aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-03-27 18:24:31 +0000
committerlloyd <[email protected]>2013-03-27 18:24:31 +0000
commitc45eac0c30b6494a75223b389afcca5d7cb2e48d (patch)
tree3ff10c143d0f51f979c9a0edb00a7f36794088a9
parentd1cd41fe0d2869fbd5adce9e42e47fc5d6a9d2e9 (diff)
Allow tag sizes other than 128 bits in GCM and OCB
-rw-r--r--checks/validate.dat4
-rw-r--r--src/aead/ocb/ocb.cpp2
-rw-r--r--src/engine/core_engine/core_modes.cpp74
3 files changed, 46 insertions, 34 deletions
diff --git a/checks/validate.dat b/checks/validate.dat
index 978703ecb..5c23e23e4 100644
--- a/checks/validate.dat
+++ b/checks/validate.dat
@@ -26291,6 +26291,10 @@ C61A0851AB4E515D11525B92E2B9D850:C825FC7C4D539DC74887CECC70884F37
60:710DABD24D400F3B6B:\
F956B879EC7F807F1FCB482B53623671:E64F90B4619D93137E6237929EABF297
+[AES-128/GCM(64)]
+:58E2FCCEFA7E3061:\
+00000000000000000000000000000000:000000000000000000000000
+
[AES-128/GCM]
:58E2FCCEFA7E3061367F1D57A4E7455A:\
00000000000000000000000000000000:000000000000000000000000
diff --git a/src/aead/ocb/ocb.cpp b/src/aead/ocb/ocb.cpp
index 50b33960f..df9d37fa2 100644
--- a/src/aead/ocb/ocb.cpp
+++ b/src/aead/ocb/ocb.cpp
@@ -313,7 +313,7 @@ void OCB_Encryption::finish(secure_vector<byte>& buffer)
mac ^= m_ad_hash;
- buffer += mac;
+ buffer += std::pair(&mac[0], tag_size());
zeroise(m_checksum);
zeroise(m_offset);
diff --git a/src/engine/core_engine/core_modes.cpp b/src/engine/core_engine/core_modes.cpp
index 588c5d7a2..199b71838 100644
--- a/src/engine/core_engine/core_modes.cpp
+++ b/src/engine/core_engine/core_modes.cpp
@@ -141,30 +141,6 @@ Keyed_Filter* get_cipher_mode(const BlockCipher* block_cipher,
#endif
}
-#if defined(BOTAN_HAS_AEAD_FILTER)
-
-#if defined(BOTAN_HAS_AEAD_OCB)
- if(mode == "OCB")
- {
- if(direction == ENCRYPTION)
- return new AEAD_Filter(new OCB_Encryption(block_cipher->clone(), 16));
- else
- return new AEAD_Filter(new OCB_Decryption(block_cipher->clone(), 16));
- }
-#endif
-
-#if defined(BOTAN_HAS_AEAD_GCM)
- if(mode == "GCM")
- {
- if(direction == ENCRYPTION)
- return new AEAD_Filter(new GCM_Encryption(block_cipher->clone(), 16));
- else
- return new AEAD_Filter(new GCM_Decryption(block_cipher->clone(), 16));
- }
-#endif
-
-#endif
-
#if defined(BOTAN_HAS_XTS)
if(mode == "XTS")
{
@@ -176,7 +152,9 @@ Keyed_Filter* get_cipher_mode(const BlockCipher* block_cipher,
#endif
if(mode.find("CFB") != std::string::npos ||
- mode.find("EAX") != std::string::npos)
+ mode.find("EAX") != std::string::npos ||
+ mode.find("GCM") != std::string::npos ||
+ mode.find("OCB") != std::string::npos)
{
std::vector<std::string> algo_info = parse_algorithm_name(mode);
const std::string mode_name = algo_info[0];
@@ -189,25 +167,55 @@ Keyed_Filter* get_cipher_mode(const BlockCipher* block_cipher,
else
return nullptr;
-#if defined(BOTAN_HAS_CFB)
- if(mode_name == "CFB")
+#if defined(BOTAN_HAS_AEAD_FILTER)
+
+ if(bits % 8 != 0)
+ throw std::invalid_argument("AEAD interface does not support non-octet length tags");
+
+ const size_t tag_size = bits / 8;
+
+#if defined(BOTAN_HAS_AEAD_EAX)
+ if(mode_name == "EAX")
{
if(direction == ENCRYPTION)
- return new CFB_Encryption(block_cipher->clone(), bits);
+ return new AEAD_Filter(new EAX_Encryption(block_cipher->clone(), tag_size));
else
- return new CFB_Decryption(block_cipher->clone(), bits);
+ return new AEAD_Filter(new EAX_Decryption(block_cipher->clone(), tag_size));
}
#endif
-#if defined(BOTAN_HAS_AEAD_EAX)
- if(mode_name == "EAX")
+#if defined(BOTAN_HAS_AEAD_OCB)
+ if(mode == "OCB")
+ {
+ if(direction == ENCRYPTION)
+ return new AEAD_Filter(new OCB_Encryption(block_cipher->clone(), tag_size));
+ else
+ return new AEAD_Filter(new OCB_Decryption(block_cipher->clone(), tag_size));
+ }
+#endif
+
+#if defined(BOTAN_HAS_AEAD_GCM)
+ if(mode == "GCM")
+ {
+ if(direction == ENCRYPTION)
+ return new AEAD_Filter(new GCM_Encryption(block_cipher->clone(), tag_size));
+ else
+ return new AEAD_Filter(new GCM_Decryption(block_cipher->clone(), tag_size));
+ }
+#endif
+
+#endif
+
+#if defined(BOTAN_HAS_CFB)
+ if(mode_name == "CFB")
{
if(direction == ENCRYPTION)
- return new AEAD_Filter(new EAX_Encryption(block_cipher->clone(), bits / 8));
+ return new CFB_Encryption(block_cipher->clone(), bits);
else
- return new AEAD_Filter(new EAX_Decryption(block_cipher->clone(), bits / 8));
+ return new CFB_Decryption(block_cipher->clone(), bits);
}
#endif
+
}
return nullptr;