encauth/ocb/ocb_done_encrypt.o \
misc/crypt/crypt_find_hash_id.o \
misc/crypt/crypt_find_hash_oid.o \
- encauth/ocb/ocb_encrypt.o \
- encauth/ocb/ocb_encrypt_authenticate_memory.o \
- encauth/ocb/ocb_init.o \
- encauth/ocb/ocb_ntz.o \
- encauth/ocb/ocb_shift_xor.o \
- encauth/ocb/ocb_test.o \
- encauth/ocb/s_ocb_done.o \
- encauth/ocb3/ocb3_add_aad.o \
- encauth/ocb3/ocb3_decrypt.o \
- encauth/ocb3/ocb3_decrypt_last.o \
- encauth/ocb3/ocb3_decrypt_verify_memory.o \
- encauth/ocb3/ocb3_done.o \
- encauth/ocb3/ocb3_encrypt.o \
- encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
- encauth/ocb3/ocb3_encrypt_last.o \
- encauth/ocb3/ocb3_init.o \
- encauth/ocb3/ocb3_int_ntz.o \
- encauth/ocb3/ocb3_int_xor_blocks.o \
- encauth/ocb3/ocb3_test.o \
hashes/blake2b.o \
hashes/blake2s.o \
hashes/chc/chc.o \
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_decrypt.c
- OCB implementation, decrypt data, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Decrypt a block with OCB.
- @param ocb The OCB state
- @param ct The ciphertext (length of the block size of the block cipher)
- @param pt [out] The plaintext (length of ct)
- @return CRYPT_OK if successful
-*/
-int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
-{
- unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
- int err, x;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
-
- /* check if valid cipher */
- if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
- return err;
- }
- LTC_ARGCHK(cipher_descriptor[ocb->cipher].ecb_decrypt != NULL);
-
- /* check length */
- if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
- return CRYPT_INVALID_ARG;
- }
-
- /* Get Z[i] value */
- ocb_shift_xor(ocb, Z);
-
- /* xor ct in, encrypt, xor Z out */
- for (x = 0; x < ocb->block_len; x++) {
- tmp[x] = ct[x] ^ Z[x];
- }
- if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key)) != CRYPT_OK) {
- return err;
- }
- for (x = 0; x < ocb->block_len; x++) {
- pt[x] ^= Z[x];
- }
-
- /* compute checksum */
- for (x = 0; x < ocb->block_len; x++) {
- ocb->checksum[x] ^= pt[x];
- }
-
-
-#ifdef LTC_CLEAN_STACK
- zeromem(Z, sizeof(Z));
- zeromem(tmp, sizeof(tmp));
-#endif
- return CRYPT_OK;
-}
-
-#endif
-
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_decrypt_verify_memory.c
- OCB implementation, helper to decrypt block of memory, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Decrypt and compare the tag with OCB.
- @param cipher The index of the cipher desired
- @param key The secret key
- @param keylen The length of the secret key (octets)
- @param nonce The session nonce (length of the block size of the block cipher)
- @param ct The ciphertext
- @param ctlen The length of the ciphertext (octets)
- @param pt [out] The plaintext
- @param tag The tag to compare against
- @param taglen The length of the tag (octets)
- @param stat [out] The result of the tag comparison (1==valid, 0==invalid)
- @return CRYPT_OK if successful regardless of the tag comparison
-*/
-int ocb_decrypt_verify_memory(int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce,
- const unsigned char *ct, unsigned long ctlen,
- unsigned char *pt,
- const unsigned char *tag, unsigned long taglen,
- int *stat)
-{
- int err;
- ocb_state *ocb;
-
- LTC_ARGCHK(key != NULL);
- LTC_ARGCHK(nonce != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(stat != NULL);
-
- /* allocate memory */
- ocb = XMALLOC(sizeof(ocb_state));
- if (ocb == NULL) {
- return CRYPT_MEM;
- }
-
- if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- while (ctlen > (unsigned long)ocb->block_len) {
- if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- ctlen -= ocb->block_len;
- pt += ocb->block_len;
- ct += ocb->block_len;
- }
-
- err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, stat);
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(ocb, sizeof(ocb_state));
-#endif
-
- XFREE(ocb);
-
- return err;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_done_decrypt.c
- OCB implementation, terminate decryption, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Terminate a decrypting OCB state
- @param ocb The OCB state
- @param ct The ciphertext (if any)
- @param ctlen The length of the ciphertext (octets)
- @param pt [out] The plaintext
- @param tag The authentication tag (to compare against)
- @param taglen The length of the authentication tag provided
- @param stat [out] The result of the tag comparison
- @return CRYPT_OK if the process was successful regardless if the tag is valid
-*/
-int ocb_done_decrypt(ocb_state *ocb,
- const unsigned char *ct, unsigned long ctlen,
- unsigned char *pt,
- const unsigned char *tag, unsigned long taglen, int *stat)
-{
- int err;
- unsigned char *tagbuf;
- unsigned long tagbuflen;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(stat != NULL);
-
- /* default to failed */
- *stat = 0;
-
- /* allocate memory */
- tagbuf = XMALLOC(MAXBLOCKSIZE);
- if (tagbuf == NULL) {
- return CRYPT_MEM;
- }
-
- tagbuflen = MAXBLOCKSIZE;
- if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- if (taglen <= tagbuflen && XMEM_NEQ(tagbuf, tag, taglen) == 0) {
- *stat = 1;
- }
-
- err = CRYPT_OK;
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(tagbuf, MAXBLOCKSIZE);
-#endif
-
- XFREE(tagbuf);
-
- return err;
-}
-
-#endif
-
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_done_encrypt.c
- OCB implementation, terminate encryption, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Terminate an encryption OCB state
- @param ocb The OCB state
- @param pt Remaining plaintext (if any)
- @param ptlen The length of the plaintext (octets)
- @param ct [out] The ciphertext (if any)
- @param tag [out] The tag for the OCB stream
- @param taglen [in/out] The max size and resulting size of the tag
- @return CRYPT_OK if successful
-*/
-int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct, unsigned char *tag, unsigned long *taglen)
-{
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(taglen != NULL);
- return s_ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
-}
-
-#endif
-
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_encrypt.c
- OCB implementation, encrypt data, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Encrypt a block of data with OCB.
- @param ocb The OCB state
- @param pt The plaintext (length of the block size of the block cipher)
- @param ct [out] The ciphertext (same size as the pt)
- @return CRYPT_OK if successful
-*/
-int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
-{
- unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
- int err, x;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
- return err;
- }
- if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
- return CRYPT_INVALID_ARG;
- }
-
- /* compute checksum */
- for (x = 0; x < ocb->block_len; x++) {
- ocb->checksum[x] ^= pt[x];
- }
-
- /* Get Z[i] value */
- ocb_shift_xor(ocb, Z);
-
- /* xor pt in, encrypt, xor Z out */
- for (x = 0; x < ocb->block_len; x++) {
- tmp[x] = pt[x] ^ Z[x];
- }
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, ct, &ocb->key)) != CRYPT_OK) {
- return err;
- }
- for (x = 0; x < ocb->block_len; x++) {
- ct[x] ^= Z[x];
- }
-
-#ifdef LTC_CLEAN_STACK
- zeromem(Z, sizeof(Z));
- zeromem(tmp, sizeof(tmp));
-#endif
- return CRYPT_OK;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_encrypt_authenticate_memory.c
- OCB implementation, encrypt block of memory, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Encrypt and generate an authentication code for a buffer of memory
- @param cipher The index of the cipher desired
- @param key The secret key
- @param keylen The length of the secret key (octets)
- @param nonce The session nonce (length of the block ciphers block size)
- @param pt The plaintext
- @param ptlen The length of the plaintext (octets)
- @param ct [out] The ciphertext
- @param tag [out] The authentication tag
- @param taglen [in/out] The max size and resulting size of the authentication tag
- @return CRYPT_OK if successful
-*/
-int ocb_encrypt_authenticate_memory(int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce,
- const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct,
- unsigned char *tag, unsigned long *taglen)
-{
- int err;
- ocb_state *ocb;
-
- LTC_ARGCHK(key != NULL);
- LTC_ARGCHK(nonce != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(taglen != NULL);
-
- /* allocate ram */
- ocb = XMALLOC(sizeof(ocb_state));
- if (ocb == NULL) {
- return CRYPT_MEM;
- }
-
- if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- while (ptlen > (unsigned long)ocb->block_len) {
- if ((err = ocb_encrypt(ocb, pt, ct)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- ptlen -= ocb->block_len;
- pt += ocb->block_len;
- ct += ocb->block_len;
- }
-
- err = ocb_done_encrypt(ocb, pt, ptlen, ct, tag, taglen);
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(ocb, sizeof(ocb_state));
-#endif
-
- XFREE(ocb);
-
- return err;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_init.c
- OCB implementation, initialize state, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-static const struct {
- int len;
- unsigned char poly_div[MAXBLOCKSIZE],
- poly_mul[MAXBLOCKSIZE];
-} polys[] = {
-{
- 8,
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B }
-}, {
- 16,
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 }
-}
-};
-
-/**
- Initialize an OCB context.
- @param ocb [out] The destination of the OCB state
- @param cipher The index of the desired cipher
- @param key The secret key
- @param keylen The length of the secret key (octets)
- @param nonce The session nonce (length of the block size of the cipher)
- @return CRYPT_OK if successful
-*/
-int ocb_init(ocb_state *ocb, int cipher,
- const unsigned char *key, unsigned long keylen, const unsigned char *nonce)
-{
- int poly, x, y, m, err;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(key != NULL);
- LTC_ARGCHK(nonce != NULL);
-
- /* valid cipher? */
- if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
- return err;
- }
-
- /* determine which polys to use */
- ocb->block_len = cipher_descriptor[cipher].block_length;
- x = (int)(sizeof(polys)/sizeof(polys[0]));
- for (poly = 0; poly < x; poly++) {
- if (polys[poly].len == ocb->block_len) {
- break;
- }
- }
- if (poly == x) {
- return CRYPT_INVALID_ARG; /* block_len not found in polys */
- }
- if (polys[poly].len != ocb->block_len) {
- return CRYPT_INVALID_ARG;
- }
-
- /* schedule the key */
- if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) {
- return err;
- }
-
- /* find L = E[0] */
- zeromem(ocb->L, ocb->block_len);
- if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key)) != CRYPT_OK) {
- return err;
- }
-
- /* find R = E[N xor L] */
- for (x = 0; x < ocb->block_len; x++) {
- ocb->R[x] = ocb->L[x] ^ nonce[x];
- }
- if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key)) != CRYPT_OK) {
- return err;
- }
-
- /* find Ls[i] = L << i for i == 0..31 */
- XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len);
- for (x = 1; x < 32; x++) {
- m = ocb->Ls[x-1][0] >> 7;
- for (y = 0; y < ocb->block_len-1; y++) {
- ocb->Ls[x][y] = ((ocb->Ls[x-1][y] << 1) | (ocb->Ls[x-1][y+1] >> 7)) & 255;
- }
- ocb->Ls[x][ocb->block_len-1] = (ocb->Ls[x-1][ocb->block_len-1] << 1) & 255;
-
- if (m == 1) {
- for (y = 0; y < ocb->block_len; y++) {
- ocb->Ls[x][y] ^= polys[poly].poly_mul[y];
- }
- }
- }
-
- /* find Lr = L / x */
- m = ocb->L[ocb->block_len-1] & 1;
-
- /* shift right */
- for (x = ocb->block_len - 1; x > 0; x--) {
- ocb->Lr[x] = ((ocb->L[x] >> 1) | (ocb->L[x-1] << 7)) & 255;
- }
- ocb->Lr[0] = ocb->L[0] >> 1;
-
- if (m == 1) {
- for (x = 0; x < ocb->block_len; x++) {
- ocb->Lr[x] ^= polys[poly].poly_div[x];
- }
- }
-
- /* set Li, checksum */
- zeromem(ocb->Li, ocb->block_len);
- zeromem(ocb->checksum, ocb->block_len);
-
- /* set other params */
- ocb->block_index = 1;
- ocb->cipher = cipher;
-
- return CRYPT_OK;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_ntz.c
- OCB implementation, internal function, by Tom St Denis
-*/
-
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Returns the number of leading zero bits [from lsb up]
- @param x The 32-bit value to observe
- @return The number of bits [from the lsb up] that are zero
-*/
-int ocb_ntz(unsigned long x)
-{
- int c;
- x &= 0xFFFFFFFFUL;
- c = 0;
- while ((x & 1) == 0) {
- ++c;
- x >>= 1;
- }
- return c;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_shift_xor.c
- OCB implementation, internal function, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Compute the shift/xor for OCB (internal function)
- @param ocb The OCB state
- @param Z The destination of the shift
-*/
-void ocb_shift_xor(ocb_state *ocb, unsigned char *Z)
-{
- int x, y;
- y = ocb_ntz(ocb->block_index++);
- for (x = 0; x < ocb->block_len; x++) {
- ocb->Li[x] ^= ocb->Ls[y][x];
- Z[x] = ocb->Li[x] ^ ocb->R[x];
- }
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb_test.c
- OCB implementation, self-test by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/**
- Test the OCB protocol
- @return CRYPT_OK if successful
-*/
-int ocb_test(void)
-{
-#ifndef LTC_TEST
- return CRYPT_NOP;
-#else
- static const struct {
- int ptlen;
- unsigned char key[16], nonce[16], pt[34], ct[34], tag[16];
- } tests[] = {
-
- /* OCB-AES-128-0B */
-{
- 0,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0 },
- /* ct */
- { 0 },
- /* tag */
- { 0x15, 0xd3, 0x7d, 0xd7, 0xc8, 0x90, 0xd5, 0xd6,
- 0xac, 0xab, 0x92, 0x7b, 0xc0, 0xdc, 0x60, 0xee },
-},
-
-
- /* OCB-AES-128-3B */
-{
- 3,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02 },
- /* ct */
- { 0xfc, 0xd3, 0x7d },
- /* tag */
- { 0x02, 0x25, 0x47, 0x39, 0xa5, 0xe3, 0x56, 0x5a,
- 0xe2, 0xdc, 0xd6, 0x2c, 0x65, 0x97, 0x46, 0xba },
-},
-
- /* OCB-AES-128-16B */
-{
- 16,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* ct */
- { 0x37, 0xdf, 0x8c, 0xe1, 0x5b, 0x48, 0x9b, 0xf3,
- 0x1d, 0x0f, 0xc4, 0x4d, 0xa1, 0xfa, 0xf6, 0xd6 },
- /* tag */
- { 0xdf, 0xb7, 0x63, 0xeb, 0xdb, 0x5f, 0x0e, 0x71,
- 0x9c, 0x7b, 0x41, 0x61, 0x80, 0x80, 0x04, 0xdf },
-},
-
- /* OCB-AES-128-20B */
-{
- 20,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13 },
- /* ct */
- { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
- 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
- 0x70, 0x03, 0xeb, 0x55},
- /* tag */
- { 0x75, 0x30, 0x84, 0x14, 0x4e, 0xb6, 0x3b, 0x77,
- 0x0b, 0x06, 0x3c, 0x2e, 0x23, 0xcd, 0xa0, 0xbb },
-},
-
- /* OCB-AES-128-32B */
-{
- 32,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
- /* ct */
- { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
- 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
- 0x4a, 0xfc, 0xbb, 0x7f, 0xed, 0xc0, 0x8c, 0xa8,
- 0x65, 0x4c, 0x6d, 0x30, 0x4d, 0x16, 0x12, 0xfa },
-
- /* tag */
- { 0xc1, 0x4c, 0xbf, 0x2c, 0x1a, 0x1f, 0x1c, 0x3c,
- 0x13, 0x7e, 0xad, 0xea, 0x1f, 0x2f, 0x2f, 0xcf },
-},
-
- /* OCB-AES-128-34B */
-{
- 34,
- /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
- /* nonce */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
- /* pt */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21 },
- /* ct */
- { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
- 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
- 0xd4, 0x90, 0x3d, 0xd0, 0x02, 0x5b, 0xa4, 0xaa,
- 0x83, 0x7c, 0x74, 0xf1, 0x21, 0xb0, 0x26, 0x0f,
- 0xa9, 0x5d },
-
- /* tag */
- { 0xcf, 0x83, 0x41, 0xbb, 0x10, 0x82, 0x0c, 0xcf,
- 0x14, 0xbd, 0xec, 0x56, 0xb8, 0xd7, 0xd6, 0xab },
-},
-
-};
-
- int err, x, idx, res;
- unsigned long len;
- unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
-
- /* AES can be under rijndael or aes... try to find it */
- if ((idx = find_cipher("aes")) == -1) {
- if ((idx = find_cipher("rijndael")) == -1) {
- return CRYPT_NOP;
- }
- }
-
- for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
- len = sizeof(outtag);
- if ((err = ocb_encrypt_authenticate_memory(idx, tests[x].key, 16,
- tests[x].nonce, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) {
- return err;
- }
-
- if (compare_testvector(outtag, len, tests[x].tag, sizeof(tests[x].tag), "OCB Tag", x) ||
- compare_testvector(outct, tests[x].ptlen, tests[x].ct, tests[x].ptlen, "OCB CT", x)) {
- return CRYPT_FAIL_TESTVECTOR;
- }
-
- if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen,
- outct, tests[x].tag, len, &res)) != CRYPT_OK) {
- return err;
- }
- if ((res != 1) || compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB", x)) {
-#ifdef LTC_TEST_DBG
- printf("\n\nOCB: Failure-decrypt - res = %d\n", res);
-#endif
- return CRYPT_FAIL_TESTVECTOR;
- }
- }
- return CRYPT_OK;
-#endif /* LTC_TEST */
-}
-
-#endif /* LTC_OCB_MODE */
-
-
-/* some comments
-
- -- it's hard to seek
- -- hard to stream [you can't emit ciphertext until full block]
- -- The setup is somewhat complicated...
-*/
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file s_ocb_done.c
- OCB implementation, internal helper, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB_MODE
-
-/* Since the last block is encrypted in CTR mode the same code can
- * be used to finish a decrypt or encrypt stream. The only difference
- * is we XOR the final ciphertext into the checksum so we have to xor it
- * before we CTR [decrypt] or after [encrypt]
- *
- * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it...
- */
-
-/**
- Shared code to finish an OCB stream
- @param ocb The OCB state
- @param pt The remaining plaintext [or input]
- @param ptlen The length of the input (octets)
- @param ct [out] The output buffer
- @param tag [out] The destination for the authentication tag
- @param taglen [in/out] The max size and resulting size of the authentication tag
- @param mode The mode we are terminating, 0==encrypt, 1==decrypt
- @return CRYPT_OK if successful
-*/
-int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
-
-{
- unsigned char *Z, *Y, *X;
- int err, x;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(taglen != NULL);
- if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
- return err;
- }
- if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length ||
- (int)ptlen > ocb->block_len || (int)ptlen < 0) {
- return CRYPT_INVALID_ARG;
- }
-
- /* allocate ram */
- Z = XMALLOC(MAXBLOCKSIZE);
- Y = XMALLOC(MAXBLOCKSIZE);
- X = XMALLOC(MAXBLOCKSIZE);
- if (X == NULL || Y == NULL || Z == NULL) {
- if (X != NULL) {
- XFREE(X);
- }
- if (Y != NULL) {
- XFREE(Y);
- }
- if (Z != NULL) {
- XFREE(Z);
- }
- return CRYPT_MEM;
- }
-
- /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */
- ocb_shift_xor(ocb, X);
- XMEMCPY(Z, X, ocb->block_len);
-
- X[ocb->block_len-1] ^= (ptlen*8)&255;
- X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255;
- for (x = 0; x < ocb->block_len; x++) {
- X[x] ^= ocb->Lr[x];
- }
-
- /* Y[m] = E(X[m])) */
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) {
- goto error;
- }
-
- if (mode == 1) {
- /* decrypt mode, so let's xor it first */
- /* xor C[m] into checksum */
- for (x = 0; x < (int)ptlen; x++) {
- ocb->checksum[x] ^= ct[x];
- }
- }
-
- /* C[m] = P[m] xor Y[m] */
- for (x = 0; x < (int)ptlen; x++) {
- ct[x] = pt[x] ^ Y[x];
- }
-
- if (mode == 0) {
- /* encrypt mode */
- /* xor C[m] into checksum */
- for (x = 0; x < (int)ptlen; x++) {
- ocb->checksum[x] ^= ct[x];
- }
- }
-
- /* xor Y[m] and Z[m] into checksum */
- for (x = 0; x < ocb->block_len; x++) {
- ocb->checksum[x] ^= Y[x] ^ Z[x];
- }
-
- /* encrypt checksum, er... tag!! */
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) {
- goto error;
- }
- cipher_descriptor[ocb->cipher].done(&ocb->key);
-
- /* now store it */
- for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) {
- tag[x] = X[x];
- }
- *taglen = x;
-
-#ifdef LTC_CLEAN_STACK
- zeromem(X, MAXBLOCKSIZE);
- zeromem(Y, MAXBLOCKSIZE);
- zeromem(Z, MAXBLOCKSIZE);
- zeromem(ocb, sizeof(*ocb));
-#endif
-error:
- XFREE(X);
- XFREE(Y);
- XFREE(Z);
-
- return err;
-}
-
-#endif
-
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_add_aad.c
- OCB implementation, add AAD data, by Karel Miko
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Add one block of AAD data (internal function)
- @param ocb The OCB state
- @param aad_block [in] AAD data (block_len size)
- @return CRYPT_OK if successful
-*/
-static int _ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block)
-{
- unsigned char tmp[MAXBLOCKSIZE];
- int err;
-
- /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
- ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_[ocb3_int_ntz(ocb->ablock_index)], ocb->block_len);
-
- /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
- ocb3_int_xor_blocks(tmp, aad_block, ocb->aOffset_current, ocb->block_len);
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
- return err;
- }
- ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len);
-
- ocb->ablock_index++;
-
- return CRYPT_OK;
-}
-
-/**
- Add AAD - additional associated data
- @param ocb The OCB state
- @param aad The AAD data
- @param aadlen The size of AAD data (octets)
- @return CRYPT_OK if successful
-*/
-int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen)
-{
- int err, x, full_blocks, full_blocks_len, last_block_len;
- unsigned char *data;
- unsigned long datalen, l;
-
- LTC_ARGCHK(ocb != NULL);
- if (aadlen == 0) return CRYPT_OK;
- LTC_ARGCHK(aad != NULL);
-
- if (ocb->adata_buffer_bytes > 0) {
- l = ocb->block_len - ocb->adata_buffer_bytes;
- if (l > aadlen) l = aadlen;
- XMEMCPY(ocb->adata_buffer+ocb->adata_buffer_bytes, aad, l);
- ocb->adata_buffer_bytes += l;
-
- if (ocb->adata_buffer_bytes == ocb->block_len) {
- if ((err = _ocb3_int_aad_add_block(ocb, ocb->adata_buffer)) != CRYPT_OK) {
- return err;
- }
- ocb->adata_buffer_bytes = 0;
- }
-
- data = (unsigned char *)aad + l;
- datalen = aadlen - l;
- }
- else {
- data = (unsigned char *)aad;
- datalen = aadlen;
- }
-
- if (datalen == 0) return CRYPT_OK;
-
- full_blocks = datalen/ocb->block_len;
- full_blocks_len = full_blocks * ocb->block_len;
- last_block_len = datalen - full_blocks_len;
-
- for (x=0; x<full_blocks; x++) {
- if ((err = _ocb3_int_aad_add_block(ocb, data+x*ocb->block_len)) != CRYPT_OK) {
- return err;
- }
- }
-
- if (last_block_len>0) {
- XMEMCPY(ocb->adata_buffer, data+full_blocks_len, last_block_len);
- ocb->adata_buffer_bytes = last_block_len;
- }
-
- return CRYPT_OK;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_decrypt.c
- OCB implementation, decrypt data, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Decrypt blocks of ciphertext with OCB
- @param ocb The OCB state
- @param ct The ciphertext (length multiple of the block size of the block cipher)
- @param ctlen The length of the input (octets)
- @param pt [out] The plaintext (length of ct)
- @return CRYPT_OK if successful
-*/
-int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt)
-{
- unsigned char tmp[MAXBLOCKSIZE];
- int err, i, full_blocks;
- unsigned char *pt_b, *ct_b;
-
- LTC_ARGCHK(ocb != NULL);
- if (ctlen == 0) return CRYPT_OK; /* no data, nothing to do */
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(pt != NULL);
-
- if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
- return err;
- }
- if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
- return CRYPT_INVALID_ARG;
- }
-
- if (ctlen % ocb->block_len) { /* ctlen has to bu multiple of block_len */
- return CRYPT_INVALID_ARG;
- }
-
- full_blocks = ctlen/ocb->block_len;
- for(i=0; i<full_blocks; i++) {
- pt_b = (unsigned char *)pt+i*ocb->block_len;
- ct_b = (unsigned char *)ct+i*ocb->block_len;
-
- /* ocb->Offset_current[] = ocb->Offset_current[] ^ Offset_{ntz(block_index)} */
- ocb3_int_xor_blocks(ocb->Offset_current, ocb->Offset_current, ocb->L_[ocb3_int_ntz(ocb->block_index)], ocb->block_len);
-
- /* tmp[] = ct[] XOR ocb->Offset_current[] */
- ocb3_int_xor_blocks(tmp, ct_b, ocb->Offset_current, ocb->block_len);
-
- /* decrypt */
- if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* pt[] = tmp[] XOR ocb->Offset_current[] */
- ocb3_int_xor_blocks(pt_b, tmp, ocb->Offset_current, ocb->block_len);
-
- /* ocb->checksum[] = ocb->checksum[] XOR pt[] */
- ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt_b, ocb->block_len);
-
- ocb->block_index++;
- }
-
- err = CRYPT_OK;
-
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(tmp, sizeof(tmp));
-#endif
- return err;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_decrypt_last.c
- OCB implementation, internal helper, by Karel Miko
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Finish an OCB (decryption) stream
- @param ocb The OCB state
- @param ct The remaining ciphertext
- @param ctlen The length of the ciphertext (octets)
- @param pt [out] The output buffer
- @return CRYPT_OK if successful
-*/
-int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt)
-{
- unsigned char iOffset_star[MAXBLOCKSIZE];
- unsigned char iPad[MAXBLOCKSIZE];
- int err, x, full_blocks, full_blocks_len, last_block_len;
-
- LTC_ARGCHK(ocb != NULL);
- if (ct == NULL) LTC_ARGCHK(ctlen == 0);
- if (ctlen != 0) {
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(pt != NULL);
- }
-
- if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- full_blocks = ctlen/ocb->block_len;
- full_blocks_len = full_blocks * ocb->block_len;
- last_block_len = ctlen - full_blocks_len;
-
- /* process full blocks first */
- if (full_blocks>0) {
- if ((err = ocb3_decrypt(ocb, ct, full_blocks_len, pt)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- }
-
- if (last_block_len>0) {
- /* Offset_* = Offset_m xor L_* */
- ocb3_int_xor_blocks(iOffset_star, ocb->Offset_current, ocb->L_star, ocb->block_len);
-
- /* Pad = ENCIPHER(K, Offset_*) */
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(iOffset_star, iPad, &ocb->key)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* P_* = C_* xor Pad[1..bitlen(C_*)] */
- ocb3_int_xor_blocks(pt+full_blocks_len, (unsigned char *)ct+full_blocks_len, iPad, last_block_len);
-
- /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
- ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt+full_blocks_len, last_block_len);
- for(x=last_block_len; x<ocb->block_len; x++) {
- if (x == last_block_len)
- ocb->checksum[x] ^= 0x80;
- else
- ocb->checksum[x] ^= 0x00;
- }
-
- /* Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */
- /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) */
- for(x=0; x<ocb->block_len; x++) {
- ocb->tag_part[x] = (ocb->checksum[x] ^ iOffset_star[x]) ^ ocb->L_dollar[x];
- }
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- }
- else {
- /* Tag = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) xor HASH(K,A) */
- /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) */
- for(x=0; x<ocb->block_len; x++) {
- ocb->tag_part[x] = (ocb->checksum[x] ^ ocb->Offset_current[x]) ^ ocb->L_dollar[x];
- }
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- }
-
- err = CRYPT_OK;
-
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(iOffset_star, MAXBLOCKSIZE);
- zeromem(iPad, MAXBLOCKSIZE);
-#endif
-
- return err;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_decrypt_verify_memory.c
- OCB implementation, helper to decrypt block of memory, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Decrypt and compare the tag with OCB
- @param cipher The index of the cipher desired
- @param key The secret key
- @param keylen The length of the secret key (octets)
- @param nonce The session nonce (length of the block size of the block cipher)
- @param noncelen The length of the nonce (octets)
- @param adata The AAD - additional associated data
- @param adatalen The length of AAD (octets)
- @param ct The ciphertext
- @param ctlen The length of the ciphertext (octets)
- @param pt [out] The plaintext
- @param tag The tag to compare against
- @param taglen The length of the tag (octets)
- @param stat [out] The result of the tag comparison (1==valid, 0==invalid)
- @return CRYPT_OK if successful regardless of the tag comparison
-*/
-int ocb3_decrypt_verify_memory(int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce, unsigned long noncelen,
- const unsigned char *adata, unsigned long adatalen,
- const unsigned char *ct, unsigned long ctlen,
- unsigned char *pt,
- const unsigned char *tag, unsigned long taglen,
- int *stat)
-{
- int err;
- ocb3_state *ocb;
- unsigned char *buf;
- unsigned long buflen;
-
- LTC_ARGCHK(stat != NULL);
-
- /* default to zero */
- *stat = 0;
-
- /* limit taglen */
- taglen = MIN(taglen, MAXBLOCKSIZE);
-
- /* allocate memory */
- buf = XMALLOC(taglen);
- ocb = XMALLOC(sizeof(ocb3_state));
- if (ocb == NULL || buf == NULL) {
- if (ocb != NULL) {
- XFREE(ocb);
- }
- if (buf != NULL) {
- XFREE(buf);
- }
- return CRYPT_MEM;
- }
-
- if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, taglen)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- if (adata != NULL || adatalen != 0) {
- if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- }
-
- if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- buflen = taglen;
- if ((err = ocb3_done(ocb, buf, &buflen)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* compare tags */
- if (buflen >= taglen && XMEM_NEQ(buf, tag, taglen) == 0) {
- *stat = 1;
- }
-
- err = CRYPT_OK;
-
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(ocb, sizeof(ocb3_state));
-#endif
-
- XFREE(ocb);
- XFREE(buf);
- return err;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_done.c
- OCB implementation, INTERNAL ONLY helper, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Finish OCB processing and compute the tag
- @param ocb The OCB state
- @param tag [out] The destination for the authentication tag
- @param taglen [in/out] The max size and resulting size of the authentication tag
- @return CRYPT_OK if successful
-*/
-int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen)
-{
- unsigned char tmp[MAXBLOCKSIZE];
- int err, x;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(tag != NULL);
- LTC_ARGCHK(taglen != NULL);
- if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* check taglen */
- if ((int)*taglen < ocb->tag_len) {
- *taglen = (unsigned long)ocb->tag_len;
- return CRYPT_BUFFER_OVERFLOW;
- }
-
- /* finalize AAD processing */
-
- if (ocb->adata_buffer_bytes>0) {
- /* Offset_* = Offset_m xor L_* */
- ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_star, ocb->block_len);
-
- /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */
- ocb3_int_xor_blocks(tmp, ocb->adata_buffer, ocb->aOffset_current, ocb->adata_buffer_bytes);
- for(x=ocb->adata_buffer_bytes; x<ocb->block_len; x++) {
- if (x == ocb->adata_buffer_bytes) {
- tmp[x] = 0x80 ^ ocb->aOffset_current[x];
- }
- else {
- tmp[x] = 0x00 ^ ocb->aOffset_current[x];
- }
- }
-
- /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len);
- }
-
- /* finalize TAG computing */
-
- /* at this point ocb->aSum_current = HASH(K, A) */
- /* tag = tag ^ HASH(K, A) */
- ocb3_int_xor_blocks(tmp, ocb->tag_part, ocb->aSum_current, ocb->block_len);
-
- /* copy tag bytes */
- for(x = 0; x < ocb->tag_len; x++) tag[x] = tmp[x];
- *taglen = (unsigned long)ocb->tag_len;
-
- err = CRYPT_OK;
-
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(tmp, MAXBLOCKSIZE);
- zeromem(ocb, sizeof(*ocb));
-#endif
-
- return err;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_encrypt.c
- OCB implementation, encrypt data, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Encrypt blocks of data with OCB
- @param ocb The OCB state
- @param pt The plaintext (length multiple of the block size of the block cipher)
- @param ptlen The length of the input (octets)
- @param ct [out] The ciphertext (same size as the pt)
- @return CRYPT_OK if successful
-*/
-int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct)
-{
- unsigned char tmp[MAXBLOCKSIZE];
- int err, i, full_blocks;
- unsigned char *pt_b, *ct_b;
-
- LTC_ARGCHK(ocb != NULL);
- if (ptlen == 0) return CRYPT_OK; /* no data, nothing to do */
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
-
- if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
- return err;
- }
- if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
- return CRYPT_INVALID_ARG;
- }
-
- if (ptlen % ocb->block_len) { /* ptlen has to bu multiple of block_len */
- return CRYPT_INVALID_ARG;
- }
-
- full_blocks = ptlen/ocb->block_len;
- for(i=0; i<full_blocks; i++) {
- pt_b = (unsigned char *)pt+i*ocb->block_len;
- ct_b = (unsigned char *)ct+i*ocb->block_len;
-
- /* ocb->Offset_current[] = ocb->Offset_current[] ^ Offset_{ntz(block_index)} */
- ocb3_int_xor_blocks(ocb->Offset_current, ocb->Offset_current, ocb->L_[ocb3_int_ntz(ocb->block_index)], ocb->block_len);
-
- /* tmp[] = pt[] XOR ocb->Offset_current[] */
- ocb3_int_xor_blocks(tmp, pt_b, ocb->Offset_current, ocb->block_len);
-
- /* encrypt */
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* ct[] = tmp[] XOR ocb->Offset_current[] */
- ocb3_int_xor_blocks(ct_b, tmp, ocb->Offset_current, ocb->block_len);
-
- /* ocb->checksum[] = ocb->checksum[] XOR pt[] */
- ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt_b, ocb->block_len);
-
- ocb->block_index++;
- }
-
- err = CRYPT_OK;
-
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(tmp, sizeof(tmp));
-#endif
- return err;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_encrypt_authenticate_memory.c
- OCB implementation, encrypt block of memory, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Encrypt and generate an authentication code for a buffer of memory
- @param cipher The index of the cipher desired
- @param key The secret key
- @param keylen The length of the secret key (octets)
- @param nonce The session nonce (length of the block ciphers block size)
- @param noncelen The length of the nonce (octets)
- @param adata The AAD - additional associated data
- @param adatalen The length of AAD (octets)
- @param pt The plaintext
- @param ptlen The length of the plaintext (octets)
- @param ct [out] The ciphertext
- @param tag [out] The authentication tag
- @param taglen [in/out] The max size and resulting size of the authentication tag
- @return CRYPT_OK if successful
-*/
-int ocb3_encrypt_authenticate_memory(int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce, unsigned long noncelen,
- const unsigned char *adata, unsigned long adatalen,
- const unsigned char *pt, unsigned long ptlen,
- unsigned char *ct,
- unsigned char *tag, unsigned long *taglen)
-{
- int err;
- ocb3_state *ocb;
-
- LTC_ARGCHK(taglen != NULL);
-
- /* allocate memory */
- ocb = XMALLOC(sizeof(ocb3_state));
- if (ocb == NULL) {
- return CRYPT_MEM;
- }
-
- if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, *taglen)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- if (adata != NULL || adatalen != 0) {
- if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- }
-
- if ((err = ocb3_encrypt_last(ocb, pt, ptlen, ct)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- err = ocb3_done(ocb, tag, taglen);
-
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(ocb, sizeof(ocb3_state));
-#endif
-
- XFREE(ocb);
- return err;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_encrypt_last.c
- OCB implementation, internal helper, by Karel Miko
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Finish an OCB (encryption) stream
- @param ocb The OCB state
- @param pt The remaining plaintext
- @param ptlen The length of the plaintext (octets)
- @param ct [out] The output buffer
- @return CRYPT_OK if successful
-*/
-int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct)
-{
- unsigned char iOffset_star[MAXBLOCKSIZE];
- unsigned char iPad[MAXBLOCKSIZE];
- int err, x, full_blocks, full_blocks_len, last_block_len;
-
- LTC_ARGCHK(ocb != NULL);
- if (pt == NULL) LTC_ARGCHK(ptlen == 0);
- if (ptlen != 0) {
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- }
-
- if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- full_blocks = ptlen/ocb->block_len;
- full_blocks_len = full_blocks * ocb->block_len;
- last_block_len = ptlen - full_blocks_len;
-
- /* process full blocks first */
- if (full_blocks>0) {
- if ((err = ocb3_encrypt(ocb, pt, full_blocks_len, ct)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- }
-
- /* at this point: m = ocb->block_index (last block index), Offset_m = ocb->Offset_current */
-
- if (last_block_len>0) {
- /* Offset_* = Offset_m xor L_* */
- ocb3_int_xor_blocks(iOffset_star, ocb->Offset_current, ocb->L_star, ocb->block_len);
-
- /* Pad = ENCIPHER(K, Offset_*) */
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(iOffset_star, iPad, &ocb->key)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* C_* = P_* xor Pad[1..bitlen(P_*)] */
- ocb3_int_xor_blocks(ct+full_blocks_len, pt+full_blocks_len, iPad, last_block_len);
-
- /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
- ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt+full_blocks_len, last_block_len);
- for(x=last_block_len; x<ocb->block_len; x++) {
- if (x == last_block_len)
- ocb->checksum[x] ^= 0x80;
- else
- ocb->checksum[x] ^= 0x00;
- }
-
- /* Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */
- /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) */
- for(x=0; x<ocb->block_len; x++) {
- ocb->tag_part[x] = (ocb->checksum[x] ^ iOffset_star[x]) ^ ocb->L_dollar[x];
- }
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- }
- else {
- /* Tag = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) xor HASH(K,A) */
- /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) */
- for(x=0; x<ocb->block_len; x++) {
- ocb->tag_part[x] = (ocb->checksum[x] ^ ocb->Offset_current[x]) ^ ocb->L_dollar[x];
- }
- if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- }
-
- err = CRYPT_OK;
-
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(iOffset_star, MAXBLOCKSIZE);
- zeromem(iPad, MAXBLOCKSIZE);
-#endif
-
- return err;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_init.c
- OCB implementation, initialize state, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-static void _ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen, unsigned long taglen)
-{
- int x, y, bottom;
- int idx, shift;
- unsigned char iNonce[MAXBLOCKSIZE];
- unsigned char iKtop[MAXBLOCKSIZE];
- unsigned char iStretch[MAXBLOCKSIZE+8];
-
- /* Nonce = zeros(127-bitlen(N)) || 1 || N */
- zeromem(iNonce, sizeof(iNonce));
- for (x = ocb->block_len-1, y=0; y<(int)noncelen; x--, y++) {
- iNonce[x] = nonce[noncelen-y-1];
- }
- iNonce[x] = 0x01;
- iNonce[0] |= ((taglen*8) % 128) << 1;
-
- /* bottom = str2num(Nonce[123..128]) */
- bottom = iNonce[ocb->block_len-1] & 0x3F;
-
- /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */
- iNonce[ocb->block_len-1] = iNonce[ocb->block_len-1] & 0xC0;
- if ((cipher_descriptor[ocb->cipher].ecb_encrypt(iNonce, iKtop, &ocb->key)) != CRYPT_OK) {
- zeromem(ocb->Offset_current, ocb->block_len);
- return;
- }
-
- /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */
- for (x = 0; x < ocb->block_len; x++) {
- iStretch[x] = iKtop[x];
- }
- for (y = 0; y < 8; y++) {
- iStretch[x+y] = iKtop[y] ^ iKtop[y+1];
- }
-
- /* Offset_0 = Stretch[1+bottom..128+bottom] */
- idx = bottom / 8;
- shift = (bottom % 8);
- for (x = 0; x < ocb->block_len; x++) {
- ocb->Offset_current[x] = iStretch[idx+x] << shift;
- if (shift > 0) {
- ocb->Offset_current[x] |= iStretch[idx+x+1] >> (8-shift);
- }
- }
-}
-
-static const struct {
- int len;
- unsigned char poly_mul[MAXBLOCKSIZE];
-} polys[] = {
-{
- 8,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B }
-}, {
- 16,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 }
-}
-};
-
-/**
- Initialize an OCB context
- @param ocb [out] The destination of the OCB state
- @param cipher The index of the desired cipher
- @param key The secret key
- @param keylen The length of the secret key (octets)
- @param nonce The session nonce
- @param noncelen The length of the session nonce (octets, up to 15)
- @param taglen The length of the tag (octets, up to 16)
- @return CRYPT_OK if successful
-*/
-int ocb3_init(ocb3_state *ocb, int cipher,
- const unsigned char *key, unsigned long keylen,
- const unsigned char *nonce, unsigned long noncelen,
- unsigned long taglen)
-{
- int poly, x, y, m, err;
- unsigned char *previous, *current;
-
- LTC_ARGCHK(ocb != NULL);
- LTC_ARGCHK(key != NULL);
- LTC_ARGCHK(nonce != NULL);
-
- /* valid cipher? */
- if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
- return err;
- }
- ocb->cipher = cipher;
-
- /* Valid Nonce?
- * As of RFC7253: "string of no more than 120 bits" */
- if (noncelen > (120/8)) {
- return CRYPT_INVALID_ARG;
- }
-
- /* The blockcipher must have a 128-bit blocksize */
- if (cipher_descriptor[cipher].block_length != 16) {
- return CRYPT_INVALID_ARG;
- }
-
- /* The TAGLEN may be any value up to 128 (bits) */
- if (taglen > 16) {
- return CRYPT_INVALID_ARG;
- }
- ocb->tag_len = taglen;
-
- /* determine which polys to use */
- ocb->block_len = cipher_descriptor[cipher].block_length;
- x = (int)(sizeof(polys)/sizeof(polys[0]));
- for (poly = 0; poly < x; poly++) {
- if (polys[poly].len == ocb->block_len) {
- break;
- }
- }
- if (poly == x) {
- return CRYPT_INVALID_ARG; /* block_len not found in polys */
- }
- if (polys[poly].len != ocb->block_len) {
- return CRYPT_INVALID_ARG;
- }
-
- /* schedule the key */
- if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) {
- return err;
- }
-
- /* L_* = ENCIPHER(K, zeros(128)) */
- zeromem(ocb->L_star, ocb->block_len);
- if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->L_star, ocb->L_star, &ocb->key)) != CRYPT_OK) {
- return err;
- }
-
- /* compute L_$, L_0, L_1, ... */
- for (x = -1; x < 32; x++) {
- if (x == -1) { /* gonna compute: L_$ = double(L_*) */
- current = ocb->L_dollar;
- previous = ocb->L_star;
- }
- else if (x == 0) { /* gonna compute: L_0 = double(L_$) */
- current = ocb->L_[0];
- previous = ocb->L_dollar;
- }
- else { /* gonna compute: L_i = double(L_{i-1}) for every integer i > 0 */
- current = ocb->L_[x];
- previous = ocb->L_[x-1];
- }
- m = previous[0] >> 7;
- for (y = 0; y < ocb->block_len-1; y++) {
- current[y] = ((previous[y] << 1) | (previous[y+1] >> 7)) & 255;
- }
- current[ocb->block_len-1] = (previous[ocb->block_len-1] << 1) & 255;
- if (m == 1) {
- /* current[] = current[] XOR polys[poly].poly_mul[]*/
- ocb3_int_xor_blocks(current, current, polys[poly].poly_mul, ocb->block_len);
- }
- }
-
- /* initialize ocb->Offset_current = Offset_0 */
- _ocb3_int_calc_offset_zero(ocb, nonce, noncelen, taglen);
-
- /* initialize checksum to all zeros */
- zeromem(ocb->checksum, ocb->block_len);
-
- /* set block index */
- ocb->block_index = 1;
-
- /* initialize AAD related stuff */
- ocb->ablock_index = 1;
- ocb->adata_buffer_bytes = 0;
- zeromem(ocb->aOffset_current, ocb->block_len);
- zeromem(ocb->aSum_current, ocb->block_len);
-
- return CRYPT_OK;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_int_ntz.c
- OCB implementation, INTERNAL ONLY helper, by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Returns the number of leading zero bits [from lsb up] (internal function)
- @param x The 32-bit value to observe
- @return The number of bits [from the lsb up] that are zero
-*/
-int ocb3_int_ntz(unsigned long x)
-{
- int c;
- x &= 0xFFFFFFFFUL;
- c = 0;
- while ((x & 1) == 0) {
- ++c;
- x >>= 1;
- }
- return c;
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_int_xor_blocks.c
- OCB implementation, INTERNAL ONLY helper, by Karel Miko
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Compute xor for two blocks of bytes 'out = block_a XOR block_b' (internal function)
- @param out The block of bytes (output)
- @param block_a The block of bytes (input)
- @param block_b The block of bytes (input)
- @param block_len The size of block_a, block_b, out
-*/
-void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len)
-{
- int x;
- if (out == block_a) {
- for (x = 0; x < (int)block_len; x++) out[x] ^= block_b[x];
- }
- else {
- for (x = 0; x < (int)block_len; x++) out[x] = block_a[x] ^ block_b[x];
- }
-}
-
-#endif
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
+++ /dev/null
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
- @file ocb3_test.c
- OCB implementation, self-test by Tom St Denis
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
- Test the OCB protocol
- @return CRYPT_OK if successful
-*/
-int ocb3_test(void)
-{
-#ifndef LTC_TEST
- return CRYPT_NOP;
-#else
- /* test vectors from: http://tools.ietf.org/html/draft-krovetz-ocb-03 */
- unsigned char key[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
- unsigned char nonce[12] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B };
- const struct {
- int ptlen;
- int aadlen;
- unsigned char pt[64], aad[64], ct[64], tag[16];
- } tests[] = {
-
- { /* index:0 */
- 0, /* PLAINTEXT length */
- 0, /* AAD length */
- { 0 }, /* PLAINTEXT */
- { 0 }, /* AAD */
- { 0 }, /* CIPHERTEXT */
- { 0x19,0x7b,0x9c,0x3c,0x44,0x1d,0x3c,0x83,0xea,0xfb,0x2b,0xef,0x63,0x3b,0x91,0x82 }, /* TAG */
- },
- { /* index:1 */
- 8, /* PLAINTEXT length */
- 8, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* AAD */
- { 0x92,0xb6,0x57,0x13,0x0a,0x74,0xb8,0x5a }, /* CIPHERTEXT */
- { 0x16,0xdc,0x76,0xa4,0x6d,0x47,0xe1,0xea,0xd5,0x37,0x20,0x9e,0x8a,0x96,0xd1,0x4e }, /* TAG */
- },
- { /* index:2 */
- 0, /* PLAINTEXT length */
- 8, /* AAD length */
- { 0 }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* AAD */
- { 0 }, /* CIPHERTEXT */
- { 0x98,0xb9,0x15,0x52,0xc8,0xc0,0x09,0x18,0x50,0x44,0xe3,0x0a,0x6e,0xb2,0xfe,0x21 }, /* TAG */
- },
- { /* index:3 */
- 8, /* PLAINTEXT length */
- 0, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* PLAINTEXT */
- { 0 }, /* AAD */
- { 0x92,0xb6,0x57,0x13,0x0a,0x74,0xb8,0x5a }, /* CIPHERTEXT */
- { 0x97,0x1e,0xff,0xca,0xe1,0x9a,0xd4,0x71,0x6f,0x88,0xe8,0x7b,0x87,0x1f,0xbe,0xed }, /* TAG */
- },
- { /* index:4 */
- 16, /* PLAINTEXT length */
- 16, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* AAD */
- { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22 }, /* CIPHERTEXT */
- { 0x77,0x6c,0x99,0x24,0xd6,0x72,0x3a,0x1f,0xc4,0x52,0x45,0x32,0xac,0x3e,0x5b,0xeb }, /* TAG */
- },
- { /* index:5 */
- 0, /* PLAINTEXT length */
- 16, /* AAD length */
- { 0 }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* AAD */
- { 0 }, /* CIPHERTEXT */
- { 0x7d,0xdb,0x8e,0x6c,0xea,0x68,0x14,0x86,0x62,0x12,0x50,0x96,0x19,0xb1,0x9c,0xc6 }, /* TAG */
- },
- { /* index:6 */
- 16, /* PLAINTEXT length */
- 0, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* PLAINTEXT */
- { 0 }, /* AAD */
- { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22 }, /* CIPHERTEXT */
- { 0x13,0xcc,0x8b,0x74,0x78,0x07,0x12,0x1a,0x4c,0xbb,0x3e,0x4b,0xd6,0xb4,0x56,0xaf }, /* TAG */
- },
- { /* index:7 */
- 24, /* PLAINTEXT length */
- 24, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* AAD */
- { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xfc,0xfc,0xee,0x7a,0x2a,0x8d,0x4d,0x48 }, /* CIPHERTEXT */
- { 0x5f,0xa9,0x4f,0xc3,0xf3,0x88,0x20,0xf1,0xdc,0x3f,0x3d,0x1f,0xd4,0xe5,0x5e,0x1c }, /* TAG */
- },
- { /* index:8 */
- 0, /* PLAINTEXT length */
- 24, /* AAD length */
- { 0 }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* AAD */
- { 0 }, /* CIPHERTEXT */
- { 0x28,0x20,0x26,0xda,0x30,0x68,0xbc,0x9f,0xa1,0x18,0x68,0x1d,0x55,0x9f,0x10,0xf6 }, /* TAG */
- },
- { /* index:9 */
- 24, /* PLAINTEXT length */
- 0, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* PLAINTEXT */
- { 0 }, /* AAD */
- { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xfc,0xfc,0xee,0x7a,0x2a,0x8d,0x4d,0x48 }, /* CIPHERTEXT */
- { 0x6e,0xf2,0xf5,0x25,0x87,0xfd,0xa0,0xed,0x97,0xdc,0x7e,0xed,0xe2,0x41,0xdf,0x68 }, /* TAG */
- },
- { /* index:10 */
- 32, /* PLAINTEXT length */
- 32, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* AAD */
- { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb }, /* CIPHERTEXT */
- { 0xb2,0xa0,0x40,0xdd,0x3b,0xd5,0x16,0x43,0x72,0xd7,0x6d,0x7b,0xb6,0x82,0x42,0x40 }, /* TAG */
- },
- { /* index:11 */
- 0, /* PLAINTEXT length */
- 32, /* AAD length */
- { 0 }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* AAD */
- { 0 }, /* CIPHERTEXT */
- { 0xe1,0xe0,0x72,0x63,0x3b,0xad,0xe5,0x1a,0x60,0xe8,0x59,0x51,0xd9,0xc4,0x2a,0x1b }, /* TAG */
- },
- { /* index:12 */
- 32, /* PLAINTEXT length */
- 0, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* PLAINTEXT */
- { 0 }, /* AAD */
- { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb }, /* CIPHERTEXT */
- { 0x4a,0x3b,0xae,0x82,0x44,0x65,0xcf,0xda,0xf8,0xc4,0x1f,0xc5,0x0c,0x7d,0xf9,0xd9 }, /* TAG */
- },
- { /* index:13 */
- 40, /* PLAINTEXT length */
- 40, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* AAD */
- { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb,0x68,0xc6,0x57,0x78,0xb0,0x58,0xa6,0x35 }, /* CIPHERTEXT */
- { 0x65,0x9c,0x62,0x32,0x11,0xde,0xea,0x0d,0xe3,0x0d,0x2c,0x38,0x18,0x79,0xf4,0xc8 }, /* TAG */
- },
- { /* index:14 */
- 0, /* PLAINTEXT length */
- 40, /* AAD length */
- { 0 }, /* PLAINTEXT */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* AAD */
- { 0 }, /* CIPHERTEXT */
- { 0x7a,0xeb,0x7a,0x69,0xa1,0x68,0x7d,0xd0,0x82,0xca,0x27,0xb0,0xd9,0xa3,0x70,0x96 }, /* TAG */
- },
- { /* index:15 */
- 40, /* PLAINTEXT length */
- 0, /* AAD length */
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* PLAINTEXT */
- { 0 }, /* AAD */
- { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb,0x68,0xc6,0x57,0x78,0xb0,0x58,0xa6,0x35 }, /* CIPHERTEXT */
- { 0x06,0x0c,0x84,0x67,0xf4,0xab,0xab,0x5e,0x8b,0x3c,0x20,0x67,0xa2,0xe1,0x15,0xdc }, /* TAG */
- },
-
-};
- /* As of RFC 7253 - 'Appendix A. Sample Results'
- * The next tuple shows a result with a tag length of 96 bits and a
- different key.
-
- K: 0F0E0D0C0B0A09080706050403020100
-
- N: BBAA9988776655443322110D
- A: 000102030405060708090A0B0C0D0E0F1011121314151617
- 18191A1B1C1D1E1F2021222324252627
- P: 000102030405060708090A0B0C0D0E0F1011121314151617
- 18191A1B1C1D1E1F2021222324252627
- C: 1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1
- A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FD
- AC4F02AA
-
- The C has been split up in C and T (tag)
- */
- const unsigned char K[] = { 0x0F,0x0E,0x0D,0x0C,0x0B,0x0A,0x09,0x08,
- 0x07,0x06,0x05,0x04,0x03,0x02,0x01,0x00 };
- const unsigned char N[] = { 0xBB,0xAA,0x99,0x88,0x77,0x66,0x55,0x44,
- 0x33,0x22,0x11,0x0D };
- const unsigned char A[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
- 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
- 0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
- 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 };
- const unsigned char P[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
- 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
- 0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
- 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 };
- const unsigned char C[] = { 0x17,0x92,0xA4,0xE3,0x1E,0x07,0x55,0xFB,
- 0x03,0xE3,0x1B,0x22,0x11,0x6E,0x6C,0x2D,
- 0xDF,0x9E,0xFD,0x6E,0x33,0xD5,0x36,0xF1,
- 0xA0,0x12,0x4B,0x0A,0x55,0xBA,0xE8,0x84,
- 0xED,0x93,0x48,0x15,0x29,0xC7,0x6B,0x6A };
- const unsigned char T[] = { 0xD0,0xC5,0x15,0xF4,0xD1,0xCD,0xD4,0xFD,
- 0xAC,0x4F,0x02,0xAA };
-
- int err, x, idx, res;
- unsigned long len;
- unsigned char outct[MAXBLOCKSIZE] = { 0 };
- unsigned char outtag[MAXBLOCKSIZE] = { 0 };
- ocb3_state ocb;
-
- /* AES can be under rijndael or aes... try to find it */
- if ((idx = find_cipher("aes")) == -1) {
- if ((idx = find_cipher("rijndael")) == -1) {
- return CRYPT_NOP;
- }
- }
-
- for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
- len = 16; /* must be the same as the required taglen */
- if ((err = ocb3_encrypt_authenticate_memory(idx,
- key, sizeof(key),
- nonce, sizeof(nonce),
- tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
- tests[x].ptlen != 0 ? tests[x].pt : NULL, tests[x].ptlen,
- tests[x].ptlen != 0 ? outct : NULL, outtag, &len)) != CRYPT_OK) {
- return err;
- }
-
- if (compare_testvector(outtag, len, tests[x].tag, sizeof(tests[x].tag), "OCB3 Tag", x) ||
- compare_testvector(outct, tests[x].ptlen, tests[x].ct, tests[x].ptlen, "OCB3 CT", x)) {
- return CRYPT_FAIL_TESTVECTOR;
- }
-
- if ((err = ocb3_decrypt_verify_memory(idx,
- key, sizeof(key),
- nonce, sizeof(nonce),
- tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
- tests[x].ptlen != 0 ? outct : NULL, tests[x].ptlen,
- tests[x].ptlen != 0 ? outct : NULL, tests[x].tag, len, &res)) != CRYPT_OK) {
- return err;
- }
- if ((res != 1) || compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB3", x)) {
-#ifdef LTC_TEST_DBG
- printf("\n\nOCB3: Failure-decrypt - res = %d\n", res);
-#endif
- return CRYPT_FAIL_TESTVECTOR;
- }
- }
-
- /* RFC 7253 - test vector with a tag length of 96 bits - part 1 */
- x = 99;
- len = 12;
- if ((err = ocb3_encrypt_authenticate_memory(idx,
- K, sizeof(K),
- N, sizeof(N),
- A, sizeof(A),
- P, sizeof(P),
- outct, outtag, &len)) != CRYPT_OK) {
- return err;
- }
-
- if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag", x) ||
- compare_testvector(outct, sizeof(P), C, sizeof(C), "OCB3 CT", x)) {
- return CRYPT_FAIL_TESTVECTOR;
- }
-
- if ((err = ocb3_decrypt_verify_memory(idx,
- K, sizeof(K),
- N, sizeof(N),
- A, sizeof(A),
- C, sizeof(C),
- outct, T, sizeof(T), &res)) != CRYPT_OK) {
- return err;
- }
- if ((res != 1) || compare_testvector(outct, sizeof(C), P, sizeof(P), "OCB3", x)) {
-#ifdef LTC_TEST_DBG
- printf("\n\nOCB3: Failure-decrypt - res = %d\n", res);
-#endif
- return CRYPT_FAIL_TESTVECTOR;
- }
-
- /* RFC 7253 - test vector with a tag length of 96 bits - part 2 */
- x = 100;
- if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK) return err;
- if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK) return err;
- if ((err = ocb3_encrypt(&ocb, P, 32, outct)) != CRYPT_OK) return err;
- if ((err = ocb3_encrypt_last(&ocb, P+32, sizeof(P)-32, outct+32)) != CRYPT_OK) return err;
- len = sizeof(outtag); /* intentionally more than 12 */
- if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK) return err;
- if (compare_testvector(outct, sizeof(P), C, sizeof(C), "OCB3 CT", x)) return CRYPT_FAIL_TESTVECTOR;
- if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.enc", x)) return CRYPT_FAIL_TESTVECTOR;
- if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK) return err;
- if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK) return err;
- if ((err = ocb3_decrypt(&ocb, C, 32, outct)) != CRYPT_OK) return err;
- if ((err = ocb3_decrypt_last(&ocb, C+32, sizeof(C)-32, outct+32)) != CRYPT_OK) return err;
- len = sizeof(outtag); /* intentionally more than 12 */
- if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK) return err;
- if (compare_testvector(outct, sizeof(C), P, sizeof(P), "OCB3 PT", x)) return CRYPT_FAIL_TESTVECTOR;
- if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.dec", x)) return CRYPT_FAIL_TESTVECTOR;
-
- return CRYPT_OK;
-#endif /* LTC_TEST */
-}
-
-#endif /* LTC_OCB3_MODE */
-
-/* ref: $Format:%D$ */
-/* git commit: $Format:%H$ */
-/* commit time: $Format:%ai$ */
projects / zpackage / commitdiff