diff options
author | Jack Lloyd <[email protected]> | 2017-09-15 12:41:59 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-09-15 12:41:59 -0400 |
commit | 92245ad040b8f0e08a4a57137be5739e5c7bfbdc (patch) | |
tree | b7f05cb85c1028a728ca4f87228b42634da1f0c9 /src | |
parent | 3ad91d3c8c06cf77e69b9a1c80fce236f660956b (diff) |
Change wide block OCB
Ted Krovetz confirmed there were bugs in the reference code for
blocks > 128 bits so these values should be the correct ones.
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/modes/aead/ocb/ocb.cpp | 29 | ||||
-rw-r--r-- | src/tests/data/aead/ocb.vec | 21 | ||||
-rw-r--r-- | src/tests/data/ocb_wide.vec | 39 | ||||
-rw-r--r-- | src/tests/data/ocb_wide_long.vec | 15 | ||||
-rw-r--r-- | src/tests/test_ocb.cpp | 33 | ||||
-rw-r--r-- | src/tests/tests.cpp | 5 |
6 files changed, 94 insertions, 48 deletions
diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 4eb8089b5..e580c95d9 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -210,11 +210,7 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) secure_vector<uint8_t> nonce_buf(BS); copy_mem(&nonce_buf[BS - nonce_len], nonce, nonce_len); - #if 0 nonce_buf[0] = ((tag_size()*8) % (BS*8)) << (BS <= 16 ? 1 : 0); - #else - nonce_buf[0] = (tag_size()*8) << (BS <= 16 ? 1 : 0); - #endif nonce_buf[BS - nonce_len - 1] ^= 1; @@ -249,7 +245,6 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) | 1024 | 524355 | 352 | 9 | +----------+---------+-------+---------+ */ -#if 0 if(BS == 16) { for(size_t i = 0; i != BS / 2; ++i) @@ -270,30 +265,6 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) for(size_t i = 0; i != BS / 2; ++i) nonce_buf.push_back(nonce_buf[i] ^ nonce_buf[i+22]); } -#else - nonce_buf.insert(nonce_buf.end(), nonce_buf.begin(), nonce_buf.end()); - - if(BS == 16) - { - for(size_t i = BS; i != BS + (BS / 2); ++i) - nonce_buf[i] ^= nonce_buf[i+1]; - } - else if(BS == 24) - { - for(size_t i = BS; i != BS + (BS / 2); ++i) - nonce_buf[i] ^= nonce_buf[i+5]; - } - else if(BS == 32) - { - for(size_t i = BS; i != BS + (BS / 2); ++i) - nonce_buf[i] ^= (nonce_buf[i] << 1) ^ (nonce_buf[i+1] >> 7); - } - else if(BS == 64) - { - for(size_t i = BS; i != BS + (BS / 2); ++i) - nonce_buf[i] ^= nonce_buf[i+22]; - } -#endif m_stretch = nonce_buf; } diff --git a/src/tests/data/aead/ocb.vec b/src/tests/data/aead/ocb.vec index 176dcb2b8..b2c4e4744 100644 --- a/src/tests/data/aead/ocb.vec +++ b/src/tests/data/aead/ocb.vec @@ -256,3 +256,24 @@ Nonce = D5CA91748410C1751FF8A2F61825 AD = C5CD9D1850C141E358649994EE701B68 In = 2942BFC773BDA23CABC6ACFD9BFD5835BD300F0973 Out = 45EEFFF01CDA61695EA24B036074491FE61B96C94337F0F947FB4E10E679A9F2A825DF8CEA530A2784E5640A768DE536C76A79157E + +[SHACAL2/OCB(32)] +# Generated by Botan, unconfirmed result +Key = 4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15A5DDBFC5787E50B5 +Nonce = BBAA9988776655443322110D +AD = C5CD9D1850C141E358649994EE701B68 +In = FE80690BEE8A485D11F32965BC9D2A328CF761B6902EF764462AD86498CA6B97 +Out = 0407C5404170DB1A74B7AB712A8FC7D459B3E4412C7ADF632545C05E50FB0C2FE97A92A81371E7F7C04AFA10C68375A31923EDAB327DB776DBBB99ED3318424E + +# Generated by OCB reference code calling OpenSSL SHA256_Transform +Key = 6F98263502C983D78BC3F7B5208D488DC036F7BC1438AB55620CF8FB98767D070FA43C116DBFE9F883E0ADA36DF5302E2C27EA405F9595C1A18DBC3A043A4113 +Nonce = BE3FA1AB2F040615988F275402796F0A614BB4D6E4974FB7BCDB685F8B64 +AD = 1B08E7DCA97599E379D3258CB1A3B0FCE0 +In = DE7E244B3D0D43C0EDF0635BE6948912BB7352 +Out = 2FACBA6F0A62331845ACAB0F60EBA59BD2E4F4BC83A79FC73D2A0B5191C7492798BBDE2476B9D249247D1BD4B8F167333852B3 + +Key = 8182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0 +Nonce = F0F1 +AD = +In = +Out = 13EAF2583F2E24339182D3423D56759F0E05ABDD4682DBF9B1901CCCEC4FD639 diff --git a/src/tests/data/ocb_wide.vec b/src/tests/data/ocb_wide.vec index d8cede352..0bed695ef 100644 --- a/src/tests/data/ocb_wide.vec +++ b/src/tests/data/ocb_wide.vec @@ -1,31 +1,60 @@ +Key = 8182838485868788898A8B8C8D8E8F909192939495969798 +Nonce = F0F1 +AD = +In = +Out = B9CACBDCDDCECFFF75C0B9AA97808DE6FBCCC1D2AFB8B482 + +Key = 9192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8 +Nonce = F1F2 +AD = 05060708090A0B0C0D0E0F10 +In = 0102030405060708090A0B0C +Out = 4EB0BAACA698928B86E59F81B3474B5F53676B404B225E622E1206EADEA2B6BB4F736646 + +Key = A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8 +Nonce = F2F3 +AD = 060708090A0B0C0D0E0F101112131415161718191A1B1C1D +In = 02030405060708090A0B0C0D0E0F10111213141516171819 +Out = A8B5AEA7B4E9E2A2E803081982C7C46D36B380908BCEEE0775898DA1B5C9CDFF8522E6DA3E52461A7E92A69B7F132636 + +Key = B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8 +Nonce = F3F4 +AD = 0708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A +In = 030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223242526 +Out = F8F1CEBB841D227D911D024669E08D903E0768250AA3CFF7BC466C3E14D6FC8A3D3ED4A70295B8FBD6416C3B8BA5482AFF18576CA0672A468B4C021C + +Key = C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8 +Nonce = F4F5 +AD = 08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 +In = 0405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233 +Out = CEFB901163563D53D5AC8764164388D091C40FEAB8ED24B7ECF1824B415C2FC95706359ED4A97B2B720FDC711B66B2915C8BC62509DE93E236965BFB57C04D57F96EE347EB7CF322 Key = 8182838485868788898A8B8C8D8E8F909192939495969798 Nonce = F0F1F2F3F4F5F6F7F8F9FAFB AD = In = -Out = F00F1A7125DACF8B57D0F50E6B44615C9996D209B50A1ED7 +Out = F00F1A7125DACF832FD0F50E6B44615C9996D209B29DF961 Key = 9192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8 Nonce = F1F2F3F4F5F6F7F8F9FAFBFC AD = 05060708090A0B0C0D0E0F10 In = 0102030405060708090A0B0C -Out = 9AFC5E331177D5A4534506C8670BAFC0E4882C6F9E82C72BD79BDF9E5AD6D4C83955F021 +Out = 9AFC5E331177D5B4A34506C8670BAFC0E4882C7F6E82C72BD79BDF9E5AD6D4C830BC7A8B Key = A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8 Nonce = F2F3F4F5F6F7F8F9FAFBFCFD AD = 060708090A0B0C0D0E0F101112131415161718191A1B1C1D In = 02030405060708090A0B0C0D0E0F10111213141516171819 -Out = 92A7C0C02A1F6E154762A3C3885DAFF1FAED6ACB59EC9E625995C61B5E92C5254F63D449CD41F4F2F6F9EAF61CD08670 +Out = 92A7C0C02A1F6E245762A3C3885DAFF1FAED6ACB4514475A5995C61B5E92C504AF63D449CD41F4F2F6F9EAF60B8017A0 Key = B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8 Nonce = F3F4F5F6F7F8F9FAFBFCFDFE AD = 0708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A In = 030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223242526 -Out = 2070BEDB155997BFA6DE55F27CD45AA8223B16312965A814D347CC7EF551DA09E7BCB1806D9418BB37C64AB851272D0D193F32BCB7B081A149C84723 +Out = 2070BEDB155997DD86DE55F27CD45AA8223B16313C31BCC0D347CC7EF551DA4A27BCB1806D9418BB37C64AFB91272D0D193F32BCB7B081A150505FBB Key = C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8 Nonce = F4F5F6F7F8F9FAFBFCFDFEFF AD = 08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637 In = 0405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233 -Out = 70E46BCD56C24DCBFC2A280C3C2A26A9AAB9A097AA3EB37352EE799774C85F517E809AF6FEC0D5524972730C09B52555889E94B2D0C6CCF2079291B49B8E86F9D4C7D6EE081E165A +Out = 70E46BCD56C24D0FBC2A280C3C2A26A9AAB9A0979B8B81C952EE799774C85F953E809AF6FEC0D5524972730C380017EF889E94B2D0C6CC75879291B49B8E86F9D4C7D6EE29383576 diff --git a/src/tests/data/ocb_wide_long.vec b/src/tests/data/ocb_wide_long.vec index 7c17f00bf..9fdb0b8a2 100644 --- a/src/tests/data/ocb_wide_long.vec +++ b/src/tests/data/ocb_wide_long.vec @@ -1,12 +1,15 @@ -Blocklen = 128 +[Toy128] Output = 0D099181BE37171BF94582877D6D4693 -Blocklen = 192 -Output = C6B3449A7A5C174253720B65198779C0E1758794C023F567 +[Toy192] +Output = BFC53A29EABF2774369F3611DED760AE33338B607E5A8E40 -Blocklen = 256 -Output = 87F321F24B0554565BEB6C994AD04F8F95F1A808E67EAFBD60E0E86152AFB37C +[Toy256] +Output = 623C27E137975E25BEF2F8441CB5BDEAE8E0F1E158515193900BBD20D1A7AFF7 -Blocklen = 512 +[Toy512] Output = 6748655A0A83543D8AA6287AE9FFC37C9A433332DDFD4E8B42F94D741944D440 + +[SHACAL2] +Output = DC4AA181A65BD11EAA23D0881A20740B7DBA53C9DE2474DB3C3EF04770DFAD99 diff --git a/src/tests/test_ocb.cpp b/src/tests/test_ocb.cpp index aa9343e7f..b9af9ba9c 100644 --- a/src/tests/test_ocb.cpp +++ b/src/tests/test_ocb.cpp @@ -149,19 +149,38 @@ class OCB_Wide_Long_KAT_Tests : public Text_Based_Test { public: OCB_Wide_Long_KAT_Tests() - : Text_Based_Test("ocb_wide_long.vec", "Blocklen,Output") {} + : Text_Based_Test("ocb_wide_long.vec", "Output") {} - Test::Result run_one_test(const std::string&, const VarMap& vars) override + Test::Result run_one_test(const std::string& algo, const VarMap& vars) override { Test::Result result("OCB wide block long test"); - const size_t bs = get_req_sz(vars, "Blocklen") / 8; const std::vector<uint8_t> expected = get_req_bin(vars, "Output"); - if(bs != 16 && bs != 24 && bs != 32 && bs != 64) - throw Test_Error("Unsupported Blocklen in OCB wide block test"); + std::unique_ptr<Botan::BlockCipher> cipher; + size_t bs = 0; - Botan::OCB_Encryption enc(new OCB_Wide_Test_Block_Cipher(bs), std::min<size_t>(bs, 32)); + if(algo == "SHACAL2") + { + cipher = Botan::BlockCipher::create_or_throw("SHACAL2"); + bs = 32; + } + else + { + if(algo == "Toy128") + bs = 16; + else if(algo == "Toy192") + bs = 24; + else if(algo == "Toy256") + bs = 32; + else if(algo == "Toy512") + bs = 64; + else + throw Test_Error("Unknown cipher for OCB wide block long test"); + cipher.reset(new OCB_Wide_Test_Block_Cipher(bs)); + } + + Botan::OCB_Encryption enc(cipher.release(), std::min<size_t>(bs, 32)); /* Y, string of length min(B, 256) bits @@ -218,7 +237,7 @@ class OCB_Wide_Long_KAT_Tests : public Text_Based_Test } private: - void ocb_encrypt(Test::Result& result, + void ocb_encrypt(Test::Result& /*result*/, std::vector<uint8_t>& output_to, Botan::OCB_Encryption& enc, const std::vector<uint8_t>& nonce, diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp index 8f8aeec82..d7917bcc6 100644 --- a/src/tests/tests.cpp +++ b/src/tests/tests.cpp @@ -1032,7 +1032,10 @@ std::vector<Test::Result> Text_Based_Test::run() if(result.tests_failed()) { - result.test_note("Test #" + std::to_string(test_cnt) + " failed"); + if(header.empty()) + result.test_note("Test #" + std::to_string(test_cnt) + " failed"); + else + result.test_note("Test #" + std::to_string(test_cnt) + " " + header + " failed"); } results.push_back(result); } |