diff options
| author | Jack Lloyd <[email protected]> | 2017-09-11 13:12:13 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-09-11 13:12:13 -0400 |
| commit | 3ad91d3c8c06cf77e69b9a1c80fce236f660956b (patch) | |
| tree | 6765cc35c96bf43482723c8f064c79ebc2bc865a /src/lib/modes | |
| parent | 18a6033af50c1c5a37dc4cb48b5e1b313e2773bf (diff) | |
Add alternate form for matching OCB ref code
Diffstat (limited to 'src/lib/modes')
| -rw-r--r-- | src/lib/modes/aead/ocb/ocb.cpp | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 7ebb0a5f0..4eb8089b5 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -210,7 +210,12 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) secure_vector<uint8_t> nonce_buf(BS); copy_mem(&nonce_buf[BS - nonce_len], nonce, nonce_len); + #if 0 nonce_buf[0] = ((tag_size()*8) % (BS*8)) << (BS <= 16 ? 1 : 0); + #else + nonce_buf[0] = (tag_size()*8) << (BS <= 16 ? 1 : 0); + #endif + nonce_buf[BS - nonce_len - 1] ^= 1; const uint8_t bottom = nonce_buf[BS-1] & BOTTOM_MASK; @@ -244,7 +249,7 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) | 1024 | 524355 | 352 | 9 | +----------+---------+-------+---------+ */ - +#if 0 if(BS == 16) { for(size_t i = 0; i != BS / 2; ++i) @@ -265,12 +270,35 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) for(size_t i = 0; i != BS / 2; ++i) nonce_buf.push_back(nonce_buf[i] ^ nonce_buf[i+22]); } +#else + nonce_buf.insert(nonce_buf.end(), nonce_buf.begin(), nonce_buf.end()); + + if(BS == 16) + { + for(size_t i = BS; i != BS + (BS / 2); ++i) + nonce_buf[i] ^= nonce_buf[i+1]; + } + else if(BS == 24) + { + for(size_t i = BS; i != BS + (BS / 2); ++i) + nonce_buf[i] ^= nonce_buf[i+5]; + } + else if(BS == 32) + { + for(size_t i = BS; i != BS + (BS / 2); ++i) + nonce_buf[i] ^= (nonce_buf[i] << 1) ^ (nonce_buf[i+1] >> 7); + } + else if(BS == 64) + { + for(size_t i = BS; i != BS + (BS / 2); ++i) + nonce_buf[i] ^= nonce_buf[i+22]; + } +#endif m_stretch = nonce_buf; } // now set the offset from stretch and bottom - const size_t shift_bytes = bottom / 8; const size_t shift_bits = bottom % 8; @@ -373,9 +401,7 @@ void OCB_Encryption::finish(secure_vector<uint8_t>& buffer, size_t offset) secure_vector<uint8_t> mac = m_offset; mac ^= checksum; mac ^= m_L->dollar(); - m_cipher->encrypt(mac); - mac ^= m_ad_hash; buffer += std::make_pair(mac.data(), tag_size()); |