From 3ad91d3c8c06cf77e69b9a1c80fce236f660956b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 11 Sep 2017 13:12:13 -0400 Subject: Add alternate form for matching OCB ref code --- src/lib/modes/aead/ocb/ocb.cpp | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) (limited to 'src/lib/modes') diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 7ebb0a5f0..4eb8089b5 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -210,7 +210,12 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) secure_vector nonce_buf(BS); copy_mem(&nonce_buf[BS - nonce_len], nonce, nonce_len); + #if 0 nonce_buf[0] = ((tag_size()*8) % (BS*8)) << (BS <= 16 ? 1 : 0); + #else + nonce_buf[0] = (tag_size()*8) << (BS <= 16 ? 1 : 0); + #endif + nonce_buf[BS - nonce_len - 1] ^= 1; const uint8_t bottom = nonce_buf[BS-1] & BOTTOM_MASK; @@ -244,7 +249,7 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) | 1024 | 524355 | 352 | 9 | +----------+---------+-------+---------+ */ - +#if 0 if(BS == 16) { for(size_t i = 0; i != BS / 2; ++i) @@ -265,12 +270,35 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) for(size_t i = 0; i != BS / 2; ++i) nonce_buf.push_back(nonce_buf[i] ^ nonce_buf[i+22]); } +#else + nonce_buf.insert(nonce_buf.end(), nonce_buf.begin(), nonce_buf.end()); + + if(BS == 16) + { + for(size_t i = BS; i != BS + (BS / 2); ++i) + nonce_buf[i] ^= nonce_buf[i+1]; + } + else if(BS == 24) + { + for(size_t i = BS; i != BS + (BS / 2); ++i) + nonce_buf[i] ^= nonce_buf[i+5]; + } + else if(BS == 32) + { + for(size_t i = BS; i != BS + (BS / 2); ++i) + nonce_buf[i] ^= (nonce_buf[i] << 1) ^ (nonce_buf[i+1] >> 7); + } + else if(BS == 64) + { + for(size_t i = BS; i != BS + (BS / 2); ++i) + nonce_buf[i] ^= nonce_buf[i+22]; + } +#endif m_stretch = nonce_buf; } // now set the offset from stretch and bottom - const size_t shift_bytes = bottom / 8; const size_t shift_bits = bottom % 8; @@ -373,9 +401,7 @@ void OCB_Encryption::finish(secure_vector& buffer, size_t offset) secure_vector mac = m_offset; mac ^= checksum; mac ^= m_L->dollar(); - m_cipher->encrypt(mac); - mac ^= m_ad_hash; buffer += std::make_pair(mac.data(), tag_size()); -- cgit v1.2.3