diff options
| -rw-r--r-- | checks/validate.dat | 4 | ||||
| -rw-r--r-- | src/aead/ocb/ocb.cpp | 2 | ||||
| -rw-r--r-- | src/engine/core_engine/core_modes.cpp | 74 |
3 files changed, 46 insertions, 34 deletions
diff --git a/checks/validate.dat b/checks/validate.dat index 978703ecb..5c23e23e4 100644 --- a/checks/validate.dat +++ b/checks/validate.dat @@ -26291,6 +26291,10 @@ C61A0851AB4E515D11525B92E2B9D850:C825FC7C4D539DC74887CECC70884F37 60:710DABD24D400F3B6B:\ F956B879EC7F807F1FCB482B53623671:E64F90B4619D93137E6237929EABF297 +[AES-128/GCM(64)] +:58E2FCCEFA7E3061:\ +00000000000000000000000000000000:000000000000000000000000 + [AES-128/GCM] :58E2FCCEFA7E3061367F1D57A4E7455A:\ 00000000000000000000000000000000:000000000000000000000000 diff --git a/src/aead/ocb/ocb.cpp b/src/aead/ocb/ocb.cpp index 50b33960f..df9d37fa2 100644 --- a/src/aead/ocb/ocb.cpp +++ b/src/aead/ocb/ocb.cpp @@ -313,7 +313,7 @@ void OCB_Encryption::finish(secure_vector<byte>& buffer) mac ^= m_ad_hash; - buffer += mac; + buffer += std::pair(&mac[0], tag_size()); zeroise(m_checksum); zeroise(m_offset); diff --git a/src/engine/core_engine/core_modes.cpp b/src/engine/core_engine/core_modes.cpp index 588c5d7a2..199b71838 100644 --- a/src/engine/core_engine/core_modes.cpp +++ b/src/engine/core_engine/core_modes.cpp @@ -141,30 +141,6 @@ Keyed_Filter* get_cipher_mode(const BlockCipher* block_cipher, #endif } -#if defined(BOTAN_HAS_AEAD_FILTER) - -#if defined(BOTAN_HAS_AEAD_OCB) - if(mode == "OCB") - { - if(direction == ENCRYPTION) - return new AEAD_Filter(new OCB_Encryption(block_cipher->clone(), 16)); - else - return new AEAD_Filter(new OCB_Decryption(block_cipher->clone(), 16)); - } -#endif - -#if defined(BOTAN_HAS_AEAD_GCM) - if(mode == "GCM") - { - if(direction == ENCRYPTION) - return new AEAD_Filter(new GCM_Encryption(block_cipher->clone(), 16)); - else - return new AEAD_Filter(new GCM_Decryption(block_cipher->clone(), 16)); - } -#endif - -#endif - #if defined(BOTAN_HAS_XTS) if(mode == "XTS") { @@ -176,7 +152,9 @@ Keyed_Filter* get_cipher_mode(const BlockCipher* block_cipher, #endif if(mode.find("CFB") != std::string::npos || - mode.find("EAX") != std::string::npos) + mode.find("EAX") != std::string::npos || + mode.find("GCM") != std::string::npos || + mode.find("OCB") != std::string::npos) { std::vector<std::string> algo_info = parse_algorithm_name(mode); const std::string mode_name = algo_info[0]; @@ -189,25 +167,55 @@ Keyed_Filter* get_cipher_mode(const BlockCipher* block_cipher, else return nullptr; -#if defined(BOTAN_HAS_CFB) - if(mode_name == "CFB") +#if defined(BOTAN_HAS_AEAD_FILTER) + + if(bits % 8 != 0) + throw std::invalid_argument("AEAD interface does not support non-octet length tags"); + + const size_t tag_size = bits / 8; + +#if defined(BOTAN_HAS_AEAD_EAX) + if(mode_name == "EAX") { if(direction == ENCRYPTION) - return new CFB_Encryption(block_cipher->clone(), bits); + return new AEAD_Filter(new EAX_Encryption(block_cipher->clone(), tag_size)); else - return new CFB_Decryption(block_cipher->clone(), bits); + return new AEAD_Filter(new EAX_Decryption(block_cipher->clone(), tag_size)); } #endif -#if defined(BOTAN_HAS_AEAD_EAX) - if(mode_name == "EAX") +#if defined(BOTAN_HAS_AEAD_OCB) + if(mode == "OCB") + { + if(direction == ENCRYPTION) + return new AEAD_Filter(new OCB_Encryption(block_cipher->clone(), tag_size)); + else + return new AEAD_Filter(new OCB_Decryption(block_cipher->clone(), tag_size)); + } +#endif + +#if defined(BOTAN_HAS_AEAD_GCM) + if(mode == "GCM") + { + if(direction == ENCRYPTION) + return new AEAD_Filter(new GCM_Encryption(block_cipher->clone(), tag_size)); + else + return new AEAD_Filter(new GCM_Decryption(block_cipher->clone(), tag_size)); + } +#endif + +#endif + +#if defined(BOTAN_HAS_CFB) + if(mode_name == "CFB") { if(direction == ENCRYPTION) - return new AEAD_Filter(new EAX_Encryption(block_cipher->clone(), bits / 8)); + return new CFB_Encryption(block_cipher->clone(), bits); else - return new AEAD_Filter(new EAX_Decryption(block_cipher->clone(), bits / 8)); + return new CFB_Decryption(block_cipher->clone(), bits); } #endif + } return nullptr; |