aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-09-15 12:41:59 -0400
committerJack Lloyd <[email protected]>2017-09-15 12:41:59 -0400
commit92245ad040b8f0e08a4a57137be5739e5c7bfbdc (patch)
treeb7f05cb85c1028a728ca4f87228b42634da1f0c9 /src
parent3ad91d3c8c06cf77e69b9a1c80fce236f660956b (diff)
Change wide block OCB
Ted Krovetz confirmed there were bugs in the reference code for blocks > 128 bits so these values should be the correct ones.
Diffstat (limited to 'src')
-rw-r--r--src/lib/modes/aead/ocb/ocb.cpp29
-rw-r--r--src/tests/data/aead/ocb.vec21
-rw-r--r--src/tests/data/ocb_wide.vec39
-rw-r--r--src/tests/data/ocb_wide_long.vec15
-rw-r--r--src/tests/test_ocb.cpp33
-rw-r--r--src/tests/tests.cpp5
6 files changed, 94 insertions, 48 deletions
diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp
index 4eb8089b5..e580c95d9 100644
--- a/src/lib/modes/aead/ocb/ocb.cpp
+++ b/src/lib/modes/aead/ocb/ocb.cpp
@@ -210,11 +210,7 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len)
secure_vector<uint8_t> nonce_buf(BS);
copy_mem(&nonce_buf[BS - nonce_len], nonce, nonce_len);
- #if 0
nonce_buf[0] = ((tag_size()*8) % (BS*8)) << (BS <= 16 ? 1 : 0);
- #else
- nonce_buf[0] = (tag_size()*8) << (BS <= 16 ? 1 : 0);
- #endif
nonce_buf[BS - nonce_len - 1] ^= 1;
@@ -249,7 +245,6 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len)
| 1024 | 524355 | 352 | 9 |
+----------+---------+-------+---------+
*/
-#if 0
if(BS == 16)
{
for(size_t i = 0; i != BS / 2; ++i)
@@ -270,30 +265,6 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len)
for(size_t i = 0; i != BS / 2; ++i)
nonce_buf.push_back(nonce_buf[i] ^ nonce_buf[i+22]);
}
-#else
- nonce_buf.insert(nonce_buf.end(), nonce_buf.begin(), nonce_buf.end());
-
- if(BS == 16)
- {
- for(size_t i = BS; i != BS + (BS / 2); ++i)
- nonce_buf[i] ^= nonce_buf[i+1];
- }
- else if(BS == 24)
- {
- for(size_t i = BS; i != BS + (BS / 2); ++i)
- nonce_buf[i] ^= nonce_buf[i+5];
- }
- else if(BS == 32)
- {
- for(size_t i = BS; i != BS + (BS / 2); ++i)
- nonce_buf[i] ^= (nonce_buf[i] << 1) ^ (nonce_buf[i+1] >> 7);
- }
- else if(BS == 64)
- {
- for(size_t i = BS; i != BS + (BS / 2); ++i)
- nonce_buf[i] ^= nonce_buf[i+22];
- }
-#endif
m_stretch = nonce_buf;
}
diff --git a/src/tests/data/aead/ocb.vec b/src/tests/data/aead/ocb.vec
index 176dcb2b8..b2c4e4744 100644
--- a/src/tests/data/aead/ocb.vec
+++ b/src/tests/data/aead/ocb.vec
@@ -256,3 +256,24 @@ Nonce = D5CA91748410C1751FF8A2F61825
AD = C5CD9D1850C141E358649994EE701B68
In = 2942BFC773BDA23CABC6ACFD9BFD5835BD300F0973
Out = 45EEFFF01CDA61695EA24B036074491FE61B96C94337F0F947FB4E10E679A9F2A825DF8CEA530A2784E5640A768DE536C76A79157E
+
+[SHACAL2/OCB(32)]
+# Generated by Botan, unconfirmed result
+Key = 4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15A5DDBFC5787E50B5
+Nonce = BBAA9988776655443322110D
+AD = C5CD9D1850C141E358649994EE701B68
+In = FE80690BEE8A485D11F32965BC9D2A328CF761B6902EF764462AD86498CA6B97
+Out = 0407C5404170DB1A74B7AB712A8FC7D459B3E4412C7ADF632545C05E50FB0C2FE97A92A81371E7F7C04AFA10C68375A31923EDAB327DB776DBBB99ED3318424E
+
+# Generated by OCB reference code calling OpenSSL SHA256_Transform
+Key = 6F98263502C983D78BC3F7B5208D488DC036F7BC1438AB55620CF8FB98767D070FA43C116DBFE9F883E0ADA36DF5302E2C27EA405F9595C1A18DBC3A043A4113
+Nonce = BE3FA1AB2F040615988F275402796F0A614BB4D6E4974FB7BCDB685F8B64
+AD = 1B08E7DCA97599E379D3258CB1A3B0FCE0
+In = DE7E244B3D0D43C0EDF0635BE6948912BB7352
+Out = 2FACBA6F0A62331845ACAB0F60EBA59BD2E4F4BC83A79FC73D2A0B5191C7492798BBDE2476B9D249247D1BD4B8F167333852B3
+
+Key = 8182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0
+Nonce = F0F1
+AD =
+In =
+Out = 13EAF2583F2E24339182D3423D56759F0E05ABDD4682DBF9B1901CCCEC4FD639
diff --git a/src/tests/data/ocb_wide.vec b/src/tests/data/ocb_wide.vec
index d8cede352..0bed695ef 100644
--- a/src/tests/data/ocb_wide.vec
+++ b/src/tests/data/ocb_wide.vec
@@ -1,31 +1,60 @@
+Key = 8182838485868788898A8B8C8D8E8F909192939495969798
+Nonce = F0F1
+AD =
+In =
+Out = B9CACBDCDDCECFFF75C0B9AA97808DE6FBCCC1D2AFB8B482
+
+Key = 9192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8
+Nonce = F1F2
+AD = 05060708090A0B0C0D0E0F10
+In = 0102030405060708090A0B0C
+Out = 4EB0BAACA698928B86E59F81B3474B5F53676B404B225E622E1206EADEA2B6BB4F736646
+
+Key = A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8
+Nonce = F2F3
+AD = 060708090A0B0C0D0E0F101112131415161718191A1B1C1D
+In = 02030405060708090A0B0C0D0E0F10111213141516171819
+Out = A8B5AEA7B4E9E2A2E803081982C7C46D36B380908BCEEE0775898DA1B5C9CDFF8522E6DA3E52461A7E92A69B7F132636
+
+Key = B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8
+Nonce = F3F4
+AD = 0708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A
+In = 030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223242526
+Out = F8F1CEBB841D227D911D024669E08D903E0768250AA3CFF7BC466C3E14D6FC8A3D3ED4A70295B8FBD6416C3B8BA5482AFF18576CA0672A468B4C021C
+
+Key = C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8
+Nonce = F4F5
+AD = 08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637
+In = 0405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233
+Out = CEFB901163563D53D5AC8764164388D091C40FEAB8ED24B7ECF1824B415C2FC95706359ED4A97B2B720FDC711B66B2915C8BC62509DE93E236965BFB57C04D57F96EE347EB7CF322
Key = 8182838485868788898A8B8C8D8E8F909192939495969798
Nonce = F0F1F2F3F4F5F6F7F8F9FAFB
AD =
In =
-Out = F00F1A7125DACF8B57D0F50E6B44615C9996D209B50A1ED7
+Out = F00F1A7125DACF832FD0F50E6B44615C9996D209B29DF961
Key = 9192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8
Nonce = F1F2F3F4F5F6F7F8F9FAFBFC
AD = 05060708090A0B0C0D0E0F10
In = 0102030405060708090A0B0C
-Out = 9AFC5E331177D5A4534506C8670BAFC0E4882C6F9E82C72BD79BDF9E5AD6D4C83955F021
+Out = 9AFC5E331177D5B4A34506C8670BAFC0E4882C7F6E82C72BD79BDF9E5AD6D4C830BC7A8B
Key = A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8
Nonce = F2F3F4F5F6F7F8F9FAFBFCFD
AD = 060708090A0B0C0D0E0F101112131415161718191A1B1C1D
In = 02030405060708090A0B0C0D0E0F10111213141516171819
-Out = 92A7C0C02A1F6E154762A3C3885DAFF1FAED6ACB59EC9E625995C61B5E92C5254F63D449CD41F4F2F6F9EAF61CD08670
+Out = 92A7C0C02A1F6E245762A3C3885DAFF1FAED6ACB4514475A5995C61B5E92C504AF63D449CD41F4F2F6F9EAF60B8017A0
Key = B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7C8
Nonce = F3F4F5F6F7F8F9FAFBFCFDFE
AD = 0708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A
In = 030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223242526
-Out = 2070BEDB155997BFA6DE55F27CD45AA8223B16312965A814D347CC7EF551DA09E7BCB1806D9418BB37C64AB851272D0D193F32BCB7B081A149C84723
+Out = 2070BEDB155997DD86DE55F27CD45AA8223B16313C31BCC0D347CC7EF551DA4A27BCB1806D9418BB37C64AFB91272D0D193F32BCB7B081A150505FBB
Key = C1C2C3C4C5C6C7C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8
Nonce = F4F5F6F7F8F9FAFBFCFDFEFF
AD = 08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334353637
In = 0405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233
-Out = 70E46BCD56C24DCBFC2A280C3C2A26A9AAB9A097AA3EB37352EE799774C85F517E809AF6FEC0D5524972730C09B52555889E94B2D0C6CCF2079291B49B8E86F9D4C7D6EE081E165A
+Out = 70E46BCD56C24D0FBC2A280C3C2A26A9AAB9A0979B8B81C952EE799774C85F953E809AF6FEC0D5524972730C380017EF889E94B2D0C6CC75879291B49B8E86F9D4C7D6EE29383576
diff --git a/src/tests/data/ocb_wide_long.vec b/src/tests/data/ocb_wide_long.vec
index 7c17f00bf..9fdb0b8a2 100644
--- a/src/tests/data/ocb_wide_long.vec
+++ b/src/tests/data/ocb_wide_long.vec
@@ -1,12 +1,15 @@
-Blocklen = 128
+[Toy128]
Output = 0D099181BE37171BF94582877D6D4693
-Blocklen = 192
-Output = C6B3449A7A5C174253720B65198779C0E1758794C023F567
+[Toy192]
+Output = BFC53A29EABF2774369F3611DED760AE33338B607E5A8E40
-Blocklen = 256
-Output = 87F321F24B0554565BEB6C994AD04F8F95F1A808E67EAFBD60E0E86152AFB37C
+[Toy256]
+Output = 623C27E137975E25BEF2F8441CB5BDEAE8E0F1E158515193900BBD20D1A7AFF7
-Blocklen = 512
+[Toy512]
Output = 6748655A0A83543D8AA6287AE9FFC37C9A433332DDFD4E8B42F94D741944D440
+
+[SHACAL2]
+Output = DC4AA181A65BD11EAA23D0881A20740B7DBA53C9DE2474DB3C3EF04770DFAD99
diff --git a/src/tests/test_ocb.cpp b/src/tests/test_ocb.cpp
index aa9343e7f..b9af9ba9c 100644
--- a/src/tests/test_ocb.cpp
+++ b/src/tests/test_ocb.cpp
@@ -149,19 +149,38 @@ class OCB_Wide_Long_KAT_Tests : public Text_Based_Test
{
public:
OCB_Wide_Long_KAT_Tests()
- : Text_Based_Test("ocb_wide_long.vec", "Blocklen,Output") {}
+ : Text_Based_Test("ocb_wide_long.vec", "Output") {}
- Test::Result run_one_test(const std::string&, const VarMap& vars) override
+ Test::Result run_one_test(const std::string& algo, const VarMap& vars) override
{
Test::Result result("OCB wide block long test");
- const size_t bs = get_req_sz(vars, "Blocklen") / 8;
const std::vector<uint8_t> expected = get_req_bin(vars, "Output");
- if(bs != 16 && bs != 24 && bs != 32 && bs != 64)
- throw Test_Error("Unsupported Blocklen in OCB wide block test");
+ std::unique_ptr<Botan::BlockCipher> cipher;
+ size_t bs = 0;
- Botan::OCB_Encryption enc(new OCB_Wide_Test_Block_Cipher(bs), std::min<size_t>(bs, 32));
+ if(algo == "SHACAL2")
+ {
+ cipher = Botan::BlockCipher::create_or_throw("SHACAL2");
+ bs = 32;
+ }
+ else
+ {
+ if(algo == "Toy128")
+ bs = 16;
+ else if(algo == "Toy192")
+ bs = 24;
+ else if(algo == "Toy256")
+ bs = 32;
+ else if(algo == "Toy512")
+ bs = 64;
+ else
+ throw Test_Error("Unknown cipher for OCB wide block long test");
+ cipher.reset(new OCB_Wide_Test_Block_Cipher(bs));
+ }
+
+ Botan::OCB_Encryption enc(cipher.release(), std::min<size_t>(bs, 32));
/*
Y, string of length min(B, 256) bits
@@ -218,7 +237,7 @@ class OCB_Wide_Long_KAT_Tests : public Text_Based_Test
}
private:
- void ocb_encrypt(Test::Result& result,
+ void ocb_encrypt(Test::Result& /*result*/,
std::vector<uint8_t>& output_to,
Botan::OCB_Encryption& enc,
const std::vector<uint8_t>& nonce,
diff --git a/src/tests/tests.cpp b/src/tests/tests.cpp
index 8f8aeec82..d7917bcc6 100644
--- a/src/tests/tests.cpp
+++ b/src/tests/tests.cpp
@@ -1032,7 +1032,10 @@ std::vector<Test::Result> Text_Based_Test::run()
if(result.tests_failed())
{
- result.test_note("Test #" + std::to_string(test_cnt) + " failed");
+ if(header.empty())
+ result.test_note("Test #" + std::to_string(test_cnt) + " failed");
+ else
+ result.test_note("Test #" + std::to_string(test_cnt) + " " + header + " failed");
}
results.push_back(result);
}