724CE051A03195D6 - 30: 840277319319EF1DDF6A57682B6695550157F5B76756BF81BFFB3394AFC0, 183FA85F8E91F8972DA23108FA066F20 - 31: C74A4B01328B809397C07F4FC16131FBEE6396293181C327ADB50EF39CC936, D6C5CF79D47995D7CDB5745F601D859F - 32: FF3FEE866339B01DD2C1EC0C0E569A458A77DD014AF0CC9C0A8DC52A52133940, BF1AF01F2CB34CBAF1EAB96FBCCB5404 - -OCB-kasumi (16 byte key) - 0: , 7B4CE3A5B7284F8B - 1: F8, 80584D787B7AE753 - 2: D37A, 7BD7B52BE65B995C - 3: 2D07BF, 6E6E16FDFE808D21 - 4: 9F1A8E7F, 810CDE98B80F2CF2 - 5: C6A7842512, CB6E9709AD7E8545 - 6: 056553F25EE5, 24A74A113D68E373 - 7: C3E0215DEABD43, 80B9F0ABDC207E04 - 8: 38DA7B24B04DDF91, AEEB273DCAE4F743 - 9: 34169FBF64966E0EB8, 1D10D18FC0DF5372 - 10: 5B3A510F1AE97BFCE1EA, 5B1342A77724DBF7 - 11: 39D1B5067E584E59BB6603, 38EDA20D46B2563D - 12: AC2DD02E2406D7D8175EB308, AE7DCB1AE6188975 - 13: B0623EDBC20FEBEDF9B4AB70E6, E218732D221A04A4 - 14: 82F57A435A92E28B56F4EF5E7EA8, CC5842752D089C26 - 15: F2D54E3B9022AB32F668AD5A20D050, D811DF3DE76089FF - 16: 1CAC13A538AFC64D9747226AC23F072C, 2DF49C64213B35B9 - -OCB-multi2 (40 byte key) - 0: , 70A2AD75028C8B3E - 1: 3E, 76BE76B249142049 - 2: 5C21, E31CDBD0ED6B864D - 3: 62BC9F, F1124FC4C9C82617 - 4: BB5AC85A, 97035E20D4FFEC81 - 5: 500D9D05E3, 86D5EC5AD1D55434 - 6: 5179B8442E46, 432EAB80B938A00E - 7: 361000D13C364B, 5ADB3F9FD65EC776 - 8: 5C5BD790B927CBE4, F6ED8E9D330FD37E - 9: 2020DD735C5D7B4739, F98DEFD6A8368E1F - 10: 008A8548790A3582C2AC, 041C4E2FA196390C - 11: E6409403D3E2E4385EE54E, 25AE9113A0E7A3EF - 12: E23E598908C755FCF9D51E39, 21BF8C9F319FB44F - 13: C1F13F46FF04717C7E54FFBDC7, E7D8CDF40A1D78A5 - 14: 27721EB66D4F6362308B96DD9895, A374C96FCA94C809 - 15: 1A393F94CB9ACD3BB93D8766C63569, 45A090303B71D35D - 16: BCC0498FB13CEE8A615FF6409EDF1707, 9589A4CBC481A455 - -OCB-camellia (16 byte key) - 0: , 6972CC27A9711EAE6654851AB8E0C53F - 1: A2, 208D783961FD532E14376B4EE904FE52 - 2: 1177, C7CC74015F7EDD9A72F7435494D8A050 - 3: 0F8502, F1A708AA0F485A554E2E76592CD9D7F4 - 4: 9986180B, D47186A8B539F890824DEBA223861ACD - 5: C0FF4519C3, 4430A9453016E4974CFB5380A1F3E95F - 6: 2AC54E3E6A0B, 6E320BE8DAF4BA0462A57BECC574740F - 7: 846053E1A37A6A, 5B91B680B92517781DC362C2F3E144E4 - 8: CCB09ECFF76EEE2C, F91E7E245F4C8A404F3ECC7DE49261C3 - 9: E049E2AA271388106E, 8C6981A160D831F4DC57FACE5ACCF006 - 10: 761782341D52BA8AD12F, 672DC4B06DBBCED80381CE4845757F0B - 11: 92AD781DEC4549940265C6, DB04CAABC54E71FE1A9C41DF1ED5C52E - 12: D507B77EEE9BE07EAD700143, B3EFCC0B27DC85166E04E7BC39E45C58 - 13: 5AA1AD6B9CAE3001D4C1CC4048, 424D8A22F7B9ADA30AAC0C1D3D4E77F9 - 14: C69E96F7A4B9A6F0F2C7EFA72C26, 678144F802AE9DD83D11877779B48972 - 15: E2596B3FE48EF6EC50D857C8B4E3F4, DDB3BD2B8AB2FA71C7F56C8E57AFF2C2 - 16: D81664A002E03A75E08CF16EE7670E97, B56A0B0955E15E62C557C6E66782AF4C - 17: A8F2696A972A87C784FDC775439470D822, 36E3AD03CB18002A17D49E466CE64814 - 18: C2B537D807BD1ACA734AA072D9C2B836F588, 449B05D145666D1E5A92E204FC3507D7 - 19: D5418F1288BFA7D39D23B3C6ECF797397D3D44, B0CFBA612544B8AB159E9D4AD1FFB3D4 - 20: 2F9522460182291C6F264308E0363B9FE312E517, 1EE4CB38075B67463FB9DE26DF9D581C - 21: DF2881568BECA504A66E4B15BEA58AE6E99D0270E6, 3283D46803FC33098BB262FC1D2B2157 - 22: 4B0083A4CF7E166C8466A5B991AD0CDF71F9DF010EE7, 7C91D9A5DF6C76CB02D83D8C7F3D8D07 - 23: AC0457474B4193647D62906BD08D8C8EB32BE151555B68, 0A448FF3C468D7CDC945724172CEB66F - 24: E6E7786EBECDC296F072CD66C89141C700DE2A8B5DBF6549, 68ACCB5FEC04717FB21FF3B46A34BC74 - 25: 860865770047A9798D90C9365E9C9F8210CB804D785D65E2C0, A58F22FFC4CBFE3BBA451BE4B3B95723 - 26: F157588B4F98D798E6850D8F04ABF9905C1BBB2D055ADE1EA424, D6960C1EA6DAF225366374333D38EBDB - 27: DE3431977821BC861CD88E4236BCAAAFFE3C894607498FB8D68746, A3D23729464BD38338F4AC5B4D9F5C81 - 28: 3F2F0AB546E118B76B937D539806DC02D02A5D42D64926A9E1101D66, 3C0D2D23F5DAF7D36DDC0F87B4163F42 - 29: 3F9FFAE1D7BC62BB80A2FA2728FC33FF02E26CB9F52EA8D03FFE95A49A, 96B45B3F946E629ED974EFA7B66F5DDF - 30: A398B66C8425CE9E8A6BF5AB900CEA1EAE811E06AC7BC0D69A53FB2015BB, F83411C72B7DB201B254565D1DD8D1BF - 31: 9C760ED6C10A80C52F092ED20AB1D03A52427B6235F3C7FE7541033AACDD74, 8AB98FCA89D1245B177E0AC06E083024 - 32: C38F260587B3BA9919601BD0A56909FB36ABCEB8968D08DD6B74F1EF5ED7065C, E357D0D56124276790DACA38D95792BB - -OCB-idea (16 byte key) - 0: , BDB7AEE81A437AD8 - 1: 20, 98EC8CAA4544B41E - 2: CF69, 33A6414FBC482456 - 3: 25723A, DA6DE676482C6607 - 4: E4220FC6, F67538CEA28002AE - 5: E440418489, A21E9F1D15F44038 - 6: 886944E0CF10, 2EF54D278B08DE7D - 7: 5088BF9EFA7E6E, 8443C572C85AF187 - 8: 0D6765F689BF0BE5, 7E658DF3FA677FD0 - 9: D5D02EDEB67AC6E573, 1B1568BC59905994 - 10: 0C6BDA63A6EF19AE4A3F, 6FA765B6906E5B8B - 11: C58013FE24604DCD40611D, 58A5351EA8CADBC4 - 12: DB78CF844EA91A3F7CCF1478, F9B6EC2F22888C12 - 13: 4329E9812856B9A80297CC95C7, 46A1DE8C53B6A1A4 - 14: 6D1CD2DF838697CACCDB28376973, A587EE5CE2351348 - 15: 21C3BCB256DBFC0B472F30A6D469CA, 3ADD0D84695C5B14 - 16: BE073E735F86AFA6D3A4F56C914D5EB8, 07921F5BA6E9F250 - -OCB-serpent (16 byte key) - 0: , D9490CE405238D17C036B3E5DF4DFC7F - 1: DB, 44C1E20A0467B693019DFBA21EAF9035 - 2: A343, 2E20DAB7135E395AA3FF227959A70610 - 3: CB7E24, EE8FAA34CA9C43CFB24061B79DE82C70 - 4: F9BCE9E7, B6A48414BED23D37F99FED990A3A0B14 - 5: 2D3FB0FEA0, 06700497ABDC995F781771CCEAC341B7 - 6: 0C1BAB99858B, E4EB74D56565A50D16CF91D9872B702E - 7: 72CEBD89561A1D, 8FCC39F07C721EC8C92AEEA3C4BE845F - 8: A6CC972273DAF3E8, 099BDEA86D5CB994285A7AB9BC59EAC7 - 9: 0ED1E78C9A39377377, C969C9583F3CCE5799630C5450BE9134 - 10: F68611B69D657B6D6DC4, 893C25068299C5F6305411E3A9199616 - 11: 7402BE21EEE415AA5438F8, 01916E4C573FF695CFEC41C7F29EA1CC - 12: 125918FFB1902AC3F4F81265, F3EA4E417E4DA6B8BDCCC8BD4E87FE27 - 13: 01C2E839EB6C4CFFFF4856C97C, B57A6FB6918F8E11113E449D75CF638F - 14: 708B33704EB6E379FEC223371C74, 44EC0A795B2E604D29B8E917A73EAC29 - 15: A45EEE44431E19F61B5E4D257B7BDD, E42E3A6D212B42595E39E5A6E14B0C43 - 16: F23AD7425EB8D3CE0FAFDCBEF52A1962, 5C6BD772DD1DE0070391A9BF63D0913D - 17: 9B40D36F988B6F105380C7C949EDB1F379, 78FC67EEC03CE078A72977801B75DA52 - 18: 9A894DFCA373610C48ED16149CE0D84E2939, D2E05400320F61FDAF1729F5505B513F - 19: 47CE7BBF27734E7C480CD4F9DD69F4B3E11223, 07C22A4DCCB71372A12ABB0ED2C5EAD3 - 20: 61F7F55DD6DC89472728E54C53CCC7034922EC7C, 490D005087FF9ACB5211FE2E40D3B5B7 - 21: DE27EBD9891828F422321C96BA900026F4033A1B98, E8C33743F34494061455F0F5A104F218 - 22: D73F22E0BBE04F9B7537DB5A8B35D9B978AC45B1DCA0, 3271FA71E989D845EEB7E76755A68CB0 - 23: F61DC254C28E7CEA0B526D9E4BF0E6C554A09251BC0BAA, FA74560634DDAD5F56B8842B2E49EFE8 - 24: 6155A4D65C03F0AB2665FC65408FDD29276C4D3B6E957CCE, E41DCA2C8D3601AD9C344BE53334F8A7 - 25: 9C4487CC097FF24A45502A9A3C0F7A2134235EDB2108ED470A, C28CB7100F45C6D87B0CE1682871761D - 26: 0CB17A181F579A62B28A1171B1C3AF8A275C8D99D6AF95A3514A, 33BB5B063092B223A40C310B98B8FDE9 - 27: A5D0455E5E4C3DE2009A774F055F5DDAFFDC89A25872E99DCB1E75, 19488A3644BBF9BB621E80ED45EB826D - 28: F4A054D11AD6B2A3A7F7A4EF40A09243373F4C151320464A0A9A9E06, 272D1709AA49838DEDA8F78D9878CD4F - 29: 83EFF58C64BFCD1CB5DD0F6D040B8ACFE6C8992E14605FCCCFF142D0AC, 5BE7739321D83A5E4CC9AB5FA6D56966 - 30: E12A3514CBF30326E5078B8117678823E6AFA8F3A78FEAF06C5B1508CEA0, 301B3BE76675FD30209EEA086BB40CD8 - 31: 77E2B65956B52BD90E90081F389BBFC8D4550FBCC74B6469C5CE98FC093A0F, C43272FD03A35AE4D9AF467CD7811F1D - 32: 77E116BE37F8153D717F3F19DEFD045C2E8CAC499295B9EE6A95A3509D4CBC47, A0406E2C09C510AB5A9E5A5B20B0C306 - -OCB-tea (16 byte key) - 0: , 1A6D3BE15B6C879D - 1: B5, 91A035C7871CCF11 - 2: AEB1, C715E399C46D9DD1 - 3: 2B3273, 2F8BD77A9E036FA5 - 4: 5C009E43, 1CDEEEA46EEAE63F - 5: 8E07B56FEB, 2A486014BEDC6B01 - 6: F2D5B9842DE7, 1734AB18A976BACB - 7: C49F333DFA40A8, 007BEE13E4B1151F - 8: 4A99C75688B0DBA8, 2BB62A22623A02B3 - 9: 1E1175070E0C9EBBE5, B9750E34056F00AF - 10: D066C7016D6458538A33, C8301F29178F512D - 11: 6B036FFB0C6636135ADC66, 48967AD3659260BA - 12: 3018AB281C87CA4185A53207, 4F043FB366001F3C - 13: 93DA80463817D8A43B5D59133C, E95DE5587B95E6AC - 14: C1389108A40292097F489603BF2D, 8E56A1F7B04194EB - 15: 36E512F52335419EB6DAD9CB9C40BC, F0498560CD814C62 - 16: 2381E281D648AFF1ABB7D65B9AE41B35, EEC952B027B9A81D - diff --git a/src/encauth/ocb/ocb_decrypt.c b/src/encauth/ocb/ocb_decrypt.c deleted file mode 100644 index 98f36e48a..000000000 --- a/src/encauth/ocb/ocb_decrypt.c +++ /dev/null @@ -1,59 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_decrypt.c - OCB implementation, decrypt data, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Decrypt a block with OCB. - @param ocb The OCB state - @param ct The ciphertext (length of the block size of the block cipher) - @param pt [out] The plaintext (length of ct) - @return CRYPT_OK if successful -*/ -int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt) -{ - unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - /* can't use a encrypt-only descriptor */ - LTC_ARGCHK(cipher_descriptor[ocb->key.cipher].ecb_decrypt != NULL); - - /* Get Z[i] value */ - ocb_shift_xor(ocb, Z); - - /* xor ct in, encrypt, xor Z out */ - for (x = 0; x < ocb->block_len; x++) { - tmp[x] = ct[x] ^ Z[x]; - } - if ((err = ecb_decrypt_block(tmp, pt, &ocb->key)) != CRYPT_OK) { - return err; - } - for (x = 0; x < ocb->block_len; x++) { - pt[x] ^= Z[x]; - } - - /* compute checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= pt[x]; - } - - -#ifdef LTC_CLEAN_STACK - zeromem(Z, sizeof(Z)); - zeromem(tmp, sizeof(tmp)); -#endif - return CRYPT_OK; -} - -#endif - diff --git a/src/encauth/ocb/ocb_decrypt_verify_memory.c b/src/encauth/ocb/ocb_decrypt_verify_memory.c deleted file mode 100644 index 0f4dcb78a..000000000 --- a/src/encauth/ocb/ocb_decrypt_verify_memory.c +++ /dev/null @@ -1,74 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_decrypt_verify_memory.c - OCB implementation, helper to decrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Decrypt and compare the tag with OCB. - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the block cipher) - @param ct The ciphertext - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The tag to compare against - @param taglen The length of the tag (octets) - @param stat [out] The result of the tag comparison (1==valid, 0==invalid) - @return CRYPT_OK if successful regardless of the tag comparison -*/ -int ocb_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat) -{ - int err; - ocb_state *ocb; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(stat != NULL); - - /* allocate memory */ - ocb = XMALLOC(sizeof(ocb_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) { - goto LBL_ERR; - } - - while (ctlen > (unsigned long)ocb->block_len) { - if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) { - goto LBL_ERR; - } - ctlen -= ocb->block_len; - pt += ocb->block_len; - ct += ocb->block_len; - } - - err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, stat); -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb_state)); -#endif - - XFREE(ocb); - - return err; -} - -#endif diff --git a/src/encauth/ocb/ocb_done_decrypt.c b/src/encauth/ocb/ocb_done_decrypt.c deleted file mode 100644 index 3d516c9b9..000000000 --- a/src/encauth/ocb/ocb_done_decrypt.c +++ /dev/null @@ -1,68 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_done_decrypt.c - OCB implementation, terminate decryption, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Terminate a decrypting OCB state - @param ocb The OCB state - @param ct The ciphertext (if any) - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The authentication tag (to compare against) - @param taglen The length of the authentication tag provided - @param stat [out] The result of the tag comparison - @return CRYPT_OK if the process was successful regardless if the tag is valid -*/ -int ocb_done_decrypt(ocb_state *ocb, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, int *stat) -{ - int err; - unsigned char *tagbuf; - unsigned long tagbuflen; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(stat != NULL); - - /* default to failed */ - *stat = 0; - - /* allocate memory */ - tagbuf = XMALLOC(MAXBLOCKSIZE); - if (tagbuf == NULL) { - return CRYPT_MEM; - } - - tagbuflen = MAXBLOCKSIZE; - if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (taglen <= tagbuflen && XMEM_NEQ(tagbuf, tag, taglen) == 0) { - *stat = 1; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tagbuf, MAXBLOCKSIZE); -#endif - - XFREE(tagbuf); - - return err; -} - -#endif - diff --git a/src/encauth/ocb/ocb_done_encrypt.c b/src/encauth/ocb/ocb_done_encrypt.c deleted file mode 100644 index 5cd39adc4..000000000 --- a/src/encauth/ocb/ocb_done_encrypt.c +++ /dev/null @@ -1,34 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_done_encrypt.c - OCB implementation, terminate encryption, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Terminate an encryption OCB state - @param ocb The OCB state - @param pt Remaining plaintext (if any) - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext (if any) - @param tag [out] The tag for the OCB stream - @param taglen [in/out] The max size and resulting size of the tag - @return CRYPT_OK if successful -*/ -int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen) -{ - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - return s_ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0); -} - -#endif - diff --git a/src/encauth/ocb/ocb_encrypt.c b/src/encauth/ocb/ocb_encrypt.c deleted file mode 100644 index a38765a7b..000000000 --- a/src/encauth/ocb/ocb_encrypt.c +++ /dev/null @@ -1,54 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_encrypt.c - OCB implementation, encrypt data, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Encrypt a block of data with OCB. - @param ocb The OCB state - @param pt The plaintext (length of the block size of the block cipher) - @param ct [out] The ciphertext (same size as the pt) - @return CRYPT_OK if successful -*/ -int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct) -{ - unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - /* compute checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= pt[x]; - } - - /* Get Z[i] value */ - ocb_shift_xor(ocb, Z); - - /* xor pt in, encrypt, xor Z out */ - for (x = 0; x < ocb->block_len; x++) { - tmp[x] = pt[x] ^ Z[x]; - } - if ((err = ecb_encrypt_block(tmp, ct, &ocb->key)) != CRYPT_OK) { - return err; - } - for (x = 0; x < ocb->block_len; x++) { - ct[x] ^= Z[x]; - } - -#ifdef LTC_CLEAN_STACK - zeromem(Z, sizeof(Z)); - zeromem(tmp, sizeof(tmp)); -#endif - return CRYPT_OK; -} - -#endif diff --git a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c b/src/encauth/ocb/ocb_encrypt_authenticate_memory.c deleted file mode 100644 index 7560a6e71..000000000 --- a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c +++ /dev/null @@ -1,72 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_encrypt_authenticate_memory.c - OCB implementation, encrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Encrypt and generate an authentication code for a buffer of memory - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block ciphers block size) - @param pt The plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext - @param tag [out] The authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int ocb_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen) -{ - int err; - ocb_state *ocb; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - - /* allocate ram */ - ocb = XMALLOC(sizeof(ocb_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) { - goto LBL_ERR; - } - - while (ptlen > (unsigned long)ocb->block_len) { - if ((err = ocb_encrypt(ocb, pt, ct)) != CRYPT_OK) { - goto LBL_ERR; - } - ptlen -= ocb->block_len; - pt += ocb->block_len; - ct += ocb->block_len; - } - - err = ocb_done_encrypt(ocb, pt, ptlen, ct, tag, taglen); -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb_state)); -#endif - - XFREE(ocb); - - return err; -} - -#endif diff --git a/src/encauth/ocb/ocb_init.c b/src/encauth/ocb/ocb_init.c deleted file mode 100644 index 9460e4044..000000000 --- a/src/encauth/ocb/ocb_init.c +++ /dev/null @@ -1,131 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_init.c - OCB implementation, initialize state, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -#define polys ocb_polys -static const struct { - int len; - unsigned char poly_div[MAXBLOCKSIZE], - poly_mul[MAXBLOCKSIZE]; -} polys[] = { -{ - 8, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B } -}, { - 16, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 } -} -}; - -/** - Initialize an OCB context. - @param ocb [out] The destination of the OCB state - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the cipher) - @return CRYPT_OK if successful -*/ -int ocb_init(ocb_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, const unsigned char *nonce) -{ - int poly, x, y, m, err; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - - /* valid cipher? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* determine which polys to use */ - ocb->block_len = cipher_descriptor[cipher].block_length; - x = (int)LTC_ARRAY_SIZE(polys); - for (poly = 0; poly < x; poly++) { - if (polys[poly].len == ocb->block_len) { - break; - } - } - if (poly == x) { - return CRYPT_INVALID_ARG; /* block_len not found in polys */ - } - if (polys[poly].len != ocb->block_len) { - return CRYPT_INVALID_ARG; - } - - /* schedule the key */ - if ((err = ecb_start(cipher, key, keylen, 0, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find L = E[0] */ - zeromem(ocb->L, ocb->block_len); - if ((err = ecb_encrypt_block(ocb->L, ocb->L, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find R = E[N xor L] */ - for (x = 0; x < ocb->block_len; x++) { - ocb->R[x] = ocb->L[x] ^ nonce[x]; - } - if ((err = ecb_encrypt_block(ocb->R, ocb->R, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find Ls[i] = L << i for i == 0..31 */ - XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len); - for (x = 1; x < 32; x++) { - m = ocb->Ls[x-1][0] >> 7; - for (y = 0; y < ocb->block_len-1; y++) { - ocb->Ls[x][y] = ((ocb->Ls[x-1][y] << 1) | (ocb->Ls[x-1][y+1] >> 7)) & 255; - } - ocb->Ls[x][ocb->block_len-1] = (ocb->Ls[x-1][ocb->block_len-1] << 1) & 255; - - if (m == 1) { - for (y = 0; y < ocb->block_len; y++) { - ocb->Ls[x][y] ^= polys[poly].poly_mul[y]; - } - } - } - - /* find Lr = L / x */ - m = ocb->L[ocb->block_len-1] & 1; - - /* shift right */ - for (x = ocb->block_len - 1; x > 0; x--) { - ocb->Lr[x] = ((ocb->L[x] >> 1) | (ocb->L[x-1] << 7)) & 255; - } - ocb->Lr[0] = ocb->L[0] >> 1; - - if (m == 1) { - for (x = 0; x < ocb->block_len; x++) { - ocb->Lr[x] ^= polys[poly].poly_div[x]; - } - } - - /* set Li, checksum */ - zeromem(ocb->Li, ocb->block_len); - zeromem(ocb->checksum, ocb->block_len); - - /* set other params */ - ocb->block_index = 1; - - return CRYPT_OK; -} - -#undef polys - -#endif diff --git a/src/encauth/ocb/ocb_ntz.c b/src/encauth/ocb/ocb_ntz.c deleted file mode 100644 index bf933fd94..000000000 --- a/src/encauth/ocb/ocb_ntz.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_ntz.c - OCB implementation, internal function, by Tom St Denis -*/ - -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Returns the number of leading zero bits [from lsb up] - @param x The 32-bit value to observe - @return The number of bits [from the lsb up] that are zero -*/ -int ocb_ntz(unsigned long x) -{ -#if defined(LTC_HAVE_CTZL_BUILTIN) - if (x == 0) - return sizeof(unsigned long) * CHAR_BIT; - return __builtin_ctzl(x); -#else - int c; - x &= 0xFFFFFFFFUL; - c = 0; - while ((x & 1) == 0) { - ++c; - x >>= 1; - } - return c; -#endif -} - -#endif diff --git a/src/encauth/ocb/ocb_shift_xor.c b/src/encauth/ocb/ocb_shift_xor.c deleted file mode 100644 index 2f7bb3b88..000000000 --- a/src/encauth/ocb/ocb_shift_xor.c +++ /dev/null @@ -1,27 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_shift_xor.c - OCB implementation, internal function, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Compute the shift/xor for OCB (internal function) - @param ocb The OCB state - @param Z The destination of the shift -*/ -void ocb_shift_xor(ocb_state *ocb, unsigned char *Z) -{ - int x, y; - y = ocb_ntz(ocb->block_index++); - for (x = 0; x < ocb->block_len; x++) { - ocb->Li[x] ^= ocb->Ls[y][x]; - Z[x] = ocb->Li[x] ^ ocb->R[x]; - } -} - -#endif diff --git a/src/encauth/ocb/ocb_test.c b/src/encauth/ocb/ocb_test.c deleted file mode 100644 index c1ea9a8f0..000000000 --- a/src/encauth/ocb/ocb_test.c +++ /dev/null @@ -1,224 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_test.c - OCB implementation, self-test by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Test the OCB protocol - @return CRYPT_OK if successful -*/ -int ocb_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - static const struct { - int ptlen; - unsigned char key[16], nonce[16], pt[34], ct[34], tag[16]; - } tests[] = { - - /* OCB-AES-128-0B */ -{ - 0, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0 }, - /* ct */ - { 0 }, - /* tag */ - { 0x15, 0xd3, 0x7d, 0xd7, 0xc8, 0x90, 0xd5, 0xd6, - 0xac, 0xab, 0x92, 0x7b, 0xc0, 0xdc, 0x60, 0xee }, -}, - - - /* OCB-AES-128-3B */ -{ - 3, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02 }, - /* ct */ - { 0xfc, 0xd3, 0x7d }, - /* tag */ - { 0x02, 0x25, 0x47, 0x39, 0xa5, 0xe3, 0x56, 0x5a, - 0xe2, 0xdc, 0xd6, 0x2c, 0x65, 0x97, 0x46, 0xba }, -}, - - /* OCB-AES-128-16B */ -{ - 16, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* ct */ - { 0x37, 0xdf, 0x8c, 0xe1, 0x5b, 0x48, 0x9b, 0xf3, - 0x1d, 0x0f, 0xc4, 0x4d, 0xa1, 0xfa, 0xf6, 0xd6 }, - /* tag */ - { 0xdf, 0xb7, 0x63, 0xeb, 0xdb, 0x5f, 0x0e, 0x71, - 0x9c, 0x7b, 0x41, 0x61, 0x80, 0x80, 0x04, 0xdf }, -}, - - /* OCB-AES-128-20B */ -{ - 20, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13 }, - /* ct */ - { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, - 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, - 0x70, 0x03, 0xeb, 0x55}, - /* tag */ - { 0x75, 0x30, 0x84, 0x14, 0x4e, 0xb6, 0x3b, 0x77, - 0x0b, 0x06, 0x3c, 0x2e, 0x23, 0xcd, 0xa0, 0xbb }, -}, - - /* OCB-AES-128-32B */ -{ - 32, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, - /* ct */ - { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, - 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, - 0x4a, 0xfc, 0xbb, 0x7f, 0xed, 0xc0, 0x8c, 0xa8, - 0x65, 0x4c, 0x6d, 0x30, 0x4d, 0x16, 0x12, 0xfa }, - - /* tag */ - { 0xc1, 0x4c, 0xbf, 0x2c, 0x1a, 0x1f, 0x1c, 0x3c, - 0x13, 0x7e, 0xad, 0xea, 0x1f, 0x2f, 0x2f, 0xcf }, -}, - - /* OCB-AES-128-34B */ -{ - 34, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21 }, - /* ct */ - { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, - 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, - 0xd4, 0x90, 0x3d, 0xd0, 0x02, 0x5b, 0xa4, 0xaa, - 0x83, 0x7c, 0x74, 0xf1, 0x21, 0xb0, 0x26, 0x0f, - 0xa9, 0x5d }, - - /* tag */ - { 0xcf, 0x83, 0x41, 0xbb, 0x10, 0x82, 0x0c, 0xcf, - 0x14, 0xbd, 0xec, 0x56, 0xb8, 0xd7, 0xd6, 0xab }, -}, - -}; - - int err, x, idx, res; - unsigned long len; - unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE], outpt[MAXBLOCKSIZE]; - - /* AES can be under rijndael or aes... try to find it */ - if ((idx = find_cipher("aes")) == -1) { - if ((idx = find_cipher("rijndael")) == -1) { - return CRYPT_NOP; - } - } - - for (x = 0; x < (int)LTC_ARRAY_SIZE(tests); x++) { - len = sizeof(outtag); - if ((err = ocb_encrypt_authenticate_memory(idx, tests[x].key, 16, - tests[x].nonce, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) { - return err; - } - - if (ltc_compare_testvector(outtag, len, tests[x].tag, sizeof(tests[x].tag), "OCB Tag", x) || - ltc_compare_testvector(outct, tests[x].ptlen, tests[x].ct, tests[x].ptlen, "OCB CT", x)) { - return CRYPT_FAIL_TESTVECTOR; - } - - /* Decrypt with separate input and output buffers. Historically - * s_ocb_done() had an aliasing bug in its decrypt path that only - * surfaced when ct and pt were distinct buffers (the earlier - * in-place call below masked it). Run this case first so it is - * exercised on every test vector. - */ - XMEMSET(outpt, 0, sizeof(outpt)); - if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen, - outpt, tests[x].tag, len, &res)) != CRYPT_OK) { - return err; - } - if ((res != 1) || ltc_compare_testvector(outpt, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB separate-buffer", x)) { -#ifdef LTC_TEST_DBG - printf("\n\nOCB: Failure-decrypt (separate buffers) - res = %d\n", res); -#endif - return CRYPT_FAIL_TESTVECTOR; - } - - /* Also exercise the in-place form for backward compatibility. */ - if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen, - outct, tests[x].tag, len, &res)) != CRYPT_OK) { - return err; - } - if ((res != 1) || ltc_compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB", x)) { -#ifdef LTC_TEST_DBG - printf("\n\nOCB: Failure-decrypt - res = %d\n", res); -#endif - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -#endif /* LTC_TEST */ -} - -#endif /* LTC_OCB_MODE */ - - -/* some comments - - -- it's hard to seek - -- hard to stream [you can't emit ciphertext until full block] - -- The setup is somewhat complicated... -*/ diff --git a/src/encauth/ocb/s_ocb_done.c b/src/encauth/ocb/s_ocb_done.c deleted file mode 100644 index a889372db..000000000 --- a/src/encauth/ocb/s_ocb_done.c +++ /dev/null @@ -1,140 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file s_ocb_done.c - OCB implementation, internal helper, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/* Since the last block is encrypted in CTR mode the same code can - * be used to finish a decrypt or encrypt stream. The only difference - * is we XOR the final ciphertext into the checksum so we have to xor it - * before we CTR [decrypt] or after [encrypt] - * - * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... - */ - -/** - Shared code to finish an OCB stream - @param ocb The OCB state - @param pt The remaining plaintext [or input] - @param ptlen The length of the input (octets) - @param ct [out] The output buffer - @param tag [out] The destination for the authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @param mode The mode we are terminating, 0==encrypt, 1==decrypt - @return CRYPT_OK if successful -*/ -int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode) - -{ - unsigned char *Z, *Y, *X; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - if ((int)ptlen > ocb->block_len || (int)ptlen < 0) { - return CRYPT_INVALID_ARG; - } - - /* allocate ram */ - Z = XMALLOC(MAXBLOCKSIZE); - Y = XMALLOC(MAXBLOCKSIZE); - X = XMALLOC(MAXBLOCKSIZE); - if (X == NULL || Y == NULL || Z == NULL) { - if (X != NULL) { - XFREE(X); - } - if (Y != NULL) { - XFREE(Y); - } - if (Z != NULL) { - XFREE(Z); - } - return CRYPT_MEM; - } - - /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */ - ocb_shift_xor(ocb, X); - XMEMCPY(Z, X, ocb->block_len); - - X[ocb->block_len-1] ^= (ptlen*8)&255; - X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255; - for (x = 0; x < ocb->block_len; x++) { - X[x] ^= ocb->Lr[x]; - } - - /* Y[m] = E(X[m])) */ - if ((err = ecb_encrypt_block(X, Y, &ocb->key)) != CRYPT_OK) { - goto error; - } - - if (mode == 1) { - /* decrypt mode: xor C[m] into checksum. The function's parameter - * names are misleading (see header comment) -- in decrypt mode the - * input ciphertext lives in `pt` (not `ct`), and `ct` is the output - * plaintext buffer that has not been written yet. Reading from `ct` - * here only happens to work when the caller aliases the input and - * output buffers (in-place decryption); with separate buffers the - * checksum is computed against uninitialised memory and the tag - * verification fails. Use `pt` (the input parameter) so the code - * works for both in-place and separate-buffer callers. - */ - for (x = 0; x < (int)ptlen; x++) { - ocb->checksum[x] ^= pt[x]; - } - } - - /* C[m] = P[m] xor Y[m] */ - for (x = 0; x < (int)ptlen; x++) { - ct[x] = pt[x] ^ Y[x]; - } - - if (mode == 0) { - /* encrypt mode */ - /* xor C[m] into checksum */ - for (x = 0; x < (int)ptlen; x++) { - ocb->checksum[x] ^= ct[x]; - } - } - - /* xor Y[m] and Z[m] into checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= Y[x] ^ Z[x]; - } - - /* encrypt checksum, er... tag!! */ - if ((err = ecb_encrypt_block(ocb->checksum, X, &ocb->key)) != CRYPT_OK) { - goto error; - } - ecb_done(&ocb->key); - - /* now store it */ - for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) { - tag[x] = X[x]; - } - *taglen = x; - -#ifdef LTC_CLEAN_STACK - zeromem(X, MAXBLOCKSIZE); - zeromem(Y, MAXBLOCKSIZE); - zeromem(Z, MAXBLOCKSIZE); - zeromem(ocb, sizeof(*ocb)); -#endif -error: - XFREE(X); - XFREE(Y); - XFREE(Z); - - return err; -} - -#endif - diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index ed1440082..45072b69a 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -303,7 +303,6 @@ #define LTC_EAX_MODE -#define LTC_OCB_MODE #define LTC_OCB3_MODE #define LTC_CCM_MODE #define LTC_GCM_MODE @@ -747,7 +746,7 @@ #error LTC_ECB_MODE not defined, but all other modes depend on it #endif #if defined(LTC_OMAC) || defined(LTC_PMAC) || defined(LTC_XCBC) || defined(LTC_F9_MODE) || defined(LTC_EAX_MODE) || \ - defined(LTC_OCB_MODE) || defined(LTC_OCB3_MODE) || defined(LTC_CCM_MODE) || defined(LTC_GCM_MODE) ) + defined(LTC_OCB3_MODE) || defined(LTC_CCM_MODE) || defined(LTC_GCM_MODE) ) #error LTC_ECB_MODE not defined, but most MAC and AEAD modes depend on it #endif #endif diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h index cfc367973..103d34b83 100644 --- a/src/headers/tomcrypt_mac.h +++ b/src/headers/tomcrypt_mac.h @@ -285,72 +285,6 @@ int eax_decrypt_verify_memory(int cipher, int eax_test(void); #endif /* EAX MODE */ -#ifdef LTC_OCB_MODE -typedef struct { - unsigned char L[MAXBLOCKSIZE], /* L value */ - Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ - Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ - Lr[MAXBLOCKSIZE], /* L * x^-1 */ - R[MAXBLOCKSIZE], /* R value */ - checksum[MAXBLOCKSIZE]; /* current checksum */ - - symmetric_ECB key; /* scheduled key for cipher */ - unsigned long block_index; /* index # for current block */ - int block_len; /* length of block */ -} ocb_state; - -LTC_DEPRECATED(ocb3_init) -int ocb_init(ocb_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, const unsigned char *nonce); - -LTC_DEPRECATED(ocb3_encrypt) -int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct); -LTC_DEPRECATED(ocb3_decrypt) -int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt); - -LTC_DEPRECATED(ocb3_done) -int ocb_done_encrypt(ocb_state *ocb, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -LTC_DEPRECATED(ocb3_done) -int ocb_done_decrypt(ocb_state *ocb, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, int *stat); - -LTC_DEPRECATED(ocb3_encrypt_authenticate_memory) -int ocb_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -LTC_DEPRECATED(ocb3_decrypt_verify_memory) -int ocb_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat); - -LTC_DEPRECATED(ocb3_test) -int ocb_test(void); - -/* internal functions */ -LTC_DEPRECATED(nothing. API will be removed.) -void ocb_shift_xor(ocb_state *ocb, unsigned char *Z); -LTC_DEPRECATED(nothing. API will be removed.) -int ocb_ntz(unsigned long x); -LTC_DEPRECATED(nothing. API will be removed.) -int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode); - -#endif /* LTC_OCB_MODE */ - #ifdef LTC_OCB3_MODE typedef struct { unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */ diff --git a/src/misc/crypt/crypt_sizes.c b/src/misc/crypt/crypt_sizes.c index 26f2d13fc..47830aed1 100644 --- a/src/misc/crypt/crypt_sizes.c +++ b/src/misc/crypt/crypt_sizes.c @@ -206,9 +206,6 @@ static const crypt_size s_crypt_sizes[] = { #ifdef LTC_EAX_MODE SZ_STRINGIFY_T(eax_state), #endif -#ifdef LTC_OCB_MODE - SZ_STRINGIFY_T(ocb_state), -#endif #ifdef LTC_OCB3_MODE SZ_STRINGIFY_T(ocb3_state), #endif diff --git a/tests/mac_test.c b/tests/mac_test.c index da1d95372..4e7119029 100644 --- a/tests/mac_test.c +++ b/tests/mac_test.c @@ -23,9 +23,6 @@ int mac_test(void) #ifdef LTC_EAX_MODE DO(eax_test()); #endif -#ifdef LTC_OCB_MODE - DO(ocb_test()); -#endif #ifdef LTC_OCB3_MODE DO(ocb3_test()); #endif From 653b4cdaabe8f3642ac0c75a3e2d48751dde4c44 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 15 Apr 2026 11:27:55 +0200 Subject: [PATCH 4/4] Update makefiles --- libtomcrypt_VS2008.vcproj | 48 --------------------------------------- makefile.mingw | 4 ---- makefile.msvc | 4 ---- makefile.unix | 4 ---- makefile_include.mk | 4 ---- sources.cmake | 11 --------- 6 files changed, 75 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index 69a5e2d69..eae7487e9 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -735,54 +735,6 @@ > - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/makefile.mingw b/makefile.mingw index 5d388f55e..e2970932f 100644 --- a/makefile.mingw +++ b/makefile.mingw @@ -56,10 +56,6 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ -src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \ src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \ src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \ diff --git a/makefile.msvc b/makefile.msvc index 9f530931c..68adc09a7 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -49,10 +49,6 @@ src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_ad src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \ src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \ src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \ -src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \ -src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \ -src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \ -src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \ src/encauth/ocb3/ocb3_add_aad.obj src/encauth/ocb3/ocb3_decrypt.obj src/encauth/ocb3/ocb3_decrypt_last.obj \ src/encauth/ocb3/ocb3_decrypt_verify_memory.obj src/encauth/ocb3/ocb3_done.obj \ src/encauth/ocb3/ocb3_encrypt.obj src/encauth/ocb3/ocb3_encrypt_authenticate_memory.obj \ diff --git a/makefile.unix b/makefile.unix index df169e288..78bc67f54 100644 --- a/makefile.unix +++ b/makefile.unix @@ -70,10 +70,6 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ -src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \ src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \ src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \ diff --git a/makefile_include.mk b/makefile_include.mk index 52013d7f3..7cb42a94c 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -241,10 +241,6 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ -src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \ src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \ src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \ diff --git a/sources.cmake b/sources.cmake index a192ed391..19162d1ed 100644 --- a/sources.cmake +++ b/sources.cmake @@ -62,17 +62,6 @@ src/encauth/gcm/gcm_mult_h.c src/encauth/gcm/gcm_process.c src/encauth/gcm/gcm_reset.c src/encauth/gcm/gcm_test.c -src/encauth/ocb/ocb_decrypt.c -src/encauth/ocb/ocb_decrypt_verify_memory.c -src/encauth/ocb/ocb_done_decrypt.c -src/encauth/ocb/ocb_done_encrypt.c -src/encauth/ocb/ocb_encrypt.c -src/encauth/ocb/ocb_encrypt_authenticate_memory.c -src/encauth/ocb/ocb_init.c -src/encauth/ocb/ocb_ntz.c -src/encauth/ocb/ocb_shift_xor.c -src/encauth/ocb/ocb_test.c -src/encauth/ocb/s_ocb_done.c src/encauth/ocb3/ocb3_add_aad.c src/encauth/ocb3/ocb3_decrypt.c src/encauth/ocb3/ocb3_decrypt_last.c