From a670d5d3211446a123f1af646c867ee4aabadc49 Mon Sep 17 00:00:00 2001 From: Nathan Wagner Date: Sun, 7 Jul 2019 00:30:04 +0000 Subject: [PATCH] remove encauth ocb ocb3 --- Makefile | 19 -- libtomcrypt/src/encauth/ocb/ocb_decrypt.c | 77 ----- .../encauth/ocb/ocb_decrypt_verify_memory.c | 84 ----- .../src/encauth/ocb/ocb_done_decrypt.c | 78 ----- .../src/encauth/ocb/ocb_done_encrypt.c | 44 --- libtomcrypt/src/encauth/ocb/ocb_encrypt.c | 70 ---- .../ocb/ocb_encrypt_authenticate_memory.c | 82 ----- libtomcrypt/src/encauth/ocb/ocb_init.c | 139 -------- libtomcrypt/src/encauth/ocb/ocb_ntz.c | 40 --- libtomcrypt/src/encauth/ocb/ocb_shift_xor.c | 37 --- libtomcrypt/src/encauth/ocb/ocb_test.c | 215 ------------ libtomcrypt/src/encauth/ocb/s_ocb_done.c | 146 --------- libtomcrypt/src/encauth/ocb3/ocb3_add_aad.c | 106 ------ libtomcrypt/src/encauth/ocb3/ocb3_decrypt.c | 86 ----- .../src/encauth/ocb3/ocb3_decrypt_last.c | 110 ------- .../encauth/ocb3/ocb3_decrypt_verify_memory.c | 110 ------- libtomcrypt/src/encauth/ocb3/ocb3_done.c | 92 ------ libtomcrypt/src/encauth/ocb3/ocb3_encrypt.c | 86 ----- .../ocb3/ocb3_encrypt_authenticate_memory.c | 82 ----- .../src/encauth/ocb3/ocb3_encrypt_last.c | 112 ------- libtomcrypt/src/encauth/ocb3/ocb3_init.c | 196 ----------- libtomcrypt/src/encauth/ocb3/ocb3_int_ntz.c | 39 --- .../src/encauth/ocb3/ocb3_int_xor_blocks.c | 40 --- libtomcrypt/src/encauth/ocb3/ocb3_test.c | 309 ------------------ 24 files changed, 2399 deletions(-) delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_decrypt.c delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_done_decrypt.c delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_done_encrypt.c delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_encrypt.c delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_init.c delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_ntz.c delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_shift_xor.c delete mode 100644 libtomcrypt/src/encauth/ocb/ocb_test.c delete mode 100644 libtomcrypt/src/encauth/ocb/s_ocb_done.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_add_aad.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_decrypt.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_decrypt_last.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_decrypt_verify_memory.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_done.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_encrypt.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_encrypt_last.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_init.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_int_ntz.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_int_xor_blocks.c delete mode 100644 libtomcrypt/src/encauth/ocb3/ocb3_test.c diff --git a/Makefile b/Makefile index 9800cfe..c3202e6 100644 --- a/Makefile +++ b/Makefile @@ -403,25 +403,6 @@ LTCOBJ= \ encauth/ocb/ocb_done_encrypt.o \ misc/crypt/crypt_find_hash_id.o \ misc/crypt/crypt_find_hash_oid.o \ - encauth/ocb/ocb_encrypt.o \ - encauth/ocb/ocb_encrypt_authenticate_memory.o \ - encauth/ocb/ocb_init.o \ - encauth/ocb/ocb_ntz.o \ - encauth/ocb/ocb_shift_xor.o \ - encauth/ocb/ocb_test.o \ - encauth/ocb/s_ocb_done.o \ - encauth/ocb3/ocb3_add_aad.o \ - encauth/ocb3/ocb3_decrypt.o \ - encauth/ocb3/ocb3_decrypt_last.o \ - encauth/ocb3/ocb3_decrypt_verify_memory.o \ - encauth/ocb3/ocb3_done.o \ - encauth/ocb3/ocb3_encrypt.o \ - encauth/ocb3/ocb3_encrypt_authenticate_memory.o \ - encauth/ocb3/ocb3_encrypt_last.o \ - encauth/ocb3/ocb3_init.o \ - encauth/ocb3/ocb3_int_ntz.o \ - encauth/ocb3/ocb3_int_xor_blocks.o \ - encauth/ocb3/ocb3_test.o \ hashes/blake2b.o \ hashes/blake2s.o \ hashes/chc/chc.o \ diff --git a/libtomcrypt/src/encauth/ocb/ocb_decrypt.c b/libtomcrypt/src/encauth/ocb/ocb_decrypt.c deleted file mode 100644 index 5dc8dad..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_decrypt.c +++ /dev/null @@ -1,77 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_decrypt.c - OCB implementation, decrypt data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Decrypt a block with OCB. - @param ocb The OCB state - @param ct The ciphertext (length of the block size of the block cipher) - @param pt [out] The plaintext (length of ct) - @return CRYPT_OK if successful -*/ -int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt) -{ - unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - /* check if valid cipher */ - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - LTC_ARGCHK(cipher_descriptor[ocb->cipher].ecb_decrypt != NULL); - - /* check length */ - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - /* Get Z[i] value */ - ocb_shift_xor(ocb, Z); - - /* xor ct in, encrypt, xor Z out */ - for (x = 0; x < ocb->block_len; x++) { - tmp[x] = ct[x] ^ Z[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key)) != CRYPT_OK) { - return err; - } - for (x = 0; x < ocb->block_len; x++) { - pt[x] ^= Z[x]; - } - - /* compute checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= pt[x]; - } - - -#ifdef LTC_CLEAN_STACK - zeromem(Z, sizeof(Z)); - zeromem(tmp, sizeof(tmp)); -#endif - return CRYPT_OK; -} - -#endif - - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c b/libtomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c deleted file mode 100644 index a7a47f0..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c +++ /dev/null @@ -1,84 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_decrypt_verify_memory.c - OCB implementation, helper to decrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Decrypt and compare the tag with OCB. - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the block cipher) - @param ct The ciphertext - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The tag to compare against - @param taglen The length of the tag (octets) - @param stat [out] The result of the tag comparison (1==valid, 0==invalid) - @return CRYPT_OK if successful regardless of the tag comparison -*/ -int ocb_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat) -{ - int err; - ocb_state *ocb; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(stat != NULL); - - /* allocate memory */ - ocb = XMALLOC(sizeof(ocb_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) { - goto LBL_ERR; - } - - while (ctlen > (unsigned long)ocb->block_len) { - if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) { - goto LBL_ERR; - } - ctlen -= ocb->block_len; - pt += ocb->block_len; - ct += ocb->block_len; - } - - err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, stat); -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb_state)); -#endif - - XFREE(ocb); - - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/ocb_done_decrypt.c b/libtomcrypt/src/encauth/ocb/ocb_done_decrypt.c deleted file mode 100644 index 357bd84..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_done_decrypt.c +++ /dev/null @@ -1,78 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_done_decrypt.c - OCB implementation, terminate decryption, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Terminate a decrypting OCB state - @param ocb The OCB state - @param ct The ciphertext (if any) - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The authentication tag (to compare against) - @param taglen The length of the authentication tag provided - @param stat [out] The result of the tag comparison - @return CRYPT_OK if the process was successful regardless if the tag is valid -*/ -int ocb_done_decrypt(ocb_state *ocb, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, int *stat) -{ - int err; - unsigned char *tagbuf; - unsigned long tagbuflen; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(stat != NULL); - - /* default to failed */ - *stat = 0; - - /* allocate memory */ - tagbuf = XMALLOC(MAXBLOCKSIZE); - if (tagbuf == NULL) { - return CRYPT_MEM; - } - - tagbuflen = MAXBLOCKSIZE; - if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (taglen <= tagbuflen && XMEM_NEQ(tagbuf, tag, taglen) == 0) { - *stat = 1; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tagbuf, MAXBLOCKSIZE); -#endif - - XFREE(tagbuf); - - return err; -} - -#endif - - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/ocb_done_encrypt.c b/libtomcrypt/src/encauth/ocb/ocb_done_encrypt.c deleted file mode 100644 index 12ea68f..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_done_encrypt.c +++ /dev/null @@ -1,44 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_done_encrypt.c - OCB implementation, terminate encryption, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Terminate an encryption OCB state - @param ocb The OCB state - @param pt Remaining plaintext (if any) - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext (if any) - @param tag [out] The tag for the OCB stream - @param taglen [in/out] The max size and resulting size of the tag - @return CRYPT_OK if successful -*/ -int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen) -{ - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - return s_ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0); -} - -#endif - - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/ocb_encrypt.c b/libtomcrypt/src/encauth/ocb/ocb_encrypt.c deleted file mode 100644 index aad76a0..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_encrypt.c +++ /dev/null @@ -1,70 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_encrypt.c - OCB implementation, encrypt data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Encrypt a block of data with OCB. - @param ocb The OCB state - @param pt The plaintext (length of the block size of the block cipher) - @param ct [out] The ciphertext (same size as the pt) - @return CRYPT_OK if successful -*/ -int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct) -{ - unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - /* compute checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= pt[x]; - } - - /* Get Z[i] value */ - ocb_shift_xor(ocb, Z); - - /* xor pt in, encrypt, xor Z out */ - for (x = 0; x < ocb->block_len; x++) { - tmp[x] = pt[x] ^ Z[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, ct, &ocb->key)) != CRYPT_OK) { - return err; - } - for (x = 0; x < ocb->block_len; x++) { - ct[x] ^= Z[x]; - } - -#ifdef LTC_CLEAN_STACK - zeromem(Z, sizeof(Z)); - zeromem(tmp, sizeof(tmp)); -#endif - return CRYPT_OK; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c b/libtomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c deleted file mode 100644 index 1793a64..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c +++ /dev/null @@ -1,82 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_encrypt_authenticate_memory.c - OCB implementation, encrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Encrypt and generate an authentication code for a buffer of memory - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block ciphers block size) - @param pt The plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext - @param tag [out] The authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int ocb_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen) -{ - int err; - ocb_state *ocb; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - - /* allocate ram */ - ocb = XMALLOC(sizeof(ocb_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) { - goto LBL_ERR; - } - - while (ptlen > (unsigned long)ocb->block_len) { - if ((err = ocb_encrypt(ocb, pt, ct)) != CRYPT_OK) { - goto LBL_ERR; - } - ptlen -= ocb->block_len; - pt += ocb->block_len; - ct += ocb->block_len; - } - - err = ocb_done_encrypt(ocb, pt, ptlen, ct, tag, taglen); -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb_state)); -#endif - - XFREE(ocb); - - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/ocb_init.c b/libtomcrypt/src/encauth/ocb/ocb_init.c deleted file mode 100644 index e008a44..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_init.c +++ /dev/null @@ -1,139 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_init.c - OCB implementation, initialize state, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -static const struct { - int len; - unsigned char poly_div[MAXBLOCKSIZE], - poly_mul[MAXBLOCKSIZE]; -} polys[] = { -{ - 8, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B } -}, { - 16, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 } -} -}; - -/** - Initialize an OCB context. - @param ocb [out] The destination of the OCB state - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the cipher) - @return CRYPT_OK if successful -*/ -int ocb_init(ocb_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, const unsigned char *nonce) -{ - int poly, x, y, m, err; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - - /* valid cipher? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* determine which polys to use */ - ocb->block_len = cipher_descriptor[cipher].block_length; - x = (int)(sizeof(polys)/sizeof(polys[0])); - for (poly = 0; poly < x; poly++) { - if (polys[poly].len == ocb->block_len) { - break; - } - } - if (poly == x) { - return CRYPT_INVALID_ARG; /* block_len not found in polys */ - } - if (polys[poly].len != ocb->block_len) { - return CRYPT_INVALID_ARG; - } - - /* schedule the key */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find L = E[0] */ - zeromem(ocb->L, ocb->block_len); - if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find R = E[N xor L] */ - for (x = 0; x < ocb->block_len; x++) { - ocb->R[x] = ocb->L[x] ^ nonce[x]; - } - if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find Ls[i] = L << i for i == 0..31 */ - XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len); - for (x = 1; x < 32; x++) { - m = ocb->Ls[x-1][0] >> 7; - for (y = 0; y < ocb->block_len-1; y++) { - ocb->Ls[x][y] = ((ocb->Ls[x-1][y] << 1) | (ocb->Ls[x-1][y+1] >> 7)) & 255; - } - ocb->Ls[x][ocb->block_len-1] = (ocb->Ls[x-1][ocb->block_len-1] << 1) & 255; - - if (m == 1) { - for (y = 0; y < ocb->block_len; y++) { - ocb->Ls[x][y] ^= polys[poly].poly_mul[y]; - } - } - } - - /* find Lr = L / x */ - m = ocb->L[ocb->block_len-1] & 1; - - /* shift right */ - for (x = ocb->block_len - 1; x > 0; x--) { - ocb->Lr[x] = ((ocb->L[x] >> 1) | (ocb->L[x-1] << 7)) & 255; - } - ocb->Lr[0] = ocb->L[0] >> 1; - - if (m == 1) { - for (x = 0; x < ocb->block_len; x++) { - ocb->Lr[x] ^= polys[poly].poly_div[x]; - } - } - - /* set Li, checksum */ - zeromem(ocb->Li, ocb->block_len); - zeromem(ocb->checksum, ocb->block_len); - - /* set other params */ - ocb->block_index = 1; - ocb->cipher = cipher; - - return CRYPT_OK; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/ocb_ntz.c b/libtomcrypt/src/encauth/ocb/ocb_ntz.c deleted file mode 100644 index cfdc667..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_ntz.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_ntz.c - OCB implementation, internal function, by Tom St Denis -*/ - -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Returns the number of leading zero bits [from lsb up] - @param x The 32-bit value to observe - @return The number of bits [from the lsb up] that are zero -*/ -int ocb_ntz(unsigned long x) -{ - int c; - x &= 0xFFFFFFFFUL; - c = 0; - while ((x & 1) == 0) { - ++c; - x >>= 1; - } - return c; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/ocb_shift_xor.c b/libtomcrypt/src/encauth/ocb/ocb_shift_xor.c deleted file mode 100644 index 8a8ad2d..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_shift_xor.c +++ /dev/null @@ -1,37 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_shift_xor.c - OCB implementation, internal function, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Compute the shift/xor for OCB (internal function) - @param ocb The OCB state - @param Z The destination of the shift -*/ -void ocb_shift_xor(ocb_state *ocb, unsigned char *Z) -{ - int x, y; - y = ocb_ntz(ocb->block_index++); - for (x = 0; x < ocb->block_len; x++) { - ocb->Li[x] ^= ocb->Ls[y][x]; - Z[x] = ocb->Li[x] ^ ocb->R[x]; - } -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/ocb_test.c b/libtomcrypt/src/encauth/ocb/ocb_test.c deleted file mode 100644 index 74431f7..0000000 --- a/libtomcrypt/src/encauth/ocb/ocb_test.c +++ /dev/null @@ -1,215 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_test.c - OCB implementation, self-test by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Test the OCB protocol - @return CRYPT_OK if successful -*/ -int ocb_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - static const struct { - int ptlen; - unsigned char key[16], nonce[16], pt[34], ct[34], tag[16]; - } tests[] = { - - /* OCB-AES-128-0B */ -{ - 0, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0 }, - /* ct */ - { 0 }, - /* tag */ - { 0x15, 0xd3, 0x7d, 0xd7, 0xc8, 0x90, 0xd5, 0xd6, - 0xac, 0xab, 0x92, 0x7b, 0xc0, 0xdc, 0x60, 0xee }, -}, - - - /* OCB-AES-128-3B */ -{ - 3, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02 }, - /* ct */ - { 0xfc, 0xd3, 0x7d }, - /* tag */ - { 0x02, 0x25, 0x47, 0x39, 0xa5, 0xe3, 0x56, 0x5a, - 0xe2, 0xdc, 0xd6, 0x2c, 0x65, 0x97, 0x46, 0xba }, -}, - - /* OCB-AES-128-16B */ -{ - 16, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* ct */ - { 0x37, 0xdf, 0x8c, 0xe1, 0x5b, 0x48, 0x9b, 0xf3, - 0x1d, 0x0f, 0xc4, 0x4d, 0xa1, 0xfa, 0xf6, 0xd6 }, - /* tag */ - { 0xdf, 0xb7, 0x63, 0xeb, 0xdb, 0x5f, 0x0e, 0x71, - 0x9c, 0x7b, 0x41, 0x61, 0x80, 0x80, 0x04, 0xdf }, -}, - - /* OCB-AES-128-20B */ -{ - 20, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13 }, - /* ct */ - { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, - 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, - 0x70, 0x03, 0xeb, 0x55}, - /* tag */ - { 0x75, 0x30, 0x84, 0x14, 0x4e, 0xb6, 0x3b, 0x77, - 0x0b, 0x06, 0x3c, 0x2e, 0x23, 0xcd, 0xa0, 0xbb }, -}, - - /* OCB-AES-128-32B */ -{ - 32, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, - /* ct */ - { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, - 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, - 0x4a, 0xfc, 0xbb, 0x7f, 0xed, 0xc0, 0x8c, 0xa8, - 0x65, 0x4c, 0x6d, 0x30, 0x4d, 0x16, 0x12, 0xfa }, - - /* tag */ - { 0xc1, 0x4c, 0xbf, 0x2c, 0x1a, 0x1f, 0x1c, 0x3c, - 0x13, 0x7e, 0xad, 0xea, 0x1f, 0x2f, 0x2f, 0xcf }, -}, - - /* OCB-AES-128-34B */ -{ - 34, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21 }, - /* ct */ - { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, - 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, - 0xd4, 0x90, 0x3d, 0xd0, 0x02, 0x5b, 0xa4, 0xaa, - 0x83, 0x7c, 0x74, 0xf1, 0x21, 0xb0, 0x26, 0x0f, - 0xa9, 0x5d }, - - /* tag */ - { 0xcf, 0x83, 0x41, 0xbb, 0x10, 0x82, 0x0c, 0xcf, - 0x14, 0xbd, 0xec, 0x56, 0xb8, 0xd7, 0xd6, 0xab }, -}, - -}; - - int err, x, idx, res; - unsigned long len; - unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE]; - - /* AES can be under rijndael or aes... try to find it */ - if ((idx = find_cipher("aes")) == -1) { - if ((idx = find_cipher("rijndael")) == -1) { - return CRYPT_NOP; - } - } - - for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { - len = sizeof(outtag); - if ((err = ocb_encrypt_authenticate_memory(idx, tests[x].key, 16, - tests[x].nonce, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) { - return err; - } - - if (compare_testvector(outtag, len, tests[x].tag, sizeof(tests[x].tag), "OCB Tag", x) || - compare_testvector(outct, tests[x].ptlen, tests[x].ct, tests[x].ptlen, "OCB CT", x)) { - return CRYPT_FAIL_TESTVECTOR; - } - - if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen, - outct, tests[x].tag, len, &res)) != CRYPT_OK) { - return err; - } - if ((res != 1) || compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB", x)) { -#ifdef LTC_TEST_DBG - printf("\n\nOCB: Failure-decrypt - res = %d\n", res); -#endif - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -#endif /* LTC_TEST */ -} - -#endif /* LTC_OCB_MODE */ - - -/* some comments - - -- it's hard to seek - -- hard to stream [you can't emit ciphertext until full block] - -- The setup is somewhat complicated... -*/ - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb/s_ocb_done.c b/libtomcrypt/src/encauth/ocb/s_ocb_done.c deleted file mode 100644 index e0501ed..0000000 --- a/libtomcrypt/src/encauth/ocb/s_ocb_done.c +++ /dev/null @@ -1,146 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file s_ocb_done.c - OCB implementation, internal helper, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/* Since the last block is encrypted in CTR mode the same code can - * be used to finish a decrypt or encrypt stream. The only difference - * is we XOR the final ciphertext into the checksum so we have to xor it - * before we CTR [decrypt] or after [encrypt] - * - * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... - */ - -/** - Shared code to finish an OCB stream - @param ocb The OCB state - @param pt The remaining plaintext [or input] - @param ptlen The length of the input (octets) - @param ct [out] The output buffer - @param tag [out] The destination for the authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @param mode The mode we are terminating, 0==encrypt, 1==decrypt - @return CRYPT_OK if successful -*/ -int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode) - -{ - unsigned char *Z, *Y, *X; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length || - (int)ptlen > ocb->block_len || (int)ptlen < 0) { - return CRYPT_INVALID_ARG; - } - - /* allocate ram */ - Z = XMALLOC(MAXBLOCKSIZE); - Y = XMALLOC(MAXBLOCKSIZE); - X = XMALLOC(MAXBLOCKSIZE); - if (X == NULL || Y == NULL || Z == NULL) { - if (X != NULL) { - XFREE(X); - } - if (Y != NULL) { - XFREE(Y); - } - if (Z != NULL) { - XFREE(Z); - } - return CRYPT_MEM; - } - - /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */ - ocb_shift_xor(ocb, X); - XMEMCPY(Z, X, ocb->block_len); - - X[ocb->block_len-1] ^= (ptlen*8)&255; - X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255; - for (x = 0; x < ocb->block_len; x++) { - X[x] ^= ocb->Lr[x]; - } - - /* Y[m] = E(X[m])) */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) { - goto error; - } - - if (mode == 1) { - /* decrypt mode, so let's xor it first */ - /* xor C[m] into checksum */ - for (x = 0; x < (int)ptlen; x++) { - ocb->checksum[x] ^= ct[x]; - } - } - - /* C[m] = P[m] xor Y[m] */ - for (x = 0; x < (int)ptlen; x++) { - ct[x] = pt[x] ^ Y[x]; - } - - if (mode == 0) { - /* encrypt mode */ - /* xor C[m] into checksum */ - for (x = 0; x < (int)ptlen; x++) { - ocb->checksum[x] ^= ct[x]; - } - } - - /* xor Y[m] and Z[m] into checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= Y[x] ^ Z[x]; - } - - /* encrypt checksum, er... tag!! */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) { - goto error; - } - cipher_descriptor[ocb->cipher].done(&ocb->key); - - /* now store it */ - for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) { - tag[x] = X[x]; - } - *taglen = x; - -#ifdef LTC_CLEAN_STACK - zeromem(X, MAXBLOCKSIZE); - zeromem(Y, MAXBLOCKSIZE); - zeromem(Z, MAXBLOCKSIZE); - zeromem(ocb, sizeof(*ocb)); -#endif -error: - XFREE(X); - XFREE(Y); - XFREE(Z); - - return err; -} - -#endif - - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_add_aad.c b/libtomcrypt/src/encauth/ocb3/ocb3_add_aad.c deleted file mode 100644 index 70e3211..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_add_aad.c +++ /dev/null @@ -1,106 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_add_aad.c - OCB implementation, add AAD data, by Karel Miko -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Add one block of AAD data (internal function) - @param ocb The OCB state - @param aad_block [in] AAD data (block_len size) - @return CRYPT_OK if successful -*/ -static int _ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block) -{ - unsigned char tmp[MAXBLOCKSIZE]; - int err; - - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_[ocb3_int_ntz(ocb->ablock_index)], ocb->block_len); - - /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ - ocb3_int_xor_blocks(tmp, aad_block, ocb->aOffset_current, ocb->block_len); - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) { - return err; - } - ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len); - - ocb->ablock_index++; - - return CRYPT_OK; -} - -/** - Add AAD - additional associated data - @param ocb The OCB state - @param aad The AAD data - @param aadlen The size of AAD data (octets) - @return CRYPT_OK if successful -*/ -int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen) -{ - int err, x, full_blocks, full_blocks_len, last_block_len; - unsigned char *data; - unsigned long datalen, l; - - LTC_ARGCHK(ocb != NULL); - if (aadlen == 0) return CRYPT_OK; - LTC_ARGCHK(aad != NULL); - - if (ocb->adata_buffer_bytes > 0) { - l = ocb->block_len - ocb->adata_buffer_bytes; - if (l > aadlen) l = aadlen; - XMEMCPY(ocb->adata_buffer+ocb->adata_buffer_bytes, aad, l); - ocb->adata_buffer_bytes += l; - - if (ocb->adata_buffer_bytes == ocb->block_len) { - if ((err = _ocb3_int_aad_add_block(ocb, ocb->adata_buffer)) != CRYPT_OK) { - return err; - } - ocb->adata_buffer_bytes = 0; - } - - data = (unsigned char *)aad + l; - datalen = aadlen - l; - } - else { - data = (unsigned char *)aad; - datalen = aadlen; - } - - if (datalen == 0) return CRYPT_OK; - - full_blocks = datalen/ocb->block_len; - full_blocks_len = full_blocks * ocb->block_len; - last_block_len = datalen - full_blocks_len; - - for (x=0; xblock_len)) != CRYPT_OK) { - return err; - } - } - - if (last_block_len>0) { - XMEMCPY(ocb->adata_buffer, data+full_blocks_len, last_block_len); - ocb->adata_buffer_bytes = last_block_len; - } - - return CRYPT_OK; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_decrypt.c b/libtomcrypt/src/encauth/ocb3/ocb3_decrypt.c deleted file mode 100644 index 4973bd2..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_decrypt.c +++ /dev/null @@ -1,86 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_decrypt.c - OCB implementation, decrypt data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Decrypt blocks of ciphertext with OCB - @param ocb The OCB state - @param ct The ciphertext (length multiple of the block size of the block cipher) - @param ctlen The length of the input (octets) - @param pt [out] The plaintext (length of ct) - @return CRYPT_OK if successful -*/ -int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt) -{ - unsigned char tmp[MAXBLOCKSIZE]; - int err, i, full_blocks; - unsigned char *pt_b, *ct_b; - - LTC_ARGCHK(ocb != NULL); - if (ctlen == 0) return CRYPT_OK; /* no data, nothing to do */ - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(pt != NULL); - - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - if (ctlen % ocb->block_len) { /* ctlen has to bu multiple of block_len */ - return CRYPT_INVALID_ARG; - } - - full_blocks = ctlen/ocb->block_len; - for(i=0; iblock_len; - ct_b = (unsigned char *)ct+i*ocb->block_len; - - /* ocb->Offset_current[] = ocb->Offset_current[] ^ Offset_{ntz(block_index)} */ - ocb3_int_xor_blocks(ocb->Offset_current, ocb->Offset_current, ocb->L_[ocb3_int_ntz(ocb->block_index)], ocb->block_len); - - /* tmp[] = ct[] XOR ocb->Offset_current[] */ - ocb3_int_xor_blocks(tmp, ct_b, ocb->Offset_current, ocb->block_len); - - /* decrypt */ - if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* pt[] = tmp[] XOR ocb->Offset_current[] */ - ocb3_int_xor_blocks(pt_b, tmp, ocb->Offset_current, ocb->block_len); - - /* ocb->checksum[] = ocb->checksum[] XOR pt[] */ - ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt_b, ocb->block_len); - - ocb->block_index++; - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tmp, sizeof(tmp)); -#endif - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_decrypt_last.c b/libtomcrypt/src/encauth/ocb3/ocb3_decrypt_last.c deleted file mode 100644 index 70608dc..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_decrypt_last.c +++ /dev/null @@ -1,110 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_decrypt_last.c - OCB implementation, internal helper, by Karel Miko -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Finish an OCB (decryption) stream - @param ocb The OCB state - @param ct The remaining ciphertext - @param ctlen The length of the ciphertext (octets) - @param pt [out] The output buffer - @return CRYPT_OK if successful -*/ -int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt) -{ - unsigned char iOffset_star[MAXBLOCKSIZE]; - unsigned char iPad[MAXBLOCKSIZE]; - int err, x, full_blocks, full_blocks_len, last_block_len; - - LTC_ARGCHK(ocb != NULL); - if (ct == NULL) LTC_ARGCHK(ctlen == 0); - if (ctlen != 0) { - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(pt != NULL); - } - - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - goto LBL_ERR; - } - - full_blocks = ctlen/ocb->block_len; - full_blocks_len = full_blocks * ocb->block_len; - last_block_len = ctlen - full_blocks_len; - - /* process full blocks first */ - if (full_blocks>0) { - if ((err = ocb3_decrypt(ocb, ct, full_blocks_len, pt)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - if (last_block_len>0) { - /* Offset_* = Offset_m xor L_* */ - ocb3_int_xor_blocks(iOffset_star, ocb->Offset_current, ocb->L_star, ocb->block_len); - - /* Pad = ENCIPHER(K, Offset_*) */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(iOffset_star, iPad, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* P_* = C_* xor Pad[1..bitlen(C_*)] */ - ocb3_int_xor_blocks(pt+full_blocks_len, (unsigned char *)ct+full_blocks_len, iPad, last_block_len); - - /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt+full_blocks_len, last_block_len); - for(x=last_block_len; xblock_len; x++) { - if (x == last_block_len) - ocb->checksum[x] ^= 0x80; - else - ocb->checksum[x] ^= 0x00; - } - - /* Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */ - /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) */ - for(x=0; xblock_len; x++) { - ocb->tag_part[x] = (ocb->checksum[x] ^ iOffset_star[x]) ^ ocb->L_dollar[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - } - else { - /* Tag = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) xor HASH(K,A) */ - /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) */ - for(x=0; xblock_len; x++) { - ocb->tag_part[x] = (ocb->checksum[x] ^ ocb->Offset_current[x]) ^ ocb->L_dollar[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(iOffset_star, MAXBLOCKSIZE); - zeromem(iPad, MAXBLOCKSIZE); -#endif - - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_decrypt_verify_memory.c b/libtomcrypt/src/encauth/ocb3/ocb3_decrypt_verify_memory.c deleted file mode 100644 index 066b62c..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_decrypt_verify_memory.c +++ /dev/null @@ -1,110 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_decrypt_verify_memory.c - OCB implementation, helper to decrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Decrypt and compare the tag with OCB - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the block cipher) - @param noncelen The length of the nonce (octets) - @param adata The AAD - additional associated data - @param adatalen The length of AAD (octets) - @param ct The ciphertext - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The tag to compare against - @param taglen The length of the tag (octets) - @param stat [out] The result of the tag comparison (1==valid, 0==invalid) - @return CRYPT_OK if successful regardless of the tag comparison -*/ -int ocb3_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *adata, unsigned long adatalen, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat) -{ - int err; - ocb3_state *ocb; - unsigned char *buf; - unsigned long buflen; - - LTC_ARGCHK(stat != NULL); - - /* default to zero */ - *stat = 0; - - /* limit taglen */ - taglen = MIN(taglen, MAXBLOCKSIZE); - - /* allocate memory */ - buf = XMALLOC(taglen); - ocb = XMALLOC(sizeof(ocb3_state)); - if (ocb == NULL || buf == NULL) { - if (ocb != NULL) { - XFREE(ocb); - } - if (buf != NULL) { - XFREE(buf); - } - return CRYPT_MEM; - } - - if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, taglen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (adata != NULL || adatalen != 0) { - if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) { - goto LBL_ERR; - } - - buflen = taglen; - if ((err = ocb3_done(ocb, buf, &buflen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* compare tags */ - if (buflen >= taglen && XMEM_NEQ(buf, tag, taglen) == 0) { - *stat = 1; - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb3_state)); -#endif - - XFREE(ocb); - XFREE(buf); - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_done.c b/libtomcrypt/src/encauth/ocb3/ocb3_done.c deleted file mode 100644 index b913d3a..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_done.c +++ /dev/null @@ -1,92 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_done.c - OCB implementation, INTERNAL ONLY helper, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Finish OCB processing and compute the tag - @param ocb The OCB state - @param tag [out] The destination for the authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen) -{ - unsigned char tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* check taglen */ - if ((int)*taglen < ocb->tag_len) { - *taglen = (unsigned long)ocb->tag_len; - return CRYPT_BUFFER_OVERFLOW; - } - - /* finalize AAD processing */ - - if (ocb->adata_buffer_bytes>0) { - /* Offset_* = Offset_m xor L_* */ - ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_star, ocb->block_len); - - /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ - ocb3_int_xor_blocks(tmp, ocb->adata_buffer, ocb->aOffset_current, ocb->adata_buffer_bytes); - for(x=ocb->adata_buffer_bytes; xblock_len; x++) { - if (x == ocb->adata_buffer_bytes) { - tmp[x] = 0x80 ^ ocb->aOffset_current[x]; - } - else { - tmp[x] = 0x00 ^ ocb->aOffset_current[x]; - } - } - - /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len); - } - - /* finalize TAG computing */ - - /* at this point ocb->aSum_current = HASH(K, A) */ - /* tag = tag ^ HASH(K, A) */ - ocb3_int_xor_blocks(tmp, ocb->tag_part, ocb->aSum_current, ocb->block_len); - - /* copy tag bytes */ - for(x = 0; x < ocb->tag_len; x++) tag[x] = tmp[x]; - *taglen = (unsigned long)ocb->tag_len; - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tmp, MAXBLOCKSIZE); - zeromem(ocb, sizeof(*ocb)); -#endif - - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_encrypt.c b/libtomcrypt/src/encauth/ocb3/ocb3_encrypt.c deleted file mode 100644 index 337b025..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_encrypt.c +++ /dev/null @@ -1,86 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_encrypt.c - OCB implementation, encrypt data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Encrypt blocks of data with OCB - @param ocb The OCB state - @param pt The plaintext (length multiple of the block size of the block cipher) - @param ptlen The length of the input (octets) - @param ct [out] The ciphertext (same size as the pt) - @return CRYPT_OK if successful -*/ -int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct) -{ - unsigned char tmp[MAXBLOCKSIZE]; - int err, i, full_blocks; - unsigned char *pt_b, *ct_b; - - LTC_ARGCHK(ocb != NULL); - if (ptlen == 0) return CRYPT_OK; /* no data, nothing to do */ - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - if (ptlen % ocb->block_len) { /* ptlen has to bu multiple of block_len */ - return CRYPT_INVALID_ARG; - } - - full_blocks = ptlen/ocb->block_len; - for(i=0; iblock_len; - ct_b = (unsigned char *)ct+i*ocb->block_len; - - /* ocb->Offset_current[] = ocb->Offset_current[] ^ Offset_{ntz(block_index)} */ - ocb3_int_xor_blocks(ocb->Offset_current, ocb->Offset_current, ocb->L_[ocb3_int_ntz(ocb->block_index)], ocb->block_len); - - /* tmp[] = pt[] XOR ocb->Offset_current[] */ - ocb3_int_xor_blocks(tmp, pt_b, ocb->Offset_current, ocb->block_len); - - /* encrypt */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* ct[] = tmp[] XOR ocb->Offset_current[] */ - ocb3_int_xor_blocks(ct_b, tmp, ocb->Offset_current, ocb->block_len); - - /* ocb->checksum[] = ocb->checksum[] XOR pt[] */ - ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt_b, ocb->block_len); - - ocb->block_index++; - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tmp, sizeof(tmp)); -#endif - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c b/libtomcrypt/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c deleted file mode 100644 index efc1a8f..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c +++ /dev/null @@ -1,82 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_encrypt_authenticate_memory.c - OCB implementation, encrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Encrypt and generate an authentication code for a buffer of memory - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block ciphers block size) - @param noncelen The length of the nonce (octets) - @param adata The AAD - additional associated data - @param adatalen The length of AAD (octets) - @param pt The plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext - @param tag [out] The authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int ocb3_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *adata, unsigned long adatalen, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen) -{ - int err; - ocb3_state *ocb; - - LTC_ARGCHK(taglen != NULL); - - /* allocate memory */ - ocb = XMALLOC(sizeof(ocb3_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, *taglen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (adata != NULL || adatalen != 0) { - if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - if ((err = ocb3_encrypt_last(ocb, pt, ptlen, ct)) != CRYPT_OK) { - goto LBL_ERR; - } - - err = ocb3_done(ocb, tag, taglen); - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb3_state)); -#endif - - XFREE(ocb); - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_encrypt_last.c b/libtomcrypt/src/encauth/ocb3/ocb3_encrypt_last.c deleted file mode 100644 index 8110a3c..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_encrypt_last.c +++ /dev/null @@ -1,112 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_encrypt_last.c - OCB implementation, internal helper, by Karel Miko -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Finish an OCB (encryption) stream - @param ocb The OCB state - @param pt The remaining plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The output buffer - @return CRYPT_OK if successful -*/ -int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct) -{ - unsigned char iOffset_star[MAXBLOCKSIZE]; - unsigned char iPad[MAXBLOCKSIZE]; - int err, x, full_blocks, full_blocks_len, last_block_len; - - LTC_ARGCHK(ocb != NULL); - if (pt == NULL) LTC_ARGCHK(ptlen == 0); - if (ptlen != 0) { - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - } - - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - goto LBL_ERR; - } - - full_blocks = ptlen/ocb->block_len; - full_blocks_len = full_blocks * ocb->block_len; - last_block_len = ptlen - full_blocks_len; - - /* process full blocks first */ - if (full_blocks>0) { - if ((err = ocb3_encrypt(ocb, pt, full_blocks_len, ct)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* at this point: m = ocb->block_index (last block index), Offset_m = ocb->Offset_current */ - - if (last_block_len>0) { - /* Offset_* = Offset_m xor L_* */ - ocb3_int_xor_blocks(iOffset_star, ocb->Offset_current, ocb->L_star, ocb->block_len); - - /* Pad = ENCIPHER(K, Offset_*) */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(iOffset_star, iPad, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* C_* = P_* xor Pad[1..bitlen(P_*)] */ - ocb3_int_xor_blocks(ct+full_blocks_len, pt+full_blocks_len, iPad, last_block_len); - - /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt+full_blocks_len, last_block_len); - for(x=last_block_len; xblock_len; x++) { - if (x == last_block_len) - ocb->checksum[x] ^= 0x80; - else - ocb->checksum[x] ^= 0x00; - } - - /* Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */ - /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) */ - for(x=0; xblock_len; x++) { - ocb->tag_part[x] = (ocb->checksum[x] ^ iOffset_star[x]) ^ ocb->L_dollar[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - } - else { - /* Tag = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) xor HASH(K,A) */ - /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) */ - for(x=0; xblock_len; x++) { - ocb->tag_part[x] = (ocb->checksum[x] ^ ocb->Offset_current[x]) ^ ocb->L_dollar[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(iOffset_star, MAXBLOCKSIZE); - zeromem(iPad, MAXBLOCKSIZE); -#endif - - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_init.c b/libtomcrypt/src/encauth/ocb3/ocb3_init.c deleted file mode 100644 index a3cabae..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_init.c +++ /dev/null @@ -1,196 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_init.c - OCB implementation, initialize state, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -static void _ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen, unsigned long taglen) -{ - int x, y, bottom; - int idx, shift; - unsigned char iNonce[MAXBLOCKSIZE]; - unsigned char iKtop[MAXBLOCKSIZE]; - unsigned char iStretch[MAXBLOCKSIZE+8]; - - /* Nonce = zeros(127-bitlen(N)) || 1 || N */ - zeromem(iNonce, sizeof(iNonce)); - for (x = ocb->block_len-1, y=0; y<(int)noncelen; x--, y++) { - iNonce[x] = nonce[noncelen-y-1]; - } - iNonce[x] = 0x01; - iNonce[0] |= ((taglen*8) % 128) << 1; - - /* bottom = str2num(Nonce[123..128]) */ - bottom = iNonce[ocb->block_len-1] & 0x3F; - - /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */ - iNonce[ocb->block_len-1] = iNonce[ocb->block_len-1] & 0xC0; - if ((cipher_descriptor[ocb->cipher].ecb_encrypt(iNonce, iKtop, &ocb->key)) != CRYPT_OK) { - zeromem(ocb->Offset_current, ocb->block_len); - return; - } - - /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */ - for (x = 0; x < ocb->block_len; x++) { - iStretch[x] = iKtop[x]; - } - for (y = 0; y < 8; y++) { - iStretch[x+y] = iKtop[y] ^ iKtop[y+1]; - } - - /* Offset_0 = Stretch[1+bottom..128+bottom] */ - idx = bottom / 8; - shift = (bottom % 8); - for (x = 0; x < ocb->block_len; x++) { - ocb->Offset_current[x] = iStretch[idx+x] << shift; - if (shift > 0) { - ocb->Offset_current[x] |= iStretch[idx+x+1] >> (8-shift); - } - } -} - -static const struct { - int len; - unsigned char poly_mul[MAXBLOCKSIZE]; -} polys[] = { -{ - 8, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B } -}, { - 16, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 } -} -}; - -/** - Initialize an OCB context - @param ocb [out] The destination of the OCB state - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce - @param noncelen The length of the session nonce (octets, up to 15) - @param taglen The length of the tag (octets, up to 16) - @return CRYPT_OK if successful -*/ -int ocb3_init(ocb3_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - unsigned long taglen) -{ - int poly, x, y, m, err; - unsigned char *previous, *current; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - - /* valid cipher? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - ocb->cipher = cipher; - - /* Valid Nonce? - * As of RFC7253: "string of no more than 120 bits" */ - if (noncelen > (120/8)) { - return CRYPT_INVALID_ARG; - } - - /* The blockcipher must have a 128-bit blocksize */ - if (cipher_descriptor[cipher].block_length != 16) { - return CRYPT_INVALID_ARG; - } - - /* The TAGLEN may be any value up to 128 (bits) */ - if (taglen > 16) { - return CRYPT_INVALID_ARG; - } - ocb->tag_len = taglen; - - /* determine which polys to use */ - ocb->block_len = cipher_descriptor[cipher].block_length; - x = (int)(sizeof(polys)/sizeof(polys[0])); - for (poly = 0; poly < x; poly++) { - if (polys[poly].len == ocb->block_len) { - break; - } - } - if (poly == x) { - return CRYPT_INVALID_ARG; /* block_len not found in polys */ - } - if (polys[poly].len != ocb->block_len) { - return CRYPT_INVALID_ARG; - } - - /* schedule the key */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* L_* = ENCIPHER(K, zeros(128)) */ - zeromem(ocb->L_star, ocb->block_len); - if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->L_star, ocb->L_star, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* compute L_$, L_0, L_1, ... */ - for (x = -1; x < 32; x++) { - if (x == -1) { /* gonna compute: L_$ = double(L_*) */ - current = ocb->L_dollar; - previous = ocb->L_star; - } - else if (x == 0) { /* gonna compute: L_0 = double(L_$) */ - current = ocb->L_[0]; - previous = ocb->L_dollar; - } - else { /* gonna compute: L_i = double(L_{i-1}) for every integer i > 0 */ - current = ocb->L_[x]; - previous = ocb->L_[x-1]; - } - m = previous[0] >> 7; - for (y = 0; y < ocb->block_len-1; y++) { - current[y] = ((previous[y] << 1) | (previous[y+1] >> 7)) & 255; - } - current[ocb->block_len-1] = (previous[ocb->block_len-1] << 1) & 255; - if (m == 1) { - /* current[] = current[] XOR polys[poly].poly_mul[]*/ - ocb3_int_xor_blocks(current, current, polys[poly].poly_mul, ocb->block_len); - } - } - - /* initialize ocb->Offset_current = Offset_0 */ - _ocb3_int_calc_offset_zero(ocb, nonce, noncelen, taglen); - - /* initialize checksum to all zeros */ - zeromem(ocb->checksum, ocb->block_len); - - /* set block index */ - ocb->block_index = 1; - - /* initialize AAD related stuff */ - ocb->ablock_index = 1; - ocb->adata_buffer_bytes = 0; - zeromem(ocb->aOffset_current, ocb->block_len); - zeromem(ocb->aSum_current, ocb->block_len); - - return CRYPT_OK; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_int_ntz.c b/libtomcrypt/src/encauth/ocb3/ocb3_int_ntz.c deleted file mode 100644 index 3c5b18d..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_int_ntz.c +++ /dev/null @@ -1,39 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_int_ntz.c - OCB implementation, INTERNAL ONLY helper, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Returns the number of leading zero bits [from lsb up] (internal function) - @param x The 32-bit value to observe - @return The number of bits [from the lsb up] that are zero -*/ -int ocb3_int_ntz(unsigned long x) -{ - int c; - x &= 0xFFFFFFFFUL; - c = 0; - while ((x & 1) == 0) { - ++c; - x >>= 1; - } - return c; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_int_xor_blocks.c b/libtomcrypt/src/encauth/ocb3/ocb3_int_xor_blocks.c deleted file mode 100644 index 798bddc..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_int_xor_blocks.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_int_xor_blocks.c - OCB implementation, INTERNAL ONLY helper, by Karel Miko -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Compute xor for two blocks of bytes 'out = block_a XOR block_b' (internal function) - @param out The block of bytes (output) - @param block_a The block of bytes (input) - @param block_b The block of bytes (input) - @param block_len The size of block_a, block_b, out -*/ -void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len) -{ - int x; - if (out == block_a) { - for (x = 0; x < (int)block_len; x++) out[x] ^= block_b[x]; - } - else { - for (x = 0; x < (int)block_len; x++) out[x] = block_a[x] ^ block_b[x]; - } -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/encauth/ocb3/ocb3_test.c b/libtomcrypt/src/encauth/ocb3/ocb3_test.c deleted file mode 100644 index a3e5062..0000000 --- a/libtomcrypt/src/encauth/ocb3/ocb3_test.c +++ /dev/null @@ -1,309 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_test.c - OCB implementation, self-test by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Test the OCB protocol - @return CRYPT_OK if successful -*/ -int ocb3_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - /* test vectors from: http://tools.ietf.org/html/draft-krovetz-ocb-03 */ - unsigned char key[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; - unsigned char nonce[12] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B }; - const struct { - int ptlen; - int aadlen; - unsigned char pt[64], aad[64], ct[64], tag[16]; - } tests[] = { - - { /* index:0 */ - 0, /* PLAINTEXT length */ - 0, /* AAD length */ - { 0 }, /* PLAINTEXT */ - { 0 }, /* AAD */ - { 0 }, /* CIPHERTEXT */ - { 0x19,0x7b,0x9c,0x3c,0x44,0x1d,0x3c,0x83,0xea,0xfb,0x2b,0xef,0x63,0x3b,0x91,0x82 }, /* TAG */ - }, - { /* index:1 */ - 8, /* PLAINTEXT length */ - 8, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* AAD */ - { 0x92,0xb6,0x57,0x13,0x0a,0x74,0xb8,0x5a }, /* CIPHERTEXT */ - { 0x16,0xdc,0x76,0xa4,0x6d,0x47,0xe1,0xea,0xd5,0x37,0x20,0x9e,0x8a,0x96,0xd1,0x4e }, /* TAG */ - }, - { /* index:2 */ - 0, /* PLAINTEXT length */ - 8, /* AAD length */ - { 0 }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* AAD */ - { 0 }, /* CIPHERTEXT */ - { 0x98,0xb9,0x15,0x52,0xc8,0xc0,0x09,0x18,0x50,0x44,0xe3,0x0a,0x6e,0xb2,0xfe,0x21 }, /* TAG */ - }, - { /* index:3 */ - 8, /* PLAINTEXT length */ - 0, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }, /* PLAINTEXT */ - { 0 }, /* AAD */ - { 0x92,0xb6,0x57,0x13,0x0a,0x74,0xb8,0x5a }, /* CIPHERTEXT */ - { 0x97,0x1e,0xff,0xca,0xe1,0x9a,0xd4,0x71,0x6f,0x88,0xe8,0x7b,0x87,0x1f,0xbe,0xed }, /* TAG */ - }, - { /* index:4 */ - 16, /* PLAINTEXT length */ - 16, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* AAD */ - { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22 }, /* CIPHERTEXT */ - { 0x77,0x6c,0x99,0x24,0xd6,0x72,0x3a,0x1f,0xc4,0x52,0x45,0x32,0xac,0x3e,0x5b,0xeb }, /* TAG */ - }, - { /* index:5 */ - 0, /* PLAINTEXT length */ - 16, /* AAD length */ - { 0 }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* AAD */ - { 0 }, /* CIPHERTEXT */ - { 0x7d,0xdb,0x8e,0x6c,0xea,0x68,0x14,0x86,0x62,0x12,0x50,0x96,0x19,0xb1,0x9c,0xc6 }, /* TAG */ - }, - { /* index:6 */ - 16, /* PLAINTEXT length */ - 0, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }, /* PLAINTEXT */ - { 0 }, /* AAD */ - { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22 }, /* CIPHERTEXT */ - { 0x13,0xcc,0x8b,0x74,0x78,0x07,0x12,0x1a,0x4c,0xbb,0x3e,0x4b,0xd6,0xb4,0x56,0xaf }, /* TAG */ - }, - { /* index:7 */ - 24, /* PLAINTEXT length */ - 24, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* AAD */ - { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xfc,0xfc,0xee,0x7a,0x2a,0x8d,0x4d,0x48 }, /* CIPHERTEXT */ - { 0x5f,0xa9,0x4f,0xc3,0xf3,0x88,0x20,0xf1,0xdc,0x3f,0x3d,0x1f,0xd4,0xe5,0x5e,0x1c }, /* TAG */ - }, - { /* index:8 */ - 0, /* PLAINTEXT length */ - 24, /* AAD length */ - { 0 }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* AAD */ - { 0 }, /* CIPHERTEXT */ - { 0x28,0x20,0x26,0xda,0x30,0x68,0xbc,0x9f,0xa1,0x18,0x68,0x1d,0x55,0x9f,0x10,0xf6 }, /* TAG */ - }, - { /* index:9 */ - 24, /* PLAINTEXT length */ - 0, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17 }, /* PLAINTEXT */ - { 0 }, /* AAD */ - { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xfc,0xfc,0xee,0x7a,0x2a,0x8d,0x4d,0x48 }, /* CIPHERTEXT */ - { 0x6e,0xf2,0xf5,0x25,0x87,0xfd,0xa0,0xed,0x97,0xdc,0x7e,0xed,0xe2,0x41,0xdf,0x68 }, /* TAG */ - }, - { /* index:10 */ - 32, /* PLAINTEXT length */ - 32, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* AAD */ - { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb }, /* CIPHERTEXT */ - { 0xb2,0xa0,0x40,0xdd,0x3b,0xd5,0x16,0x43,0x72,0xd7,0x6d,0x7b,0xb6,0x82,0x42,0x40 }, /* TAG */ - }, - { /* index:11 */ - 0, /* PLAINTEXT length */ - 32, /* AAD length */ - { 0 }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* AAD */ - { 0 }, /* CIPHERTEXT */ - { 0xe1,0xe0,0x72,0x63,0x3b,0xad,0xe5,0x1a,0x60,0xe8,0x59,0x51,0xd9,0xc4,0x2a,0x1b }, /* TAG */ - }, - { /* index:12 */ - 32, /* PLAINTEXT length */ - 0, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f }, /* PLAINTEXT */ - { 0 }, /* AAD */ - { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb }, /* CIPHERTEXT */ - { 0x4a,0x3b,0xae,0x82,0x44,0x65,0xcf,0xda,0xf8,0xc4,0x1f,0xc5,0x0c,0x7d,0xf9,0xd9 }, /* TAG */ - }, - { /* index:13 */ - 40, /* PLAINTEXT length */ - 40, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* AAD */ - { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb,0x68,0xc6,0x57,0x78,0xb0,0x58,0xa6,0x35 }, /* CIPHERTEXT */ - { 0x65,0x9c,0x62,0x32,0x11,0xde,0xea,0x0d,0xe3,0x0d,0x2c,0x38,0x18,0x79,0xf4,0xc8 }, /* TAG */ - }, - { /* index:14 */ - 0, /* PLAINTEXT length */ - 40, /* AAD length */ - { 0 }, /* PLAINTEXT */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* AAD */ - { 0 }, /* CIPHERTEXT */ - { 0x7a,0xeb,0x7a,0x69,0xa1,0x68,0x7d,0xd0,0x82,0xca,0x27,0xb0,0xd9,0xa3,0x70,0x96 }, /* TAG */ - }, - { /* index:15 */ - 40, /* PLAINTEXT length */ - 0, /* AAD length */ - { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }, /* PLAINTEXT */ - { 0 }, /* AAD */ - { 0xbe,0xa5,0xe8,0x79,0x8d,0xbe,0x71,0x10,0x03,0x1c,0x14,0x4d,0xa0,0xb2,0x61,0x22,0xce,0xaa,0xb9,0xb0,0x5d,0xf7,0x71,0xa6,0x57,0x14,0x9d,0x53,0x77,0x34,0x63,0xcb,0x68,0xc6,0x57,0x78,0xb0,0x58,0xa6,0x35 }, /* CIPHERTEXT */ - { 0x06,0x0c,0x84,0x67,0xf4,0xab,0xab,0x5e,0x8b,0x3c,0x20,0x67,0xa2,0xe1,0x15,0xdc }, /* TAG */ - }, - -}; - /* As of RFC 7253 - 'Appendix A. Sample Results' - * The next tuple shows a result with a tag length of 96 bits and a - different key. - - K: 0F0E0D0C0B0A09080706050403020100 - - N: BBAA9988776655443322110D - A: 000102030405060708090A0B0C0D0E0F1011121314151617 - 18191A1B1C1D1E1F2021222324252627 - P: 000102030405060708090A0B0C0D0E0F1011121314151617 - 18191A1B1C1D1E1F2021222324252627 - C: 1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1 - A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FD - AC4F02AA - - The C has been split up in C and T (tag) - */ - const unsigned char K[] = { 0x0F,0x0E,0x0D,0x0C,0x0B,0x0A,0x09,0x08, - 0x07,0x06,0x05,0x04,0x03,0x02,0x01,0x00 }; - const unsigned char N[] = { 0xBB,0xAA,0x99,0x88,0x77,0x66,0x55,0x44, - 0x33,0x22,0x11,0x0D }; - const unsigned char A[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F, - 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17, - 0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F, - 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }; - const unsigned char P[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F, - 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17, - 0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F, - 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 }; - const unsigned char C[] = { 0x17,0x92,0xA4,0xE3,0x1E,0x07,0x55,0xFB, - 0x03,0xE3,0x1B,0x22,0x11,0x6E,0x6C,0x2D, - 0xDF,0x9E,0xFD,0x6E,0x33,0xD5,0x36,0xF1, - 0xA0,0x12,0x4B,0x0A,0x55,0xBA,0xE8,0x84, - 0xED,0x93,0x48,0x15,0x29,0xC7,0x6B,0x6A }; - const unsigned char T[] = { 0xD0,0xC5,0x15,0xF4,0xD1,0xCD,0xD4,0xFD, - 0xAC,0x4F,0x02,0xAA }; - - int err, x, idx, res; - unsigned long len; - unsigned char outct[MAXBLOCKSIZE] = { 0 }; - unsigned char outtag[MAXBLOCKSIZE] = { 0 }; - ocb3_state ocb; - - /* AES can be under rijndael or aes... try to find it */ - if ((idx = find_cipher("aes")) == -1) { - if ((idx = find_cipher("rijndael")) == -1) { - return CRYPT_NOP; - } - } - - for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { - len = 16; /* must be the same as the required taglen */ - if ((err = ocb3_encrypt_authenticate_memory(idx, - key, sizeof(key), - nonce, sizeof(nonce), - tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen, - tests[x].ptlen != 0 ? tests[x].pt : NULL, tests[x].ptlen, - tests[x].ptlen != 0 ? outct : NULL, outtag, &len)) != CRYPT_OK) { - return err; - } - - if (compare_testvector(outtag, len, tests[x].tag, sizeof(tests[x].tag), "OCB3 Tag", x) || - compare_testvector(outct, tests[x].ptlen, tests[x].ct, tests[x].ptlen, "OCB3 CT", x)) { - return CRYPT_FAIL_TESTVECTOR; - } - - if ((err = ocb3_decrypt_verify_memory(idx, - key, sizeof(key), - nonce, sizeof(nonce), - tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen, - tests[x].ptlen != 0 ? outct : NULL, tests[x].ptlen, - tests[x].ptlen != 0 ? outct : NULL, tests[x].tag, len, &res)) != CRYPT_OK) { - return err; - } - if ((res != 1) || compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB3", x)) { -#ifdef LTC_TEST_DBG - printf("\n\nOCB3: Failure-decrypt - res = %d\n", res); -#endif - return CRYPT_FAIL_TESTVECTOR; - } - } - - /* RFC 7253 - test vector with a tag length of 96 bits - part 1 */ - x = 99; - len = 12; - if ((err = ocb3_encrypt_authenticate_memory(idx, - K, sizeof(K), - N, sizeof(N), - A, sizeof(A), - P, sizeof(P), - outct, outtag, &len)) != CRYPT_OK) { - return err; - } - - if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag", x) || - compare_testvector(outct, sizeof(P), C, sizeof(C), "OCB3 CT", x)) { - return CRYPT_FAIL_TESTVECTOR; - } - - if ((err = ocb3_decrypt_verify_memory(idx, - K, sizeof(K), - N, sizeof(N), - A, sizeof(A), - C, sizeof(C), - outct, T, sizeof(T), &res)) != CRYPT_OK) { - return err; - } - if ((res != 1) || compare_testvector(outct, sizeof(C), P, sizeof(P), "OCB3", x)) { -#ifdef LTC_TEST_DBG - printf("\n\nOCB3: Failure-decrypt - res = %d\n", res); -#endif - return CRYPT_FAIL_TESTVECTOR; - } - - /* RFC 7253 - test vector with a tag length of 96 bits - part 2 */ - x = 100; - if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK) return err; - if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK) return err; - if ((err = ocb3_encrypt(&ocb, P, 32, outct)) != CRYPT_OK) return err; - if ((err = ocb3_encrypt_last(&ocb, P+32, sizeof(P)-32, outct+32)) != CRYPT_OK) return err; - len = sizeof(outtag); /* intentionally more than 12 */ - if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK) return err; - if (compare_testvector(outct, sizeof(P), C, sizeof(C), "OCB3 CT", x)) return CRYPT_FAIL_TESTVECTOR; - if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.enc", x)) return CRYPT_FAIL_TESTVECTOR; - if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK) return err; - if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK) return err; - if ((err = ocb3_decrypt(&ocb, C, 32, outct)) != CRYPT_OK) return err; - if ((err = ocb3_decrypt_last(&ocb, C+32, sizeof(C)-32, outct+32)) != CRYPT_OK) return err; - len = sizeof(outtag); /* intentionally more than 12 */ - if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK) return err; - if (compare_testvector(outct, sizeof(C), P, sizeof(P), "OCB3 PT", x)) return CRYPT_FAIL_TESTVECTOR; - if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.dec", x)) return CRYPT_FAIL_TESTVECTOR; - - return CRYPT_OK; -#endif /* LTC_TEST */ -} - -#endif /* LTC_OCB3_MODE */ - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ -- 2.40.0