aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/modes/aead/ocb/ocb.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-09-11 13:12:13 -0400
committerJack Lloyd <[email protected]>2017-09-11 13:12:13 -0400
commit3ad91d3c8c06cf77e69b9a1c80fce236f660956b (patch)
tree6765cc35c96bf43482723c8f064c79ebc2bc865a /src/lib/modes/aead/ocb/ocb.cpp
parent18a6033af50c1c5a37dc4cb48b5e1b313e2773bf (diff)
Add alternate form for matching OCB ref code
Diffstat (limited to 'src/lib/modes/aead/ocb/ocb.cpp')
-rw-r--r--src/lib/modes/aead/ocb/ocb.cpp34
1 files changed, 30 insertions, 4 deletions
diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp
index 7ebb0a5f0..4eb8089b5 100644
--- a/src/lib/modes/aead/ocb/ocb.cpp
+++ b/src/lib/modes/aead/ocb/ocb.cpp
@@ -210,7 +210,12 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len)
secure_vector<uint8_t> nonce_buf(BS);
copy_mem(&nonce_buf[BS - nonce_len], nonce, nonce_len);
+ #if 0
nonce_buf[0] = ((tag_size()*8) % (BS*8)) << (BS <= 16 ? 1 : 0);
+ #else
+ nonce_buf[0] = (tag_size()*8) << (BS <= 16 ? 1 : 0);
+ #endif
+
nonce_buf[BS - nonce_len - 1] ^= 1;
const uint8_t bottom = nonce_buf[BS-1] & BOTTOM_MASK;
@@ -244,7 +249,7 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len)
| 1024 | 524355 | 352 | 9 |
+----------+---------+-------+---------+
*/
-
+#if 0
if(BS == 16)
{
for(size_t i = 0; i != BS / 2; ++i)
@@ -265,12 +270,35 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len)
for(size_t i = 0; i != BS / 2; ++i)
nonce_buf.push_back(nonce_buf[i] ^ nonce_buf[i+22]);
}
+#else
+ nonce_buf.insert(nonce_buf.end(), nonce_buf.begin(), nonce_buf.end());
+
+ if(BS == 16)
+ {
+ for(size_t i = BS; i != BS + (BS / 2); ++i)
+ nonce_buf[i] ^= nonce_buf[i+1];
+ }
+ else if(BS == 24)
+ {
+ for(size_t i = BS; i != BS + (BS / 2); ++i)
+ nonce_buf[i] ^= nonce_buf[i+5];
+ }
+ else if(BS == 32)
+ {
+ for(size_t i = BS; i != BS + (BS / 2); ++i)
+ nonce_buf[i] ^= (nonce_buf[i] << 1) ^ (nonce_buf[i+1] >> 7);
+ }
+ else if(BS == 64)
+ {
+ for(size_t i = BS; i != BS + (BS / 2); ++i)
+ nonce_buf[i] ^= nonce_buf[i+22];
+ }
+#endif
m_stretch = nonce_buf;
}
// now set the offset from stretch and bottom
-
const size_t shift_bytes = bottom / 8;
const size_t shift_bits = bottom % 8;
@@ -373,9 +401,7 @@ void OCB_Encryption::finish(secure_vector<uint8_t>& buffer, size_t offset)
secure_vector<uint8_t> mac = m_offset;
mac ^= checksum;
mac ^= m_L->dollar();
-
m_cipher->encrypt(mac);
-
mac ^= m_ad_hash;
buffer += std::make_pair(mac.data(), tag_size());