From 8c82c8786b142f0df70453e61a11a99f11ace853 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 15 Apr 2026 11:15:00 +0200 Subject: [PATCH 1/4] Update OCB docs regarding patents. Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index e5354f0ae..b13708535 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -1875,7 +1875,7 @@ \subsection{Preface} OCB is an encryption protocol that simultaneously provides authentication. It is slightly faster to use than EAX mode but is less flexible. -Please be aware that all versions of OCB are patented and there are several licensing models provided by P. Rogaway, the patent holder +All versions of OCB were patented, but have been put into the public domain in 2013 and since then are free to use -- see \url{http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm}. \subsection{OCB} From f5438b298d73d00f4aab1d77a6faac1ef1f4167c Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 15 Apr 2026 14:00:43 +0200 Subject: [PATCH 2/4] Deprecate OCB v1. Signed-off-by: Steffen Jaeckel --- doc/crypt.tex | 214 ++++++++++++++++++------------------- src/headers/tomcrypt_mac.h | 11 ++ 2 files changed, 118 insertions(+), 107 deletions(-) diff --git a/doc/crypt.tex b/doc/crypt.tex index b13708535..cef84bdac 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -1871,6 +1871,7 @@ \subsection{Preface} LibTomCrypt provides support for a mode called OCB in version 1 ''OCB''\footnote{See P. Rogaway, M. Bellare, J. Black, T. Krovetz, \textit{OCB: A Block Cipher Mode of Operation for Efficient Authenticated Encryption}.} +-- which has been deprecated in favor of the standardized version 3 -- and version 3 ''OCB3''\footnote{See RFC7253, T. Krovetz, P. Rogaway, \textit{The OCB Authenticated-Encryption Algorithm}.}. OCB is an encryption protocol that simultaneously provides authentication. It is slightly faster to use than EAX mode but is less flexible. @@ -1878,113 +1879,6 @@ \subsection{Preface} All versions of OCB were patented, but have been put into the public domain in 2013 and since then are free to use -- see \url{http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm}. -\subsection{OCB} -\subsubsection{Initialization and processing} - -Let's review how to initialize an OCB context. - -\index{ocb\_init()} -\begin{verbatim} -int ocb_init( ocb_state *ocb, - int cipher, - const unsigned char *key, - unsigned long keylen, - const unsigned char *nonce); -\end{verbatim} - -This will initialize the \textit{ocb} context using cipher descriptor \textit{cipher}. It will use a \textit{key} of length \textit{keylen} -and the random \textit{nonce}. Note that \textit{nonce} must be a random (public) string the same length as the block ciphers -block size (e.g. 16 bytes for AES). - -This mode has no \textit{Associated Data} like EAX mode does which means you cannot authenticate metadata along with the stream. -To encrypt or decrypt data use the following. - -\index{ocb\_encrypt()} \index{ocb\_decrypt()} -\begin{verbatim} -int ocb_encrypt( ocb_state *ocb, - const unsigned char *pt, - unsigned char *ct); - -int ocb_decrypt( ocb_state *ocb, - const unsigned char *ct, - unsigned char *pt); -\end{verbatim} - -This will encrypt (or decrypt for the latter) a fixed length of data from \textit{pt} to \textit{ct} (vice versa for the latter). -They assume that \textit{pt} and \textit{ct} are the same size as the block cipher's block size. Note that you cannot call -both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb} -states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory. - -\subsubsection{State Termination} - -When you are finished encrypting the message you call the following function to compute the tag. - -\index{ocb\_done\_encrypt()} -\begin{verbatim} -int ocb_done_encrypt( ocb_state *ocb, - const unsigned char *pt, - unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, - unsigned long *taglen); -\end{verbatim} - -This will terminate an encrypt stream \textit{ocb}. If you have trailing bytes of plaintext that will not complete a block -you can pass them here. This will also encrypt the \textit{ptlen} bytes in \textit{pt} and store them in \textit{ct}. It will also -store up to \textit{taglen} bytes of the tag into \textit{tag}. - -Note that \textit{ptlen} must be less than or equal to the block size of block cipher chosen. Also note that if you have -an input message equal to the length of the block size then you pass the data here (not to ocb\_encrypt()) only. - -To terminate a decrypt stream and compared the tag you call the following. - -\index{ocb\_done\_decrypt()} -\begin{verbatim} -int ocb_done_decrypt( ocb_state *ocb, - const unsigned char *ct, - unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, - unsigned long taglen, - int *res); -\end{verbatim} -Similarly to the previous function you can pass trailing message bytes into this function. This will compute the -tag of the message (internally) and then compare it against the \textit{taglen} bytes of \textit{tag} provided. By default -\textit{res} is set to zero. If all \textit{taglen} bytes of \textit{tag} can be verified then \textit{res} is set to one (authenticated -message). - -\subsubsection{Packet Functions} -To make life simpler the following two functions are provided for memory bound OCB. - -%\index{ocb\_encrypt\_authenticate\_memory()} -\begin{verbatim} -int ocb_encrypt_authenticate_memory( - int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); -\end{verbatim} - -This will OCB encrypt the message \textit{pt} of length \textit{ptlen}, and store the ciphertext in \textit{ct}. The length \textit{ptlen} -can be any arbitrary length. - -\index{ocb\_decrypt\_verify\_memory()} -\begin{verbatim} -int ocb_decrypt_verify_memory( - int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *res); -\end{verbatim} - -Similarly, this will OCB decrypt, and compare the internally computed tag against the tag provided. \textit{res} is set -appropriately to \textit{1} if the tag matches or to \textit{0} if it doesn't match. - \subsection{OCB3} \subsubsection{Initialization and processing} @@ -10802,6 +10696,112 @@ \subsection{Extended Verification} rsa_key *key); \end{verbatim} +\subsection{OCB} +\subsubsection{Initialization and processing} + +Let's review how to initialize an OCB context. + +\index{ocb\_init()} +\begin{verbatim} +int ocb_init( ocb_state *ocb, + int cipher, + const unsigned char *key, + unsigned long keylen, + const unsigned char *nonce); +\end{verbatim} + +This will initialize the \textit{ocb} context using cipher descriptor \textit{cipher}. It will use a \textit{key} of length \textit{keylen} +and the random \textit{nonce}. Note that \textit{nonce} must be a random (public) string the same length as the block ciphers +block size (e.g. 16 bytes for AES). + +This mode has no \textit{Associated Data} like EAX mode does which means you cannot authenticate metadata along with the stream. +To encrypt or decrypt data use the following. + +\index{ocb\_encrypt()} \index{ocb\_decrypt()} +\begin{verbatim} +int ocb_encrypt( ocb_state *ocb, + const unsigned char *pt, + unsigned char *ct); + +int ocb_decrypt( ocb_state *ocb, + const unsigned char *ct, + unsigned char *pt); +\end{verbatim} + +This will encrypt (or decrypt for the latter) a fixed length of data from \textit{pt} to \textit{ct} (vice versa for the latter). +They assume that \textit{pt} and \textit{ct} are the same size as the block cipher's block size. Note that you cannot call +both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb} +states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory. + +\subsubsection{State Termination} + +When you are finished encrypting the message you call the following function to compute the tag. + +\index{ocb\_done\_encrypt()} +\begin{verbatim} +int ocb_done_encrypt( ocb_state *ocb, + const unsigned char *pt, + unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, + unsigned long *taglen); +\end{verbatim} + +This will terminate an encrypt stream \textit{ocb}. If you have trailing bytes of plaintext that will not complete a block +you can pass them here. This will also encrypt the \textit{ptlen} bytes in \textit{pt} and store them in \textit{ct}. It will also +store up to \textit{taglen} bytes of the tag into \textit{tag}. + +Note that \textit{ptlen} must be less than or equal to the block size of block cipher chosen. Also note that if you have +an input message equal to the length of the block size then you pass the data here (not to ocb\_encrypt()) only. + +To terminate a decrypt stream and compared the tag you call the following. + +\index{ocb\_done\_decrypt()} +\begin{verbatim} +int ocb_done_decrypt( ocb_state *ocb, + const unsigned char *ct, + unsigned long ctlen, + unsigned char *pt, + const unsigned char *tag, + unsigned long taglen, + int *res); +\end{verbatim} +Similarly to the previous function you can pass trailing message bytes into this function. This will compute the +tag of the message (internally) and then compare it against the \textit{taglen} bytes of \textit{tag} provided. By default +\textit{res} is set to zero. If all \textit{taglen} bytes of \textit{tag} can be verified then \textit{res} is set to one (authenticated +message). + +\subsubsection{Packet Functions} +To make life simpler the following two functions are provided for memory bound OCB. + +%\index{ocb\_encrypt\_authenticate\_memory()} +\begin{verbatim} +int ocb_encrypt_authenticate_memory( + int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, + const unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen); +\end{verbatim} + +This will OCB encrypt the message \textit{pt} of length \textit{ptlen}, and store the ciphertext in \textit{ct}. The length \textit{ptlen} +can be any arbitrary length. + +\index{ocb\_decrypt\_verify\_memory()} +\begin{verbatim} +int ocb_decrypt_verify_memory( + int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, + const unsigned char *ct, unsigned long ctlen, + unsigned char *pt, + const unsigned char *tag, unsigned long taglen, + int *res); +\end{verbatim} + +Similarly, this will OCB decrypt, and compare the internally computed tag against the tag provided. \textit{res} is set +appropriately to \textit{1} if the tag matches or to \textit{0} if it doesn't match. \clearpage \addcontentsline{toc}{chapter}{Index} diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h index 33dd04ff7..7716eee4e 100644 --- a/src/headers/tomcrypt_mac.h +++ b/src/headers/tomcrypt_mac.h @@ -299,22 +299,28 @@ typedef struct { int block_len; /* length of block */ } ocb_state; +LTC_DEPRECATED(ocb3_init) int ocb_init(ocb_state *ocb, int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *nonce); +LTC_DEPRECATED(ocb3_encrypt) int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct); +LTC_DEPRECATED(ocb3_decrypt) int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt); +LTC_DEPRECATED(ocb3_done) int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct, unsigned char *tag, unsigned long *taglen); +LTC_DEPRECATED(ocb3_done) int ocb_done_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt, const unsigned char *tag, unsigned long taglen, int *stat); +LTC_DEPRECATED(ocb3_encrypt_authenticate_memory) int ocb_encrypt_authenticate_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *nonce, @@ -322,6 +328,7 @@ int ocb_encrypt_authenticate_memory(int cipher, unsigned char *ct, unsigned char *tag, unsigned long *taglen); +LTC_DEPRECATED(ocb3_decrypt_verify_memory) int ocb_decrypt_verify_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *nonce, @@ -330,11 +337,15 @@ int ocb_decrypt_verify_memory(int cipher, const unsigned char *tag, unsigned long taglen, int *stat); +LTC_DEPRECATED(ocb3_test) int ocb_test(void); /* internal functions */ +LTC_DEPRECATED(nothing. API will be removed.) void ocb_shift_xor(ocb_state *ocb, unsigned char *Z); +LTC_DEPRECATED(nothing. API will be removed.) int ocb_ntz(unsigned long x); +LTC_DEPRECATED(nothing. API will be removed.) int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode); From 800e5ce319c14aeed9575bae8541c7cd2f8129bc Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 15 Apr 2026 11:27:51 +0200 Subject: [PATCH 3/4] Remove OCB v1. Signed-off-by: Steffen Jaeckel --- demos/timing.c | 28 +- demos/tv_gen.c | 72 -- doc/crypt.tex | 125 +--- notes/ocb_tv.txt | 696 ------------------ src/encauth/ocb/ocb_decrypt.c | 59 -- src/encauth/ocb/ocb_decrypt_verify_memory.c | 74 -- src/encauth/ocb/ocb_done_decrypt.c | 68 -- src/encauth/ocb/ocb_done_encrypt.c | 34 - src/encauth/ocb/ocb_encrypt.c | 54 -- .../ocb/ocb_encrypt_authenticate_memory.c | 72 -- src/encauth/ocb/ocb_init.c | 131 ---- src/encauth/ocb/ocb_ntz.c | 36 - src/encauth/ocb/ocb_shift_xor.c | 27 - src/encauth/ocb/ocb_test.c | 224 ------ src/encauth/ocb/s_ocb_done.c | 140 ---- src/headers/tomcrypt_custom.h | 3 +- src/headers/tomcrypt_mac.h | 66 -- src/misc/crypt/crypt_sizes.c | 3 - tests/mac_test.c | 3 - 19 files changed, 9 insertions(+), 1906 deletions(-) delete mode 100644 notes/ocb_tv.txt delete mode 100644 src/encauth/ocb/ocb_decrypt.c delete mode 100644 src/encauth/ocb/ocb_decrypt_verify_memory.c delete mode 100644 src/encauth/ocb/ocb_done_decrypt.c delete mode 100644 src/encauth/ocb/ocb_done_encrypt.c delete mode 100644 src/encauth/ocb/ocb_encrypt.c delete mode 100644 src/encauth/ocb/ocb_encrypt_authenticate_memory.c delete mode 100644 src/encauth/ocb/ocb_init.c delete mode 100644 src/encauth/ocb/ocb_ntz.c delete mode 100644 src/encauth/ocb/ocb_shift_xor.c delete mode 100644 src/encauth/ocb/ocb_test.c delete mode 100644 src/encauth/ocb/s_ocb_done.c diff --git a/demos/timing.c b/demos/timing.c index 7c5aafd09..58ae680bc 100644 --- a/demos/timing.c +++ b/demos/timing.c @@ -1296,29 +1296,6 @@ static void time_eax(eac_ctx *ctx) } #endif -#if defined(LTC_OCB_MODE) -static void time_ocb(eac_ctx *ctx) -{ - ulong64 t1, t2; - unsigned long x, z; - int err; - - t2 = -1; - for (x = 0; x < 10000; x++) { - t_start(); - t1 = t_read(); - z = 16; - if ((err = ocb_encrypt_authenticate_memory(ctx->cipher_idx, ctx->key, 16, ctx->IV, ctx->buf, ctx->size, ctx->buf, ctx->tag, &z)) != CRYPT_OK) { - fprintf(stderr, "\nOCB error... %s\n", error_to_string(err)); - exit(EXIT_FAILURE); - } - t1 = t_read() - t1; - if (t1 < t2) t2 = t1; - } - fprintf(stderr, "OCB \t\t\t%9"PRI64"u\n", t2/(ulong64)(ctx->size)); -} -#endif - #if defined(LTC_OCB3_MODE) static void time_ocb3(eac_ctx *ctx) { @@ -1483,7 +1460,7 @@ static void time_siv(eac_ctx *ctx) static void time_eacs_(unsigned long MAC_SIZE) { -#if defined(LTC_EAX_MODE) || defined(LTC_OCB_MODE) || defined(LTC_OCB3_MODE) || \ +#if defined(LTC_EAX_MODE) || defined(LTC_OCB3_MODE) || \ defined(LTC_CCM_MODE) || defined(LTC_GCM_MODE) || defined(LTC_SIV_MODE) eac_ctx ctx; struct { @@ -1494,9 +1471,6 @@ static void time_eacs_(unsigned long MAC_SIZE) #ifdef LTC_EAX_MODE TIME_FUN(eax), #endif -#ifdef LTC_OCB_MODE - TIME_FUN(ocb), -#endif #ifdef LTC_OCB3_MODE TIME_FUN(ocb3), #endif diff --git a/demos/tv_gen.c b/demos/tv_gen.c index d6ba2c6f6..5eba374a1 100644 --- a/demos/tv_gen.c +++ b/demos/tv_gen.c @@ -363,75 +363,6 @@ static void eax_gen(void) } #endif -#ifdef LTC_OCB_MODE -static void ocb_gen(void) -{ - int err, kl, x, y1, z; - FILE *out; - unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], - plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE]; - unsigned long len; - - OPEN_FILE("ocb_tv.txt", out); - fprintf(out, "OCB Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. The outputs\n" - "are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous\n" - "step repeated sufficiently. The nonce is fixed throughout.\n\n"); - - for (x = 0; cipher_descriptor[x].name != NULL; x++) { - kl = cipher_descriptor[x].block_length; - - /* skip ciphers which do not have 64 or 128 bit block sizes */ - if (kl != 8 && kl != 16) continue; - - if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) { - kl = cipher_descriptor[x].max_key_length; - } - fprintf(out, "OCB-%s (%d byte key)\n", cipher_descriptor[x].name, kl); - - /* the key */ - for (z = 0; z < kl; z++) { - key[z] = (z & 255); - } - - /* fixed nonce */ - for (z = 0; z < cipher_descriptor[x].block_length; z++) { - nonce[z] = z; - } - - for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){ - for (z = 0; z < y1; z++) { - plaintext[z] = (unsigned char)(z & 255); - } - len = sizeof(tag); - if ((err = ocb_encrypt_authenticate_memory(x, key, kl, nonce, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) { - printf("Error OCB'ing: %s\n", error_to_string(err)); - exit(EXIT_FAILURE); - } - if (len == 0) { - printf("Error OCB'ing: zero length\n"); - exit(EXIT_FAILURE); - } - fprintf(out, "%3d: ", y1); - for (z = 0; z < y1; z++) { - fprintf(out, "%02X", plaintext[z]); - } - fprintf(out, ", "); - for (z = 0; z <(int)len; z++) { - fprintf(out, "%02X", tag[z]); - } - fprintf(out, "\n"); - - /* forward the key */ - for (z = 0; z < kl; z++) { - key[z] = tag[z % len]; - } - } - fprintf(out, "\n"); - } - fclose(out); -} -#endif - #ifdef LTC_OCB3_MODE static void ocb3_gen(void) { @@ -817,9 +748,6 @@ int main(int argc, char **argv) #ifdef LTC_EAX_MODE printf("Generating EAX vectors..."); fflush(stdout); eax_gen(); printf("done\n"); #endif -#ifdef LTC_OCB_MODE - printf("Generating OCB vectors..."); fflush(stdout); ocb_gen(); printf("done\n"); -#endif #ifdef LTC_OCB3_MODE printf("Generating OCB3 vectors..."); fflush(stdout); ocb3_gen(); printf("done\n"); #endif diff --git a/doc/crypt.tex b/doc/crypt.tex index cef84bdac..fdd7cddc5 100644 --- a/doc/crypt.tex +++ b/doc/crypt.tex @@ -1866,21 +1866,18 @@ \chapter{Authenticated Encryption} The only difference is eax\_decrypt\_verify\_memory() does not emit a tag. Instead you pass it a tag as input and it compares it against the tag it computed while decrypting the message. If the tags match then it stores a $1$ in \textit{res}, otherwise it stores a $0$. -\mysection{OCB Modes} +\mysection{OCB Mode} \subsection{Preface} -LibTomCrypt provides support for a mode called OCB in version 1 ''OCB''\footnote{See -P. Rogaway, M. Bellare, J. Black, T. Krovetz, \textit{OCB: A Block Cipher Mode of Operation for Efficient Authenticated Encryption}.} --- which has been deprecated in favor of the standardized version 3 -- -and version 3 ''OCB3''\footnote{See RFC7253, T. Krovetz, P. Rogaway, \textit{The OCB Authenticated-Encryption Algorithm}.}. +LibTomCrypt provides support for a mode called OCB in version 3 +''OCB3''\footnote{See RFC7253, T. Krovetz, P. Rogaway, \textit{The OCB Authenticated-Encryption Algorithm}.}. OCB is an encryption protocol that simultaneously provides authentication. It is slightly faster to use than EAX mode but is less flexible. All versions of OCB were patented, but have been put into the public domain in 2013 and since then are free to use -- see \url{http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm}. -\subsection{OCB3} -\subsubsection{Initialization and processing} +\subsection{Initialization and processing} \index{ocb3\_init()} \begin{verbatim} @@ -1897,7 +1894,7 @@ \subsubsection{Initialization and processing} Note that you can only use ciphers with a block length of 16. -\subsubsection{Additional Authenticated Data} +\subsection{Additional Authenticated Data} OCB3 has, in contrary to OCB, the possibility to add "Additional Authenticated Data" (AAD) when performing cryptographic operations. @@ -1926,7 +1923,7 @@ \subsubsection{Additional Authenticated Data} both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb} states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory. -\subsubsection{State Termination} +\subsection{State Termination} \index{ocb3\_encrypt\_last()} \index{ocb3\_decrypt\_last()} \begin{verbatim} @@ -1955,7 +1952,7 @@ \subsubsection{State Termination} The \textit{taglen} parameter defines on input the length of the tag to output and will be set to the actual length written, which is at most 16 octets. -\subsubsection{Packet Functions} +\subsection{Packet Functions} To make life simpler the following two functions are provided for memory bound OCB3. \index{ocb3\_encrypt\_authenticate\_memory()} @@ -10355,7 +10352,6 @@ \subsection{Elliptic Curve Cryptography - $GF(p)$} These two ECC verify functions have been deprecated in favor of \code{ecc\_verify\_hash\_v2()}. Please check Chapter \ref{ecc-verify} for details. - \subsection{PKCS \#1 Padding} PKCS \#1 v1.5 padding is so simple that both signature and encryption padding are performed by the same function. Note: the signature padding does \textbf{not} include the ASN.1 padding required. That is performed by the rsa\_sign\_hash\_ex() function @@ -10696,113 +10692,6 @@ \subsection{Extended Verification} rsa_key *key); \end{verbatim} -\subsection{OCB} -\subsubsection{Initialization and processing} - -Let's review how to initialize an OCB context. - -\index{ocb\_init()} -\begin{verbatim} -int ocb_init( ocb_state *ocb, - int cipher, - const unsigned char *key, - unsigned long keylen, - const unsigned char *nonce); -\end{verbatim} - -This will initialize the \textit{ocb} context using cipher descriptor \textit{cipher}. It will use a \textit{key} of length \textit{keylen} -and the random \textit{nonce}. Note that \textit{nonce} must be a random (public) string the same length as the block ciphers -block size (e.g. 16 bytes for AES). - -This mode has no \textit{Associated Data} like EAX mode does which means you cannot authenticate metadata along with the stream. -To encrypt or decrypt data use the following. - -\index{ocb\_encrypt()} \index{ocb\_decrypt()} -\begin{verbatim} -int ocb_encrypt( ocb_state *ocb, - const unsigned char *pt, - unsigned char *ct); - -int ocb_decrypt( ocb_state *ocb, - const unsigned char *ct, - unsigned char *pt); -\end{verbatim} - -This will encrypt (or decrypt for the latter) a fixed length of data from \textit{pt} to \textit{ct} (vice versa for the latter). -They assume that \textit{pt} and \textit{ct} are the same size as the block cipher's block size. Note that you cannot call -both functions given a single \textit{ocb} state. For bi-directional communication you will have to initialize two \textit{ocb} -states (with different nonces). Also \textit{pt} and \textit{ct} may point to the same location in memory. - -\subsubsection{State Termination} - -When you are finished encrypting the message you call the following function to compute the tag. - -\index{ocb\_done\_encrypt()} -\begin{verbatim} -int ocb_done_encrypt( ocb_state *ocb, - const unsigned char *pt, - unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, - unsigned long *taglen); -\end{verbatim} - -This will terminate an encrypt stream \textit{ocb}. If you have trailing bytes of plaintext that will not complete a block -you can pass them here. This will also encrypt the \textit{ptlen} bytes in \textit{pt} and store them in \textit{ct}. It will also -store up to \textit{taglen} bytes of the tag into \textit{tag}. - -Note that \textit{ptlen} must be less than or equal to the block size of block cipher chosen. Also note that if you have -an input message equal to the length of the block size then you pass the data here (not to ocb\_encrypt()) only. - -To terminate a decrypt stream and compared the tag you call the following. - -\index{ocb\_done\_decrypt()} -\begin{verbatim} -int ocb_done_decrypt( ocb_state *ocb, - const unsigned char *ct, - unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, - unsigned long taglen, - int *res); -\end{verbatim} -Similarly to the previous function you can pass trailing message bytes into this function. This will compute the -tag of the message (internally) and then compare it against the \textit{taglen} bytes of \textit{tag} provided. By default -\textit{res} is set to zero. If all \textit{taglen} bytes of \textit{tag} can be verified then \textit{res} is set to one (authenticated -message). - -\subsubsection{Packet Functions} -To make life simpler the following two functions are provided for memory bound OCB. - -%\index{ocb\_encrypt\_authenticate\_memory()} -\begin{verbatim} -int ocb_encrypt_authenticate_memory( - int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); -\end{verbatim} - -This will OCB encrypt the message \textit{pt} of length \textit{ptlen}, and store the ciphertext in \textit{ct}. The length \textit{ptlen} -can be any arbitrary length. - -\index{ocb\_decrypt\_verify\_memory()} -\begin{verbatim} -int ocb_decrypt_verify_memory( - int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *res); -\end{verbatim} - -Similarly, this will OCB decrypt, and compare the internally computed tag against the tag provided. \textit{res} is set -appropriately to \textit{1} if the tag matches or to \textit{0} if it doesn't match. - \clearpage \addcontentsline{toc}{chapter}{Index} \printindex diff --git a/notes/ocb_tv.txt b/notes/ocb_tv.txt deleted file mode 100644 index e517341e9..000000000 --- a/notes/ocb_tv.txt +++ /dev/null @@ -1,696 +0,0 @@ -OCB Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. The outputs -are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous -step repeated sufficiently. The nonce is fixed throughout. - -OCB-aes (16 byte key) - 0: , 04ADA45E947BC5B6E00F4C8B8053902D - 1: 07, 987354C062CD6251CAA6D93280EFE9BE - 2: 1CB7, B9F1620EA8374E1C2D05110878D93069 - 3: B98C59, 3793FB737C2DFB29E73DD1AD8B8F71C7 - 4: 8978F240, 5E25316ED13D3300F2EC12D718A0BA8E - 5: CB4D261594, EDA252A1A5C7D0A4AB4620F771446DD3 - 6: 30D6B6688D59, 684037DE07832C6FC38CA42BDF2A7D53 - 7: D0583F9741BFA4, 3DF53DFF73431C0245982F4EEEAD432F - 8: EE3B9596CBEFF520, D283D1B9D990739EA05F4BAE2E96BE4E - 9: 6570FC25E6103AC125, 90D3F1FA6595B775749FAE7B00A8E5B1 - 10: F56750C98C370DFDC4A0, 19389A6875FAB432B72D64BCDD6BD26C - 11: 3344AE6D9528603CC1E4E1, 87AB6FBC7F919125A7DB0D17D19056B8 - 12: F3D9D816A727D3E67330C779, 07AC0F3841DFCFEC58A5AAC22270538C - 13: 976651E63ABC3B276799BC1FE4, EE603A8C66099AD6FF8667B3F34ABF29 - 14: A48E3ABC31336C6B717A96170A9B, A9D1B973D84D3125F5F9D7923BA0A8FF - 15: F60E9B2A911FAFB0080FAA3ECDEE42, 4902F8AEB7685F7B255ECC45B5B7D3D4 - 16: 0855DE488940144AF18C65A9966DDB66, A66B3E7A75D394273AC196FFD062F9DD - 17: 172DC1740F75AB2A27B2B80895961A69AB, D6986BB95F7E4137430CAC67F773623B - 18: A414234DCCC61B65A79B7C618A6B91ACA410, 6CE32E55E158BC3E51E94116A615F3A2 - 19: 16A1B16BC0F63D63179901F1CBC772D612C102, 54007EF9822E0E4A4F953838577C76FA - 20: 539788EBF85C15B3A638017B4054D71315BFF25F, 9B2511322E16CECD53E3241F3D51EB97 - 21: 7E74595A3DCFE1EA2C91B67738765463D50A22924A, AC9C9B526251C16F112E769F9FBE74E4 - 22: A2B61792102B2E44F1DC0E48B40472CE883730504FEB, 76452A49C2524404C8A4B098D6390F98 - 23: F58174BC06A022AB7D81991E9346F5E4B0AEC535D93473, 47F96374BC094BB2C1A5D1D291806912 - 24: A3A7713895D178A85D9092EA6138323DC2FF9090D7F01AC5, 3814208FA7009A2934F9A172D029667D - 25: 385525DAF9949DCDEB22F7518AF96438E40F7D94933706A9F2, 1249F3DF50084A6D1A76AA350FD85B0B - 26: 6838E207D98A5BF8D8E41454CF51663D8F8B76FD26092D45D1D9, 301723D0F49BF8CF37828340B894689C - 27: 736413C025A549CB2550E93139DFD5DC3CE241C296C9FE641FF520, BE07259963F251743A85DF51EB1B47FB - 28: 7F2CD26367A885BD9E2B515D4E871272AC1BEA1C650B530E5616B2D3, EEB37E8451597E5A53CB49072EDA9346 - 29: 68F23DCDEF223B60B46E3D724A93BEEF8B110D4394C990AC3D0E34E1B6, 9A60344982F852EFE02CBE9CBBAB60F1 - 30: 66C5DE3EB27139983D48BED81D0E5FCE6BA1AB402C357062FE989D31C69C, BAFA0A7997A529039F0CE8528E670415 - 31: D3B9009C1A930EE288C61B0B15C7E92CB73484C345594DC5A3F377147981DB, 1EDAACF7F1F3AC7EA613F94DA4DEF930 - 32: F7818DF15FE6FBC42A28FDE1D55A2C07EC8D82AA0E7A680DBD3CF26C13448F9B, 67FEB344108008A88067E92B210766D5 - -OCB-blowfish (8 byte key) - 0: , 07B7752047F9E0AE - 1: CE, 7D69017C42B06204 - 2: 1D6F, 4DFD4BD58439062F - 3: 30A011, DB49D988798F8842 - 4: B71C8951, AA3261584B0C20FD - 5: 06F89957DA, 88BFA80D36427F64 - 6: 45BC4CE5FABD, 4CAF71136ED166A7 - 7: A7405F124D0296, 5D8993CE64FFF0E7 - 8: ECABEFD9E6574E4D, B69349673CF86E41 - 9: F7D26A7E82A34ACC71, AFFDEE843ABEA68A - 10: E225C5F0FA1D649F81A3, 03AC1D5DF1323EF8 - 11: 58722FBFB86C2697061217, CE731D80E6355710 - 12: E577EB8FA70225C5A18D31DC, 2F08B140F0D3A255 - 13: 92154A94CD7D42EBADB6CFEE14, DC949170E84D3CA2 - 14: 5A3C08744FD85CA262D51AC6CD25, E83CE45547403BAD - 15: 8B2E4980ABA10A20573A402D89AD12, E3D978611DD831D0 - 16: 3EDC4A0FA95BD8F944BCE4F252B6470C, 87B54BBEA86A5B5C - -OCB-xtea (16 byte key) - 0: , F996E5CC593FD6E9 - 1: 88, 64636E3C48940F8D - 2: 223D, 230D7718A8BCB965 - 3: 32531B, 37FEA4728FAE474D - 4: BDCF3E96, A9F30B4187CD174C - 5: 7B0CCDE546, E7328648817987FE - 6: 824BD771B724, 0BDF80C14EDB758B - 7: 8F0E73B1280717, 2DEDBF2C87180CC4 - 8: 6F7EFA44AF774B1F, 1A9C5509D54A7185 - 9: 9749BCF684F68755AC, E46941DBE948BDD5 - 10: DCD32D91FE2D5590355D, E17DFA54A5B60E07 - 11: 3CBBF6464D438AB95B3ACF, C207876D030362EC - 12: 1C804A611F6CE4CFD2657366, B957F48EA00C428C - 13: 5A2F6927951D8F60C754893790, EB3A27A9E5B8928F - 14: C710D28CD02726002596D9196021, C6C9EBF090A20C07 - 15: 298FFCE0CD42BC329697AEB5F53A56, BB2F0C415317928C - 16: 59F6395260ECEAB2E3511991EEEF9656, 278A218A720F8E05 - -OCB-rc5 (8 byte key) - 0: , E7462C3C0C95A73E - 1: C5, 83CB00E780937259 - 2: 1533, 022FF70566E0BA87 - 3: 57543B, AC4EF15FC83BDF2D - 4: 01E4474B, BD817C06AC2141E0 - 5: 4CD7E850EE, 7BB6B3BDA5373422 - 6: 489C0CD1502A, 23DD4406F87EB164 - 7: 0CBAAE08E07EFF, 92569C958B722413 - 8: 073612F283F8A6E4, 1DD978D01CE8D1DF - 9: CDE676B1A3AC98B00E, C033F099E2620668 - 10: AD3BC88EEEDA40A83685, 36DA44E13C0C8A4D - 11: CA60E8B918F73E99986021, 45634CA0E43E4B13 - 12: 3B3CF82157ECEACAD8658EF5, E681F57616146CC7 - 13: EBC1A7068346EC1B7EB815A7DC, 2C806D2A909CCAF1 - 14: 97CDB3EF8276F1E7D6B6677DA2DB, 53F00B9A2E43DE08 - 15: 44169B3EDAD9506C51A6DA055EF9C2, 5BB6DD996130896B - 16: 35EC29065B1FC640015B0F779E7A358A, 867EBD0E86823F09 - -OCB-rc6 (16 byte key) - 0: , 27B9E3F544B8F567EEBF98ED5FD55C76 - 1: 92, 219FD2D74D7E3F21AA6C2A507C0A546B - 2: BECF, 96A656A16FB3C4579E6955D592AECAE1 - 3: 4DDE09, 7D1882879B5D6FD8C151502BD8AB220A - 4: 0D6B4FCC, E01FBD1ECA2A6A8DC6697A06AB12BDB0 - 5: E5E19C973B, E5A86AADF2F333D5DEDCE410688CC6A4 - 6: 90BA7D2A6965, 80523A2CAB2A7BB2E90B121DE80F46A9 - 7: 6FE258148EC8D0, B7254B11276A77C5F99FE5EC91D81F57 - 8: D887080095DF8817, F3FB938068A01EF89DE0F1226C544362 - 9: D9823313289D597614, A547764EF20BD4B4B303882B64FAF2C5 - 10: FF68942112CF01701E86, 94F3860D4438428EE296CEACB3EB67F5 - 11: FFD390D3E0B64F64D3192F, 99D2E424C67EBACCD4E2EB9A0CDB8CDD - 12: 3162235748BDDECC84FC8C94, BDD400A58AF59100A731DD5B4386444E - 13: D2A0EC8B1F20672289F7236C56, B245CF42644BDAC5F077143AF2A57BA7 - 14: 830929B2850E22F6C1BA2027248C, B6B522F7D6BA3CFFA92D093B383542FE - 15: 2A5FCCCCF43F845AA77750D3BC6B1E, 53A0A0882C7844636900509921661FCA - 16: 8480234796F9EAC313140CE014B0265C, 0656CA8D851B53FD5C1AAC303B264E43 - 17: F011A67C22F16A42CEA5E493CB766964AA, 830B8158B7A96224A53FB7F3A08CD128 - 18: F76274A730A608C2AB37497A049C3699882E, 4DC4DD4DF39D0E68D6169F9DC7F4A6D5 - 19: 7B38DD237DE552A72E4369A81C30AFEA5E5063, 01A62CBD30153702A5B29FB2A1683899 - 20: 58EB866F1FCB060ACC821D776AAC4AD9E87C326A, 25AFB8FC48605E1396EA8471F55C1294 - 21: A25F2C0FAD66B3580627498EC66C994B49C5445911, 0182A951D9A3DA53675612DE8EED1FB9 - 22: 8813977F092F07F251A1497C898967F3F98F5CB878CB, 80BC353E310880A83DD4DE4FE96AB6F0 - 23: 52DC8B76F5A6F78D51FB7DB51048E2663563335EC876A5, DC3689AA079C04C19D83646B272F9DEC - 24: 965437D3FDF91784B63C73C8CD001BD9372167963DF36B89, 9FF84E2845E3C1E3E6711D1646B18F21 - 25: ADD40F674BD56FFC8F9B4047FAAD2471F0A48F4544C894F806, 9D684F74F9734F1C497E33D96A27E00C - 26: 7B049B688839BC62785082397DEC7AA94B837D094AECA4B14571, EE711DF1C15B5C9E36B6E38B6F7152D2 - 27: DD4681F9C498A3CF69A9AC876E02BD9CDC4FB1F6798F772013B62D, C5A50676EFAA2A56CBDBE55CFED3050D - 28: 471B5E89A1337E75E88AFBAACA1C011790F1657425483229E55C34EE, 20F73F2AC452FFEA423BE2EBDF33CFA1 - 29: 71812C83DE34DB329C8DCD98890AFB1F7719E890DAE5CEB7AC9668CAD0, 6FAA03E10C6FB67D425C683C6D85FD76 - 30: 4BC2DB33786CFD29B5CA5B804454169906138E90E29E7BE9197971027AF7, 75053C433EF5572A70C58EEC96F56C53 - 31: 5E3A0AB41264AB65365458ED3B7E6A25827E50075A9E347F1622ED0723E229, C8F1ECD19AD5FC970CF0D31BF46B0F2B - 32: 2E48DEE4B379CD59F5367D17DC397C1BFD53B8C4CE46A8202518614076174EB6, EFCE758ECCB6BE875D16B7E03A498D31 - -OCB-safer+ (16 byte key) - 0: , 88618DEF98FE588E23107E9A5D89C26B - 1: 39, 2B01B202E751F957E331ECD1CEDE3456 - 2: 13CB, 17071E5AFD5D8CE953A73F49412BE8C4 - 3: DC4428, 4B0B1881C2540FF92E7DE63C479A7750 - 4: 120382B0, 0BB11D57B5BD9D846CF31033CD4CCB92 - 5: 97F332F95B, 335E0424D0A820F60DBB968B8B5AA057 - 6: 3C7AAE72037B, C8034C2C76C1CCD7C1B3F36DD8907E1D - 7: 8A99E4A1B89B6D, 06A8165DFADF1EA5ABD89E574422DF7F - 8: 676587065F0342B8, 93ADE63994DF2189079234DC204BF92B - 9: 8EC394CBC6877B245A, 1A89F0AB0B44BC708EBD9DE489E2EEB8 - 10: 5FB5366E5CAE4DB72411, 5CA5881A5805D53ACA4904A5EEC01550 - 11: 72A1994028F09ED6A4E45C, 0FFC0052996CE45DF4A28F7A6E9CFEA6 - 12: 1D5EF20F52A9B72386D1A601, A697DF1179628DE1120D5E8D9F39DA6E - 13: 79BD002AA59D74F125AD9E32DE, 2F02CB6F70BF57BBA0DF100DE503F633 - 14: 442C6F9016DF4C090056258756A9, 58C6FD3180B9B74459D70B5684BE3F4C - 15: 4FC5543D9A892B44ED04EE8B25E232, B8B858B3D3EB4B26E867E429F88A56B4 - 16: F06E7503167C2210AB332259BAFD6AB4, 73CE2589D1DF34CA3DC2B14CC9FA6276 - 17: BCCC260BD4823B64090FB33E6816F9C330, 81ABBDC83B2544907840FEB5AF4479EC - 18: 450C1105B76F960D1A5F33D7F9D37DAE20C3, C41DDC8980E88E3986D9C84857BBE1E7 - 19: C9F36EF3A990E0554EDB59E6788F8E9BF1DBC7, 90DD543E148D9A0B79A8B376C5509E09 - 20: 3666FEEA98A4FC434EDB7517E7FCEE2320C69BCB, 99F11B360DDB3A15C42110831CCBF21C - 21: 126F39C19D1E0B87F1180F6589A75712B66209E2CE, B4D268FB8EF5C048CA9A35337D57828A - 22: C1B6D14EE8B6D0A653BFCC295D5F94E6BCA09E181D8A, 4B4883B614D5CC412B53ED4203EA93B7 - 23: D1F2A10F1A9DAB738C61CD0EF66FE5F6D1DA95DC671128, 3F1EFDA55EFEF1A0B24708E132BC4D25 - 24: 9D457216C584F43DBA1DD55C54822A8B6A86D22DBFFA14D4, 53402970B128E98A5F0D62476A38F959 - 25: 012828614B5D67C9A1EE24A1EBCD322FE9C8BE0C3F20A53714, 2BFF288D90DBDC638084F80F3F7AADF3 - 26: B1904AECF599F6C74557475E409E75E646271DEDEC7A830260DB, BF119BDBDA27773E038B7067D2B0EECD - 27: ED831771C4346FC19435354AE29F7A9436D6E8D4D42CFF26207DBD, C3F029FC8AE690E84FBD0EF806B801F3 - 28: E051B958601223FECEADF932A277BCF18C25025AE4DA791155B85035, EB75E56BE7856F1B5ED3D125C092D38A - 29: AB3449537C5E22125BC32D483F74C3A3DBDBD5232839A85D300F65B4FD, 851B0FBABD080F783BDE4F47ADCD6D76 - 30: 4E68550837130652795A8C9D68530717D2B0AA5A17F3AEF92FFB502E46AC, 10E222706527A64E757EDE4B9EFC09DD - 31: C2D7033DA7A1857D79497EA6C64779EB969046CCEE6C74E6592FEE6E7C94C4, 2015674ECA80AC9B67AE854E18A7D56E - 32: 2F3F0374DDC24AE21F02D4DA74D46C71F0CD2269A68F32F7FAA0BAB64AA8E9BC, 737C8BA1677A8CE97D42FBB07530EE99 - -OCB-twofish (16 byte key) - 0: , 2CD8EF22E5457C7FE4016B0FB82FD204 - 1: 64, EB7BB60E4932C0E97A7A5906BD044ACF - 2: 3A59, E3D2024241666369BB542ED096F20C71 - 3: 67C038, 7E6F1EB3F2088F6416BB675DCAC0D484 - 4: BB36BF02, BDEEEF07EBB7A50A5201C8A2D72C0036 - 5: 6F06C0E293, C63557681D84ACCFFBFEE87D82EF1D3C - 6: 2015F94CC5AA, EF1DEAD4134D2A1A47A20F26FAA3554D - 7: A5F8CDD07964B0, 672B74D88C8AA7567C6AC4A896E0F6D1 - 8: 5EFC9D8C3B9E7F3F, DB9160C53AD429D4C22BC0E2E6C509C5 - 9: B62CB80F75594BC54F, 20020A798FF59F0472E750C796B5CC94 - 10: 970983B0F889760EEEF0, 360AE43CEBCC27755548D4984CEEA10C - 11: 75C3A8CCB30A94CD57D1F8, 79820F3B1625E216B5BC1D1A22B198F9 - 12: 033DA41CCBFE3C6897230FCE, CFE3EDD11627270CD63916508B058B7A - 13: 15358032F30043A66F49D3F76A, 98B8056A7991D5EF498E7C09DAC7B25D - 14: 71FBA7D6C2C8DC4A0E2773766F26, 22BA0ECEF19532554335D8F1A1C7DEFC - 15: BD761CD92C6F9FB651B38555CDFDC7, 8E3C7E1D8C4702B85C6FCD04184739E4 - 16: EB6D310E2B7F84C24872EC48BFAA6BD7, 12DE548D982A122716CEDF5B5D2176D9 - 17: 8DDF6CE25A67B409D3FB42A25C3AA7A842, 3E9FA2C6C65341A8E1101C15E1BBD936 - 18: 5563DFC29B750FBC647E427C5480B65846DB, 90881C6820901BD41F7B3C2DF529B8A9 - 19: 93343C1E9624321C2A0A155BA8B4E66FD92BE2, 71A641DDCD49825E10880D54BEF30E91 - 20: C256BCA0CF0ACCEEC1AA4B9372AF27D2C3C65AFC, 91D45C4DA49BBAD1809A11F4041C7D09 - 21: 3DE69FDB72C93518A3E317F7B26C425EE3DD42DA7E, 85E37B3E8EC3AF476DB7819D739D07D5 - 22: 676AC7885C7C8FBE9862242FCCC46C181440EE49AE59, BCDB42B53AC4FDDF9C3BF8849AB96EEC - 23: D71B98B88F46CC47D90BB931564CDF0157F0ABCB5E6954, 289CD5799D9E49F36D70F67726A59610 - 24: 669C16DB9DC175200C08476832155DAA52F1F8969DF3B79A, 835B210EBBE5C9D34C2E052E1843C1F8 - 25: 2F39346E14A34BBED0491929CD9F1FB3CEC412C25AB703372A, DC4B42E8BA676BA100B87BEE328C5229 - 26: 1FD0F8BD0AC95E91881635EB0CF0E4FB099CBB214CE556422E2D, 898CEB3CA8FCA565CE5B01EF932FD391 - 27: 7FBD32B3D88B7E002BA6055585B5D0E1CC648315A81CFECA363CC8, 804820B1E3813D244164F778B9C2A8C8 - 28: 877A5F336A1D33AB94751A33E285C21666F0D8F103AC1187FC205372, AF9F0AC165EAFCEE8C2A831608F166B4 - 29: ECCA297705B0395E71B9E4263343D486B29207DA188C2F1BA626EDBF46, A05DC873406B236E4DDBC038DC4D2627 - 30: FF3BD8D4E1108E98FBAE2E28BC12819CD7956BC491C0B3A291FBEE739599, 68DFE58473BA2818A23095D1D6EC065C - 31: F175230606040ADACEBAFE4D58BBD140B2D45E8BF7E5C904510B58E4B53D3F, DAF579E1A12481D39F4DCFB7C28794B1 - 32: 261388D491EF1CB92C261FD9B91CAD5B95440DE0A747144EB8697699F600801D, 749056EBEAF4F20CD8746AA8C8846C47 - -OCB-safer-k64 (8 byte key) - 0: , 0EDD2A1AB692AA7A - 1: 3E, 306F814F3C2C109E - 2: 0593, 063D19B734C34715 - 3: CA72C6, DF6DAAFAD91BE697 - 4: 08924AEE, 15095FA49E789483 - 5: 359908A6CD, 16CB7F0741BA4091 - 6: 97F3BD820CF4, A59DB15B67B95EE8 - 7: 0A267201AC039E, B4FFC31DBCD8284A - 8: 9F6ACD9705C9ECC5, 6B41A938F0B1CAEB - 9: F355D5A937DD1582C2, 9D1F932E521CB955 - 10: ED39758CAF89E7932E48, 398EF517015F118F - 11: D8ACF19363A0E0ADC9321B, F98B2A30217766AA - 12: F8F54A8202B0F281ED610F33, 36EF7FA4A20E04B7 - 13: 0F8677DF64B5982DB6E2299140, 4DED2DA806834C81 - 14: 0C357A9DC321C93B3872881503B0, 7814D1C0C6A8900A - 15: 10B6B1A261C3015A18110AD200A7B6, 9A814D6D2BAD850C - 16: AA9EA9D1BA7818C0D2EBF23781A5467D, 236A24FC98826702 - -OCB-safer-sk64 (8 byte key) - 0: , 76F16BDCE55B3E23 - 1: 63, F34B0B471F6F8F75 - 2: 8651, D7EFE17943D35193 - 3: D45504, 263224E50E7E9E75 - 4: 57B414C3, A553D6CABCA0F285 - 5: 4976E3B303, AC5E9969F739EBD9 - 6: F10AB8EB94E0, 8301FFE68848D46D - 7: 6E954593AC427D, C1CF93BBC0F92644 - 8: F48F44441B898C0F, 698FFAED1A95E8E4 - 9: 1DC60156D62782E3D0, 6AFF0DCC65D4C933 - 10: 71920ADC8997CB8B3A72, 1C101C6A27CFBBBD - 11: 890ED7492ED914AC20391B, F66DCD6205D945C6 - 12: 1B9FAB84A8748BAC187C7393, B450757FCAFAAD52 - 13: B4C89E1BB280DBC265E43ACE15, AE6BB3D2E6A371FF - 14: 24B0C28944BDF22048E2E86644F5, 84E93E2191CEF17A - 15: 8F2D5694D55EE235168AAA735943AF, 514252AEF2F2A2D9 - 16: 568B7E31FFDA726718E40397CFC8DCC6, 3C80BA7FCA9E419E - -OCB-safer-k128 (16 byte key) - 0: , 4919F68F6BC44ABC - 1: 65, C6785F7BE4DE54D3 - 2: E1B0, C197C93B63F58355 - 3: BB7247, DFE092EF8184443B - 4: 38C2D022, 943FD999227C5596 - 5: D71E4FD0ED, 51040FE9A01EA901 - 6: C4B211EADC2A, 329429BE3366F22F - 7: 426DEB3FC3A4BC, CF1C976F6A19CE88 - 8: A6F813C09CE84800, 98D9FF427B3BD571 - 9: 4D1A9948FD157814B4, 5A389FAEEB85B8C6 - 10: EC3EA142C3F07F5A9EEB, 31E26E13F032A48F - 11: A75FB14365D1533CD3FBE7, 8EF01ACC568C0591 - 12: 891582B5853DD546FF3EA071, E013CFFE43219C21 - 13: 54CA848C49DCDEE076780F21F4, 298EFC7B4D6B6CFE - 14: EA7611C69A60F1A2EF71D6A7762D, 7D9AA51CFCEC8101 - 15: B2D1A211BC524B965A084BB4B21710, 7B2AC0EEB5216892 - 16: 5E81F1BFA270E804A488C9BFAB75811D, A67F627CE1E37851 - -OCB-safer-sk128 (16 byte key) - 0: , E523C6DBB3CA178D - 1: 5E, B1CB7EBE5780DF98 - 2: F4D8, 8036235F2BE7A817 - 3: 4FE268, 123320394EAC24F6 - 4: A5BA02B4, B8276B5E027D45DA - 5: 1571859CCC, 29406C5F2DF2CFC4 - 6: CA1E47447B95, 5D4FAF8FD5341791 - 7: 8710DB37022D96, E10040FEA9AEA9C2 - 8: 205990DC9A34DA3C, AE25CB49AA7A697B - 9: 757AFCB3191DC811C3, AA8CADA8638D6118 - 10: 6994F8C153522361BB92, 1BCEE09E928EB18B - 11: A86FA0CDD051BB60AF5AA8, 50A38F8E9889354D - 12: 8D3FD3EB7FF2269AACFD24BA, CB51CF84CEFC45F0 - 13: 03D2A313925D9490FC5547F95F, A1FF9D72E11C420B - 14: D77C0F0F600FE92F14F479FA457C, 1EBE1B4B9685EDFA - 15: 0CAF0A8BEB864E26058C7DF8EBA0EB, 1B153DDAE807561F - 16: 113D12716DFE0596A2F30C875EC6BA0E, C61F5AC0245154A6 - -OCB-rc2 (8 byte key) - 0: , 1A073F25FF5690BE - 1: F4, 3D3221E92E40F634 - 2: 2C76, C22C20B7231A0DB9 - 3: C647CB, 3E6348D996399629 - 4: 2021891A, 8EF76B24E9D55FDA - 5: 1966CBCBBF, 310D24024D573E8D - 6: 42C15AC9AAF0, 217E83C0CDE4F077 - 7: AB70F3F73DF0B6, 16AB2679D96A591B - 8: B7C7DD845D7E76DD, F33065EA531545CA - 9: 468CC16A37CF63EA73, 88879733F70AE3D3 - 10: 4F769E25A7346E22A932, 26E1A92FEDEE0597 - 11: 304A8B53B1CD24C6C27C17, 48B46E9F091B0B2E - 12: 4E3DF867FEFF0B8E06D5FA70, 53BB48BFB8AB4750 - 13: 2BAB3F0A8C38A3BD3C49DBBA5A, 52303CADCBB6D312 - 14: 3D04A29924589AAEF93A29003EE7, 120EF9364B83748F - 15: 486127A80E4EC599C461451CF1D79B, 2245D51599CAD629 - 16: AF8FB3FD2DB343F1AFF564FCBEA58785, 805BF441E660B0B0 - -OCB-des (8 byte key) - 0: , 8A65BD7DE54082AD - 1: A8, 3A83897CC8EC7CF6 - 2: 9256, DC66C39C7DD87D93 - 3: C145A0, 45967F3764F62F48 - 4: CD314BAB, EF38B0213259C3D4 - 5: 7074014741, 6748F4BAF06DD7BD - 6: 9A874CAE01F1, E382DB7235624104 - 7: DFA0D86DC4CA84, 627ABB432E50455E - 8: 685C2B2CBDD8D144, D166082E085063BA - 9: 53515DAAC7F7B8CE1D, 6680B6C26E1B0994 - 10: 2B3967812BF4155A8D36, AFED7F38AFEFC543 - 11: F4E5AC3CC5913B8A7F35FB, 6181DD3C46A6C24F - 12: F3EC89AD4235287D53715A81, 12CC354833FE5BD8 - 13: 66D554AC2CA85C079F051B8459, 097F31088CFBA239 - 14: 8746061C26D72771A7586949A3E4, 6CEF3565D0E45C6B - 15: FB3BCC650B29F418930A467EA4FB73, 64D12723E100F08B - 16: DE1C27E9B3C391AF5DF403291F2C084A, 6BADE4638AE46BE2 - -OCB-desx (24 byte key) - 0: , 972B4CC480AEA6A9 - 1: CB, C46CC58DE9615963 - 2: 2911, 9B5117BF9530018F - 3: 844501, 308F0F36D3313B67 - 4: 0C8CB549, 3F72789FB54CC9B1 - 5: 581FA34114, 1B86E66203EBF9EE - 6: D0BBE3E43961, 59F730D5ABF13265 - 7: 046529AB0EDD17, 240FF6134AA5327B - 8: FF4F32C3A96D61D9, 5DE9B81CC39ACC61 - 9: E94A99D609BE5B1A6D, 443F4948DE64E6A0 - 10: B3E783B59853EE1EBD36, F04B41EAAB9CDE18 - 11: 0BB36CE35BB8050169F6F2, 598A0705C800BC04 - 12: BE946B1CB03E7E5DA1CC12B8, 288B827CEA810662 - 13: 3FEC137C657FF1F2B34F4C5E56, F9248F59D1033253 - 14: 626DC4527055E80E68A6A1FE0F78, D8AA67D5ABD0B6A5 - 15: 476247537A509BC42BCD6DEC7F9506, 2C2D0385066B4815 - 16: 5D32BFE0B9ACB62B6AC29D43A0535A25, DE247F5F809C6CEC - -OCB-3des (24 byte key) - 0: , 9CB7074F93CD37DD - 1: 4D, 51541A838A154E0B - 2: 5C77, 60E86F2F1F4C6F96 - 3: B3D2F0, 7D74A9E6A061457D - 4: B3556075, EAF7A89A07453460 - 5: 1B61CE7230, F90D18620E1AB877 - 6: 3987FEC8D0D7, B5EF04DEE2E528F9 - 7: EBD0A7EBEEFF3B, A72CA24DD77A5DDA - 8: 429FB38DDABF76D4, D0578484C37227C8 - 9: F8DF28BF5C4CD28B1B, 5E7C4DC8E694E3B4 - 10: 2BF436BBE063F7E830C2, 8D919637C973C71B - 11: ED21656C8878319F1B7D29, 8813280C1277DF26 - 12: F45F90980D38EDF5D0FEC926, F9619341E273A31F - 13: 52F2D3CACC294B141B35D73BBF, 7BBC3F1A0D38F61F - 14: 2E6DA0FB55962F79B8E890E8DD8D, 8060799DCAB802E4 - 15: D6F9A6B2420174C499F9FE91178784, D3AAF969ED2F7215 - 16: 4F1CF285B8748C4F8F4D201C06B343CA, 203A2692C077F1B5 - -OCB-sm4 (16 byte key) - 0: , 644D127C5F75F64F48808EEE68350817 - 1: 6B, EE408CBD07CEC607EAA25CB0CF063DE4 - 2: 74E6, FE58AB1D0A951F156D0B78597DE88981 - 3: 049E45, 9674DCB58ED4981CFFCA8725B5BDCBD8 - 4: 416F6FAC, AB0981B209CEB024447861D113FE74AE - 5: CC01AFD1B6, 9125092E4696FE0939A256C03A37FD8C - 6: 1B32E33A7BA2, 80714FA9C1EAE774CF9C754F5FE7374A - 7: 6F91118A6F5E0F, 7065639ADBE5265F0B61836950C39871 - 8: C40E934B952D0108, A8D1ACC7CA93B14C2A187441C794D31E - 9: 06B7FF294A85CD8F8F, 3C433077C03E9B6A481B6A78565A865E - 10: 123093E41AAA91EEA2D1, 9EEF81BFAA0C7116C632DAE3D447BEC4 - 11: 83288869EBB8D22772AA98, A52688653CC795A14D7CC5C4FB59EFD6 - 12: FD8A2A59C3BA54DE090DFFAE, CA597A88711955563025FE6F6B6CB095 - 13: DA0FD6F4B1A0A8084D92F543D3, 9F22A8F0B9EFF906DFE7438E0738FF4E - 14: 8D8090EFF0A44E96A4CB582A61E5, 11477309B525FA0B1A1B4B0F25DED574 - 15: 95DF2F968380DAF60122B8FEA2614A, B25F1C94B4F963297EF31AD01819CAD6 - 16: E63BB516DEF0A60F3503FC9578082588, 9E75B31F3A10D922A698610EDD224AC6 - 17: 4141B7D60688A6B74659FA3F988749336C, 2A4A83E828CA79F3CBA7A417E4E9149F - 18: 68A58C0AAD6A8831231DD3537D5E6284FAD7, 4372DBFA17A102118A4750E719FCC9FF - 19: 6565EE0302F1AFE357E65B56980F04EB805228, 20E09947D4A4947CD24457589303BD69 - 20: 0400E928A18B85498DB78CFAFC026CB07F3DD3A3, 9646E0737D7F75F109430336754DE155 - 21: EC2A5AE19531D964B6C03C4ACE804909F3B0260DC6, 6DEE21A1B2A14FE5F8C13C3620F35EB4 - 22: F32AEDAF0281234753F5D2903F1FEF505165D4543923, B8F486809ABD26E4CACF6C283CBFBAFA - 23: 482B2728C75FF1206E280FDDD082F2C93EE9C2C15A14E9, 70DA0D202F68BF7DCF126DFE2CC75CA9 - 24: DB67772FC481A6D2F50ECCA59134984869C91436211A24A7, A7391E9F5698DF1BC984F127A874D8F6 - 25: DF60A24E93101ED2F68D3CAAD966F51271603C8E611AB16C3F, A4C44700A6845A75B72C04C1395E9820 - 26: E14DE8BC5A2A8417783267AB659DAC26A84A02B4EB5FA4BAAE7F, 1508521641C38536DAF3B2CE65BC060A - 27: 309D876E6CCB6C8FDF963D6143E2FC091DCF7FA75D002986502500, 323AE0DB790F786252F35547554990E2 - 28: 7D8D3119EA42098509D0B1FB8FDB945E1C6C7AF4E1C9773F82A6D3DF, 8F97D69077AA1AD2BD7A8FBE6950E632 - 29: 597A5B272750C5CCE0591CE40A4CE838F3C326A9BCAB160385D6D431C0, 2F9D9980E31419966C6F5DC8E6DA216D - 30: 676720E8BB37FAD3778C4289CA1442A4905F327798C7C3584FD9518F19CE, 60D96E4249518291C68EE01AEB5A5B05 - 31: 609D0A3770F9BE06D7100E75FA0096F21FA498C28224A9406228534A43DEAD, C3148A9D60CD32EA378720262A3529EA - 32: 18BA4D72E61851F5878E07459A24BDFCB48C6A2AF719584CBE6A0B321078B967, 077031AE31FC5ED7B27ADABDBE699CDE - -OCB-cast5 (8 byte key) - 0: , 77E8002236021687 - 1: 52, D57DF1037B6A799D - 2: 31C9, 7E781759B057D695 - 3: 5C8324, 56965D6CB2C97C0C - 4: 17D99099, 7C52B5D09475F5D3 - 5: 400082C475, 3CA5CDB9B4A0FAE9 - 6: 4DF0E4000C24, DCFEE2C3384F9731 - 7: 10004C3CE32255, 0A6832F985F61658 - 8: FFA6EA76B346893C, 6202693B153254D6 - 9: E96378C94D246AB51C, 5B259FEB715B9159 - 10: A9BED2D59A92D3D9418A, 1E7E066C098A023D - 11: 4EF144B7D4622BAD4DC840, 5DAB2C1D0DF56B08 - 12: 6DBCDF56E57CE47DD3D0CF44, 2A24F2A224368F55 - 13: 43241A0AD933635D7C8EAD47DC, 86B4B5AC22177F19 - 14: 920D6BDBE073F3C75052420C883D, 10943DBB23BD894D - 15: B2C75DF024269833B039CAB19EC865, 84B7DBB425E45855 - 16: 6A9424B6A873BB7155C01DC87E23EC52, 82C5047655952B01 - -OCB-noekeon (16 byte key) - 0: , C810FFEC70BB008FD7C314A732B226E6 - 1: D0, 3C48A2C7E0CE9B9099221EF2CEC56767 - 2: 5542, 518EDB8174B067CBF2568C6911378137 - 3: 65E8A4, 3E4EFF5F6FBC99EF3B71B11F566A20FB - 4: 3D0EF863, A366D5CE05F564B5E676EC78938CCC85 - 5: 89B17BA512, 0E83095D771F654CBD630AC114501A0F - 6: E9AF5FCFEFED, 3A283F7FF02274DD4B48C2CD7E36182D - 7: F7A001CEC51C30, 8392CC274521BB452134713153F36268 - 8: D796E3F23E31D4F2, 351C7B0304E127287A9A1DE38BB3167A - 9: C4E2BBF6B4827E1A84, 275907279D0764CF80D7E6626D81F994 - 10: 6C61226E61F70408A61A, 941AD1718D272BFCB8C5ACE08F90B2D1 - 11: 3C195850E7FD63EFC11F7C, 348A975B60908445230D4D56A0CAB008 - 12: EE5FF5362DA3744C9EAD274B, 875C2167BFAEB65F5601F2DB9035444C - 13: 7DB5392ED1933ED858EC0C52F5, BE6507D8AC743805A872658C680A4D06 - 14: FEDEAE2EC2059D22B960813B5E7D, A559933509C47854176CEEDEC12EB8B4 - 15: 64C81F2169F7CEFBF51E68D4186A36, FFE84A9B49F0E77A9799EDEC7D76B987 - 16: 66532B678D23130714E088FE874C4743, AF95ADA553A68319DBEBDA4172E18A22 - 17: 53E56845C091A1E2372F3FC772017C9804, 9A6AB7CEB632429F2B31FB91C141B6F0 - 18: DAF6832520591B886E2E962ACF5B9D0A38E9, 73FFEBA8997E0C55CB0B4ABE59C86BF6 - 19: 108F04FEFCB5EE68033E57346012CDEB348D14, E08E90976E0F7868994B017D7A007AB8 - 20: 101682160DEB9667FB073F96ED1D9C063ABCE668, FB79A4BEBCA9A7832C72116AD9B98D41 - 21: E10AB0D22A6C4C253D818AB6AF1A3FF5811C6CEF24, 174CD350B069A239F9EB80A7BCADE8B7 - 22: 9F62A79B25D4F5532D78228A50516F97ACB7A2C5DF13, DD25DD14174B5667B0AD70732323C8C4 - 23: 2A0AA96147E74A3B881D62BA692EE27927A9EAB351C6DB, 9CE03AACF9318770BF7E095F90B470DB - 24: 29E38605973D0218AA8BAF2FBAB7722DB242C4775E453372, 72D6038E8927EDDE469F98B84C74A8A3 - 25: 8DBF8C2B5477DBA6E07B269293713D60D60BE29E677CA35C33, 83100BBC1401C890B36890A3FD0CD4EE - 26: 13DE9776093827F254DBF500EEBE0C65DC602A5FDF6AEFFC34D9, D142F6CE9E43633CBE94A2BDCC9AC5A8 - 27: 4A25370043862CF7A12A00A5A278623F9BF8DE33212D35661591EC, 62064DD74F9F6D77682B43D9B44E26B8 - 28: 37C6C6C40DA0581BF041770E330A40185E90426A1A4AC9BCDBC5CA7D, E77EE99F62EB1A38CCD1E90CED6EB5C7 - 29: 6B9047158068957CBF77F35988E5C926C7B262A8EBA9D33638A15B1505, 913DC491D3B2AFF172053CC4D1271F46 - 30: 949E5F05396F60722877EDBAA5D7437DDB24B3E25651458C266992D0854E, 87D4396BBC24646659F10179823066B2 - 31: D48489C360F6EB2BF4155FFD7CCAFA4793B8870BFA4A95C9BEDD372F51C04E, 173EEB238E6186D5A93AC6072A22B772 - 32: ACB6F91E8BDB4CFFE1F2A5F6C712D16177EE06842E4CF27F61C8F68D44C842FF, A1E5F2560183B0AFE466243EF3921E4D - -OCB-skipjack (10 byte key) - 0: , 90EAAB5131AEB43B - 1: 2F, 6274B82063314006 - 2: DAF6, 6A6BCCE84FD4EF02 - 3: 5C2A88, C83D54C562A62852 - 4: B6E8FB5E, C44459EF41C8F296 - 5: 6C0888C119, 269DD7657BD0225F - 6: 1FD9AD7ECCC3, 3CA090F46B107839 - 7: 1EDBFF8AE458A3, 440380BF9745132B - 8: 04DBECC1F31F9F96, 2653620A4877B0E6 - 9: 908AE5648AF988A896, 00180FF33C1DD249 - 10: 53E63E0C297C1FC7859B, 36616209504C4230 - 11: 407BE16144187B4BEBD3A3, 4754B7DD4DB2927B - 12: 9961D87CFEDDF9CC22F2C806, 5947FC41E6B9CEC9 - 13: 9F5254962E4D210ED8AC301252, 97A392BEAF9B3B04 - 14: 379FDA76ECCFDAAC10F67FBF624C, 1D895ABD932BD5EC - 15: 1D5A7AD556FF3078284BB21A536DAA, 01FAE2F4936ED9D2 - 16: 4B8B71396924880CB33EA6EC6593F969, A0F4B1BE3B9B4CCE - -OCB-anubis (16 byte key) - 0: , D22ACF880B297DB0513DFAF0D2DF57D9 - 1: 59, 210A179469D6568AB9470C760415574E - 2: AFA5, 1223F9CD160ABE2F257164C6E5533C87 - 3: 969BEC, A57EC767543CA2ADBA4F5A7423ECA78A - 4: CF8B31F1, 13B5BF9CD87CE15CE696F3AF1B082650 - 5: 9B22DF3852, 4937FDDA0AFDDA04CCD53CCBB0A82745 - 6: E11719B2F0F8, 6847931DBF0223F5CEF66AE3F4DFCF9B - 7: 5A85E0F6DD2266, A1A0AF45A68A681CC396615FE1E1DFB5 - 8: 7F2DFCC65ED86976, 13614A3C6E0E08611D8DF8EE5B7D788F - 9: 1DAF10DFA3F1D53E50, 673632B6DD553BAE90E9E6CC8CDE0FA5 - 10: AF74FD9671F9C0A9879C, B8B4DD448FE967207227B84E42126D90 - 11: 49421CED1167A882E26297, 21C8951A1761E4BD13BC85CBD14D30BD - 12: BC0BC779B83F07D30CB340DA, FAABD25E14FFD8D468AD6616021F604C - 13: 843D7E00F94E61AE950B9AA191, 08933ED5FBDCAF72F788393CD5422D0F - 14: 296F15C383C511C36258F528E331, 8BFFADF5655C1864057D69A6706D1739 - 15: E31D2E80B2DBA4FBFAF52DB0513838, C4CD36821EC631CCBF1F258EE9931288 - 16: 87F319FE9A48E2D087EDF95563896EE5, 517960488E5A118D150A1573E76C290A - 17: 9632B7DC1740BBE0A7AEEFD0F535B5AE8A, 0C24D0950873621D319A928862D3A6AC - 18: 359431ED4B3AC537238CAC2F86126972D403, 4A0CED2F4BFA3355C17D6C5DF9FABFAA - 19: E15B50172EE8DA9C552D448A5A48BEEAA2F11D, 8166B2A2D3A0745D1055F9F503FD6C03 - 20: 75842DDC0D5E3BD80225E4BFBD1298421244D7EF, BB957BB2582B67B63978BCFD7A949EDD - 21: 3DD69162716D5F3E096E614991CAD7ED8E01F926B8, 40A954F31F5B0A2C5DD220ACED8D2B3E - 22: 8A49AC14F59593D5399A10F9346E2FD36F47F64ED419, 4324D408CE7F86370495AF14FBD1A859 - 23: 6AA8FA353BCAAB4262211D75F13D27BE173526B8BC3CFC, BA3A27D79EC8ECBC5A78CB9FD095B766 - 24: B918192BB72CFEF980298EEE570460356A4BA1755576FEAA, EB341ECE0A070E769F498600EE4EBF77 - 25: BEFAE0B77E42A2FD18958D9E43202E8A338562AFF8317461B0, 444C1D6BDC026A01012BB2CEEAD89C2C - 26: 07E86D49CFFE6FB08FDF44584033AF321447003D8AD3862C00C9, DA9355A79B224EF662DA65F19BE494A7 - 27: 911BB223AC6F6E54082FBFEDEC300D73FCAF715CCA35949212B372, 3496160A46A21DCDB5A4C179F159D860 - 28: ABB563FC803715F59AA35460E98470E2E94E4270455ACEBF4297641B, 899CFE1946A060DE620879B8A7464718 - 29: 47D98E83B5849CDE19B14ABCF9EA6CA9684AB49A3AB36BD14F328D808C, 6D76CD5EFF6D4AD3B67A56DF1EB42E05 - 30: C8BF0B71A95884FFB93D64C57E327A4754EC5A1EE26632CF8E0B6B26CBDE, 2B3BE785263B1A400E5893273AFD09AE - 31: 9804D668CF2D75CA58C9671F65630E33909269B9511AF9119BE88EBB35F00C, 3DDA028B1A2339CA817DC8D9371E0FF8 - 32: F6E038A82A09BCD20BAAC7926B2296B78F9CBA9DD12C497C47EA08DBCD8CEA3A, A203FC1E68E21A52E72224891AC10EE2 - -OCB-khazad (16 byte key) - 0: , BDEDFF7AA0070063 - 1: 00, 67E951582D66ED93 - 2: 5FED, 09DC8AEAD70673DE - 3: 26A7CC, CE1436CE1E37D4B0 - 4: 3D2BD063, 574C24395F31511A - 5: 597F1AFCB1, 6FBBE820C6F26CDB - 6: 202DAE442DF6, 58CA6E5706C9852D - 7: 7C20EDA18E9444, AABF0DA252A1BAAD - 8: DEC02BF76DFD5B77, A0A97446B80EACB6 - 9: 5D7A42F73843F9200E, A1DD603372D124CB - 10: 0D4710E454C19B68369E, CC78E9D7EAA6A39F - 11: 126694191BF09A29DCF40E, 76C9B84FA3E8913F - 12: A94EBB86BD325B4FA1942FA5, 613DE312DB1666F7 - 13: 4F9462386469EA0EFDC1BFAFE9, 5247244FD4BBAA6F - 14: 4EB794DFCF3823BDC38FA5EF3B23, 0C12017B5E058398 - 15: D870479780CC5B3B13A7A39029A56F, 003D3FCD31D497B5 - 16: A47BF1218AC86A60F6002CE004AF5E50, B4EC27091D5DCD58 - -OCB-seed (16 byte key) - 0: , D80D16D2D0FB2BD9EBA4912468B893D7 - 1: 12, 8776140CB818C1CBFD2CFCD8BDFC9FFA - 2: F8A1, 597381977898AC43194C302216113CEB - 3: B35B5E, BC327275E7A552C4E0AC0FCB8403A6C4 - 4: 19F57542, 4E49DE569547B619E4187239D9B755C2 - 5: EAD2D99E86, 53DCC5FAB4DE25541A22AF0309C9FE78 - 6: 4902A8FF9AF9, 950D9A28DFBDAECE5F14D47E6B7A8B8B - 7: 45FE502602EA4E, 69CD243A3CF17FE51ABBFA2CDE510BCC - 8: D54F2EDE48207CFB, 775EE6140AACF9D56787071F08F36F67 - 9: FEDBBFD9FAABC80186, B37B2C643D62A205BD009BB55D50B918 - 10: 3541A86C889AFEB783B7, FE41A36AC076F417B6A3870DB712CC1F - 11: 62EB71A2EAFDDE1A050AFC, A953ECF1F0B53438E869F0CFB84CB142 - 12: 77AFE377460D6A51208194DB, 5CC2A9D8499F1B25D78937DAFB1DED10 - 13: A34FCDD7CA45DFAA2178CDC7E8, A14A119115143EE2B4719282C9E2356C - 14: A61FA4E9550280C8AAC87EF7A204, A87DDD9631C87ED0792C067E8D7F1D9B - 15: EE82AF5C51896AED298B0C12E00ECF, 9051873090B013508F93677D3A080E96 - 16: 5D532646FAD510E984959C4E14F853D7, 275D8DF932818030F1269804DE06A73B - 17: 1D77F8916DF479DDCE3F49A1D9DEFA40FB, 99611A067F45F140AFDB6FB7E9C23DF2 - 18: 5857267B77E7B8D7732509AEAC0AA80BDB2C, 3159BF09910493977A33268C7F7DBC01 - 19: 1CF64E54D48811F02DAAE472846E65235DC8B7, 78F88A35E2D93A0746058D1B37762A27 - 20: 8CC20A5FEFE9AAE81742DE70453F62A961188DB7, EDA9E9208EC38152E53AFD62ABC77F0B - 21: 1D6CCEEEC72CC7369C33F5CD83ED0DCD6F5613D562, 9FEFD274F3F906B11DD87CC2C0F9D0A2 - 22: 20A9C1EAD88F005DB8F69C8BE005D8A010B261FF2EAD, A341F754932DCBC6DAFE4231918A9CF1 - 23: DCEC1BB28E8D77D69B5148FB02E02C281B68BA6E9768B0, 6AAB2EEB1D25D2DF7CEEFA6054E295DA - 24: 7C4F7165943DB1EFA5731F5C75931F4391F0C40D5731BC54, 3FBFF88733ACE5289D9FB9CD24C44C3F - 25: F5E2C8A9B3A02E0BB86F9E969B0EDA5F554B0C8902BB6F4643, DFB22569019686B2EE92ABA9EE6610B0 - 26: 42B7D0E9613AFAD6E8093E4F638BC96E22413F15A84202188C31, 002F0F602F596236A8F239E81CE47FC0 - 27: 88B89B7756BD3BE09467998FABD12BCE87E5FE994ADE9B30844AE6, 05E0E8AFA55C3B571A849CE4C9F1F477 - 28: 10452565D15D1D829FC54F61960C6A749AFB91086E388269CF6B588A, DD88B0C63E040DF8878B3C919AA95218 - 29: E68619409B86082C744496FC3F645CE1134E84192D2CBCE1CFEEB12612, 83258C337EF21302724CE051A03195D6 - 30: 840277319319EF1DDF6A57682B6695550157F5B76756BF81BFFB3394AFC0, 183FA85F8E91F8972DA23108FA066F20 - 31: C74A4B01328B809397C07F4FC16131FBEE6396293181C327ADB50EF39CC936, D6C5CF79D47995D7CDB5745F601D859F - 32: FF3FEE866339B01DD2C1EC0C0E569A458A77DD014AF0CC9C0A8DC52A52133940, BF1AF01F2CB34CBAF1EAB96FBCCB5404 - -OCB-kasumi (16 byte key) - 0: , 7B4CE3A5B7284F8B - 1: F8, 80584D787B7AE753 - 2: D37A, 7BD7B52BE65B995C - 3: 2D07BF, 6E6E16FDFE808D21 - 4: 9F1A8E7F, 810CDE98B80F2CF2 - 5: C6A7842512, CB6E9709AD7E8545 - 6: 056553F25EE5, 24A74A113D68E373 - 7: C3E0215DEABD43, 80B9F0ABDC207E04 - 8: 38DA7B24B04DDF91, AEEB273DCAE4F743 - 9: 34169FBF64966E0EB8, 1D10D18FC0DF5372 - 10: 5B3A510F1AE97BFCE1EA, 5B1342A77724DBF7 - 11: 39D1B5067E584E59BB6603, 38EDA20D46B2563D - 12: AC2DD02E2406D7D8175EB308, AE7DCB1AE6188975 - 13: B0623EDBC20FEBEDF9B4AB70E6, E218732D221A04A4 - 14: 82F57A435A92E28B56F4EF5E7EA8, CC5842752D089C26 - 15: F2D54E3B9022AB32F668AD5A20D050, D811DF3DE76089FF - 16: 1CAC13A538AFC64D9747226AC23F072C, 2DF49C64213B35B9 - -OCB-multi2 (40 byte key) - 0: , 70A2AD75028C8B3E - 1: 3E, 76BE76B249142049 - 2: 5C21, E31CDBD0ED6B864D - 3: 62BC9F, F1124FC4C9C82617 - 4: BB5AC85A, 97035E20D4FFEC81 - 5: 500D9D05E3, 86D5EC5AD1D55434 - 6: 5179B8442E46, 432EAB80B938A00E - 7: 361000D13C364B, 5ADB3F9FD65EC776 - 8: 5C5BD790B927CBE4, F6ED8E9D330FD37E - 9: 2020DD735C5D7B4739, F98DEFD6A8368E1F - 10: 008A8548790A3582C2AC, 041C4E2FA196390C - 11: E6409403D3E2E4385EE54E, 25AE9113A0E7A3EF - 12: E23E598908C755FCF9D51E39, 21BF8C9F319FB44F - 13: C1F13F46FF04717C7E54FFBDC7, E7D8CDF40A1D78A5 - 14: 27721EB66D4F6362308B96DD9895, A374C96FCA94C809 - 15: 1A393F94CB9ACD3BB93D8766C63569, 45A090303B71D35D - 16: BCC0498FB13CEE8A615FF6409EDF1707, 9589A4CBC481A455 - -OCB-camellia (16 byte key) - 0: , 6972CC27A9711EAE6654851AB8E0C53F - 1: A2, 208D783961FD532E14376B4EE904FE52 - 2: 1177, C7CC74015F7EDD9A72F7435494D8A050 - 3: 0F8502, F1A708AA0F485A554E2E76592CD9D7F4 - 4: 9986180B, D47186A8B539F890824DEBA223861ACD - 5: C0FF4519C3, 4430A9453016E4974CFB5380A1F3E95F - 6: 2AC54E3E6A0B, 6E320BE8DAF4BA0462A57BECC574740F - 7: 846053E1A37A6A, 5B91B680B92517781DC362C2F3E144E4 - 8: CCB09ECFF76EEE2C, F91E7E245F4C8A404F3ECC7DE49261C3 - 9: E049E2AA271388106E, 8C6981A160D831F4DC57FACE5ACCF006 - 10: 761782341D52BA8AD12F, 672DC4B06DBBCED80381CE4845757F0B - 11: 92AD781DEC4549940265C6, DB04CAABC54E71FE1A9C41DF1ED5C52E - 12: D507B77EEE9BE07EAD700143, B3EFCC0B27DC85166E04E7BC39E45C58 - 13: 5AA1AD6B9CAE3001D4C1CC4048, 424D8A22F7B9ADA30AAC0C1D3D4E77F9 - 14: C69E96F7A4B9A6F0F2C7EFA72C26, 678144F802AE9DD83D11877779B48972 - 15: E2596B3FE48EF6EC50D857C8B4E3F4, DDB3BD2B8AB2FA71C7F56C8E57AFF2C2 - 16: D81664A002E03A75E08CF16EE7670E97, B56A0B0955E15E62C557C6E66782AF4C - 17: A8F2696A972A87C784FDC775439470D822, 36E3AD03CB18002A17D49E466CE64814 - 18: C2B537D807BD1ACA734AA072D9C2B836F588, 449B05D145666D1E5A92E204FC3507D7 - 19: D5418F1288BFA7D39D23B3C6ECF797397D3D44, B0CFBA612544B8AB159E9D4AD1FFB3D4 - 20: 2F9522460182291C6F264308E0363B9FE312E517, 1EE4CB38075B67463FB9DE26DF9D581C - 21: DF2881568BECA504A66E4B15BEA58AE6E99D0270E6, 3283D46803FC33098BB262FC1D2B2157 - 22: 4B0083A4CF7E166C8466A5B991AD0CDF71F9DF010EE7, 7C91D9A5DF6C76CB02D83D8C7F3D8D07 - 23: AC0457474B4193647D62906BD08D8C8EB32BE151555B68, 0A448FF3C468D7CDC945724172CEB66F - 24: E6E7786EBECDC296F072CD66C89141C700DE2A8B5DBF6549, 68ACCB5FEC04717FB21FF3B46A34BC74 - 25: 860865770047A9798D90C9365E9C9F8210CB804D785D65E2C0, A58F22FFC4CBFE3BBA451BE4B3B95723 - 26: F157588B4F98D798E6850D8F04ABF9905C1BBB2D055ADE1EA424, D6960C1EA6DAF225366374333D38EBDB - 27: DE3431977821BC861CD88E4236BCAAAFFE3C894607498FB8D68746, A3D23729464BD38338F4AC5B4D9F5C81 - 28: 3F2F0AB546E118B76B937D539806DC02D02A5D42D64926A9E1101D66, 3C0D2D23F5DAF7D36DDC0F87B4163F42 - 29: 3F9FFAE1D7BC62BB80A2FA2728FC33FF02E26CB9F52EA8D03FFE95A49A, 96B45B3F946E629ED974EFA7B66F5DDF - 30: A398B66C8425CE9E8A6BF5AB900CEA1EAE811E06AC7BC0D69A53FB2015BB, F83411C72B7DB201B254565D1DD8D1BF - 31: 9C760ED6C10A80C52F092ED20AB1D03A52427B6235F3C7FE7541033AACDD74, 8AB98FCA89D1245B177E0AC06E083024 - 32: C38F260587B3BA9919601BD0A56909FB36ABCEB8968D08DD6B74F1EF5ED7065C, E357D0D56124276790DACA38D95792BB - -OCB-idea (16 byte key) - 0: , BDB7AEE81A437AD8 - 1: 20, 98EC8CAA4544B41E - 2: CF69, 33A6414FBC482456 - 3: 25723A, DA6DE676482C6607 - 4: E4220FC6, F67538CEA28002AE - 5: E440418489, A21E9F1D15F44038 - 6: 886944E0CF10, 2EF54D278B08DE7D - 7: 5088BF9EFA7E6E, 8443C572C85AF187 - 8: 0D6765F689BF0BE5, 7E658DF3FA677FD0 - 9: D5D02EDEB67AC6E573, 1B1568BC59905994 - 10: 0C6BDA63A6EF19AE4A3F, 6FA765B6906E5B8B - 11: C58013FE24604DCD40611D, 58A5351EA8CADBC4 - 12: DB78CF844EA91A3F7CCF1478, F9B6EC2F22888C12 - 13: 4329E9812856B9A80297CC95C7, 46A1DE8C53B6A1A4 - 14: 6D1CD2DF838697CACCDB28376973, A587EE5CE2351348 - 15: 21C3BCB256DBFC0B472F30A6D469CA, 3ADD0D84695C5B14 - 16: BE073E735F86AFA6D3A4F56C914D5EB8, 07921F5BA6E9F250 - -OCB-serpent (16 byte key) - 0: , D9490CE405238D17C036B3E5DF4DFC7F - 1: DB, 44C1E20A0467B693019DFBA21EAF9035 - 2: A343, 2E20DAB7135E395AA3FF227959A70610 - 3: CB7E24, EE8FAA34CA9C43CFB24061B79DE82C70 - 4: F9BCE9E7, B6A48414BED23D37F99FED990A3A0B14 - 5: 2D3FB0FEA0, 06700497ABDC995F781771CCEAC341B7 - 6: 0C1BAB99858B, E4EB74D56565A50D16CF91D9872B702E - 7: 72CEBD89561A1D, 8FCC39F07C721EC8C92AEEA3C4BE845F - 8: A6CC972273DAF3E8, 099BDEA86D5CB994285A7AB9BC59EAC7 - 9: 0ED1E78C9A39377377, C969C9583F3CCE5799630C5450BE9134 - 10: F68611B69D657B6D6DC4, 893C25068299C5F6305411E3A9199616 - 11: 7402BE21EEE415AA5438F8, 01916E4C573FF695CFEC41C7F29EA1CC - 12: 125918FFB1902AC3F4F81265, F3EA4E417E4DA6B8BDCCC8BD4E87FE27 - 13: 01C2E839EB6C4CFFFF4856C97C, B57A6FB6918F8E11113E449D75CF638F - 14: 708B33704EB6E379FEC223371C74, 44EC0A795B2E604D29B8E917A73EAC29 - 15: A45EEE44431E19F61B5E4D257B7BDD, E42E3A6D212B42595E39E5A6E14B0C43 - 16: F23AD7425EB8D3CE0FAFDCBEF52A1962, 5C6BD772DD1DE0070391A9BF63D0913D - 17: 9B40D36F988B6F105380C7C949EDB1F379, 78FC67EEC03CE078A72977801B75DA52 - 18: 9A894DFCA373610C48ED16149CE0D84E2939, D2E05400320F61FDAF1729F5505B513F - 19: 47CE7BBF27734E7C480CD4F9DD69F4B3E11223, 07C22A4DCCB71372A12ABB0ED2C5EAD3 - 20: 61F7F55DD6DC89472728E54C53CCC7034922EC7C, 490D005087FF9ACB5211FE2E40D3B5B7 - 21: DE27EBD9891828F422321C96BA900026F4033A1B98, E8C33743F34494061455F0F5A104F218 - 22: D73F22E0BBE04F9B7537DB5A8B35D9B978AC45B1DCA0, 3271FA71E989D845EEB7E76755A68CB0 - 23: F61DC254C28E7CEA0B526D9E4BF0E6C554A09251BC0BAA, FA74560634DDAD5F56B8842B2E49EFE8 - 24: 6155A4D65C03F0AB2665FC65408FDD29276C4D3B6E957CCE, E41DCA2C8D3601AD9C344BE53334F8A7 - 25: 9C4487CC097FF24A45502A9A3C0F7A2134235EDB2108ED470A, C28CB7100F45C6D87B0CE1682871761D - 26: 0CB17A181F579A62B28A1171B1C3AF8A275C8D99D6AF95A3514A, 33BB5B063092B223A40C310B98B8FDE9 - 27: A5D0455E5E4C3DE2009A774F055F5DDAFFDC89A25872E99DCB1E75, 19488A3644BBF9BB621E80ED45EB826D - 28: F4A054D11AD6B2A3A7F7A4EF40A09243373F4C151320464A0A9A9E06, 272D1709AA49838DEDA8F78D9878CD4F - 29: 83EFF58C64BFCD1CB5DD0F6D040B8ACFE6C8992E14605FCCCFF142D0AC, 5BE7739321D83A5E4CC9AB5FA6D56966 - 30: E12A3514CBF30326E5078B8117678823E6AFA8F3A78FEAF06C5B1508CEA0, 301B3BE76675FD30209EEA086BB40CD8 - 31: 77E2B65956B52BD90E90081F389BBFC8D4550FBCC74B6469C5CE98FC093A0F, C43272FD03A35AE4D9AF467CD7811F1D - 32: 77E116BE37F8153D717F3F19DEFD045C2E8CAC499295B9EE6A95A3509D4CBC47, A0406E2C09C510AB5A9E5A5B20B0C306 - -OCB-tea (16 byte key) - 0: , 1A6D3BE15B6C879D - 1: B5, 91A035C7871CCF11 - 2: AEB1, C715E399C46D9DD1 - 3: 2B3273, 2F8BD77A9E036FA5 - 4: 5C009E43, 1CDEEEA46EEAE63F - 5: 8E07B56FEB, 2A486014BEDC6B01 - 6: F2D5B9842DE7, 1734AB18A976BACB - 7: C49F333DFA40A8, 007BEE13E4B1151F - 8: 4A99C75688B0DBA8, 2BB62A22623A02B3 - 9: 1E1175070E0C9EBBE5, B9750E34056F00AF - 10: D066C7016D6458538A33, C8301F29178F512D - 11: 6B036FFB0C6636135ADC66, 48967AD3659260BA - 12: 3018AB281C87CA4185A53207, 4F043FB366001F3C - 13: 93DA80463817D8A43B5D59133C, E95DE5587B95E6AC - 14: C1389108A40292097F489603BF2D, 8E56A1F7B04194EB - 15: 36E512F52335419EB6DAD9CB9C40BC, F0498560CD814C62 - 16: 2381E281D648AFF1ABB7D65B9AE41B35, EEC952B027B9A81D - diff --git a/src/encauth/ocb/ocb_decrypt.c b/src/encauth/ocb/ocb_decrypt.c deleted file mode 100644 index 98f36e48a..000000000 --- a/src/encauth/ocb/ocb_decrypt.c +++ /dev/null @@ -1,59 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_decrypt.c - OCB implementation, decrypt data, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Decrypt a block with OCB. - @param ocb The OCB state - @param ct The ciphertext (length of the block size of the block cipher) - @param pt [out] The plaintext (length of ct) - @return CRYPT_OK if successful -*/ -int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt) -{ - unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - /* can't use a encrypt-only descriptor */ - LTC_ARGCHK(cipher_descriptor[ocb->key.cipher].ecb_decrypt != NULL); - - /* Get Z[i] value */ - ocb_shift_xor(ocb, Z); - - /* xor ct in, encrypt, xor Z out */ - for (x = 0; x < ocb->block_len; x++) { - tmp[x] = ct[x] ^ Z[x]; - } - if ((err = ecb_decrypt_block(tmp, pt, &ocb->key)) != CRYPT_OK) { - return err; - } - for (x = 0; x < ocb->block_len; x++) { - pt[x] ^= Z[x]; - } - - /* compute checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= pt[x]; - } - - -#ifdef LTC_CLEAN_STACK - zeromem(Z, sizeof(Z)); - zeromem(tmp, sizeof(tmp)); -#endif - return CRYPT_OK; -} - -#endif - diff --git a/src/encauth/ocb/ocb_decrypt_verify_memory.c b/src/encauth/ocb/ocb_decrypt_verify_memory.c deleted file mode 100644 index 0f4dcb78a..000000000 --- a/src/encauth/ocb/ocb_decrypt_verify_memory.c +++ /dev/null @@ -1,74 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_decrypt_verify_memory.c - OCB implementation, helper to decrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Decrypt and compare the tag with OCB. - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the block cipher) - @param ct The ciphertext - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The tag to compare against - @param taglen The length of the tag (octets) - @param stat [out] The result of the tag comparison (1==valid, 0==invalid) - @return CRYPT_OK if successful regardless of the tag comparison -*/ -int ocb_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat) -{ - int err; - ocb_state *ocb; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(stat != NULL); - - /* allocate memory */ - ocb = XMALLOC(sizeof(ocb_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) { - goto LBL_ERR; - } - - while (ctlen > (unsigned long)ocb->block_len) { - if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) { - goto LBL_ERR; - } - ctlen -= ocb->block_len; - pt += ocb->block_len; - ct += ocb->block_len; - } - - err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, stat); -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb_state)); -#endif - - XFREE(ocb); - - return err; -} - -#endif diff --git a/src/encauth/ocb/ocb_done_decrypt.c b/src/encauth/ocb/ocb_done_decrypt.c deleted file mode 100644 index 3d516c9b9..000000000 --- a/src/encauth/ocb/ocb_done_decrypt.c +++ /dev/null @@ -1,68 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_done_decrypt.c - OCB implementation, terminate decryption, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Terminate a decrypting OCB state - @param ocb The OCB state - @param ct The ciphertext (if any) - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The authentication tag (to compare against) - @param taglen The length of the authentication tag provided - @param stat [out] The result of the tag comparison - @return CRYPT_OK if the process was successful regardless if the tag is valid -*/ -int ocb_done_decrypt(ocb_state *ocb, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, int *stat) -{ - int err; - unsigned char *tagbuf; - unsigned long tagbuflen; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(stat != NULL); - - /* default to failed */ - *stat = 0; - - /* allocate memory */ - tagbuf = XMALLOC(MAXBLOCKSIZE); - if (tagbuf == NULL) { - return CRYPT_MEM; - } - - tagbuflen = MAXBLOCKSIZE; - if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (taglen <= tagbuflen && XMEM_NEQ(tagbuf, tag, taglen) == 0) { - *stat = 1; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tagbuf, MAXBLOCKSIZE); -#endif - - XFREE(tagbuf); - - return err; -} - -#endif - diff --git a/src/encauth/ocb/ocb_done_encrypt.c b/src/encauth/ocb/ocb_done_encrypt.c deleted file mode 100644 index 5cd39adc4..000000000 --- a/src/encauth/ocb/ocb_done_encrypt.c +++ /dev/null @@ -1,34 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_done_encrypt.c - OCB implementation, terminate encryption, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Terminate an encryption OCB state - @param ocb The OCB state - @param pt Remaining plaintext (if any) - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext (if any) - @param tag [out] The tag for the OCB stream - @param taglen [in/out] The max size and resulting size of the tag - @return CRYPT_OK if successful -*/ -int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen) -{ - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - return s_ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0); -} - -#endif - diff --git a/src/encauth/ocb/ocb_encrypt.c b/src/encauth/ocb/ocb_encrypt.c deleted file mode 100644 index a38765a7b..000000000 --- a/src/encauth/ocb/ocb_encrypt.c +++ /dev/null @@ -1,54 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_encrypt.c - OCB implementation, encrypt data, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Encrypt a block of data with OCB. - @param ocb The OCB state - @param pt The plaintext (length of the block size of the block cipher) - @param ct [out] The ciphertext (same size as the pt) - @return CRYPT_OK if successful -*/ -int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct) -{ - unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - /* compute checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= pt[x]; - } - - /* Get Z[i] value */ - ocb_shift_xor(ocb, Z); - - /* xor pt in, encrypt, xor Z out */ - for (x = 0; x < ocb->block_len; x++) { - tmp[x] = pt[x] ^ Z[x]; - } - if ((err = ecb_encrypt_block(tmp, ct, &ocb->key)) != CRYPT_OK) { - return err; - } - for (x = 0; x < ocb->block_len; x++) { - ct[x] ^= Z[x]; - } - -#ifdef LTC_CLEAN_STACK - zeromem(Z, sizeof(Z)); - zeromem(tmp, sizeof(tmp)); -#endif - return CRYPT_OK; -} - -#endif diff --git a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c b/src/encauth/ocb/ocb_encrypt_authenticate_memory.c deleted file mode 100644 index 7560a6e71..000000000 --- a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c +++ /dev/null @@ -1,72 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_encrypt_authenticate_memory.c - OCB implementation, encrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Encrypt and generate an authentication code for a buffer of memory - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block ciphers block size) - @param pt The plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext - @param tag [out] The authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int ocb_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen) -{ - int err; - ocb_state *ocb; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - - /* allocate ram */ - ocb = XMALLOC(sizeof(ocb_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) { - goto LBL_ERR; - } - - while (ptlen > (unsigned long)ocb->block_len) { - if ((err = ocb_encrypt(ocb, pt, ct)) != CRYPT_OK) { - goto LBL_ERR; - } - ptlen -= ocb->block_len; - pt += ocb->block_len; - ct += ocb->block_len; - } - - err = ocb_done_encrypt(ocb, pt, ptlen, ct, tag, taglen); -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb_state)); -#endif - - XFREE(ocb); - - return err; -} - -#endif diff --git a/src/encauth/ocb/ocb_init.c b/src/encauth/ocb/ocb_init.c deleted file mode 100644 index 9460e4044..000000000 --- a/src/encauth/ocb/ocb_init.c +++ /dev/null @@ -1,131 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_init.c - OCB implementation, initialize state, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -#define polys ocb_polys -static const struct { - int len; - unsigned char poly_div[MAXBLOCKSIZE], - poly_mul[MAXBLOCKSIZE]; -} polys[] = { -{ - 8, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B } -}, { - 16, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 } -} -}; - -/** - Initialize an OCB context. - @param ocb [out] The destination of the OCB state - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the cipher) - @return CRYPT_OK if successful -*/ -int ocb_init(ocb_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, const unsigned char *nonce) -{ - int poly, x, y, m, err; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - - /* valid cipher? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* determine which polys to use */ - ocb->block_len = cipher_descriptor[cipher].block_length; - x = (int)LTC_ARRAY_SIZE(polys); - for (poly = 0; poly < x; poly++) { - if (polys[poly].len == ocb->block_len) { - break; - } - } - if (poly == x) { - return CRYPT_INVALID_ARG; /* block_len not found in polys */ - } - if (polys[poly].len != ocb->block_len) { - return CRYPT_INVALID_ARG; - } - - /* schedule the key */ - if ((err = ecb_start(cipher, key, keylen, 0, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find L = E[0] */ - zeromem(ocb->L, ocb->block_len); - if ((err = ecb_encrypt_block(ocb->L, ocb->L, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find R = E[N xor L] */ - for (x = 0; x < ocb->block_len; x++) { - ocb->R[x] = ocb->L[x] ^ nonce[x]; - } - if ((err = ecb_encrypt_block(ocb->R, ocb->R, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find Ls[i] = L << i for i == 0..31 */ - XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len); - for (x = 1; x < 32; x++) { - m = ocb->Ls[x-1][0] >> 7; - for (y = 0; y < ocb->block_len-1; y++) { - ocb->Ls[x][y] = ((ocb->Ls[x-1][y] << 1) | (ocb->Ls[x-1][y+1] >> 7)) & 255; - } - ocb->Ls[x][ocb->block_len-1] = (ocb->Ls[x-1][ocb->block_len-1] << 1) & 255; - - if (m == 1) { - for (y = 0; y < ocb->block_len; y++) { - ocb->Ls[x][y] ^= polys[poly].poly_mul[y]; - } - } - } - - /* find Lr = L / x */ - m = ocb->L[ocb->block_len-1] & 1; - - /* shift right */ - for (x = ocb->block_len - 1; x > 0; x--) { - ocb->Lr[x] = ((ocb->L[x] >> 1) | (ocb->L[x-1] << 7)) & 255; - } - ocb->Lr[0] = ocb->L[0] >> 1; - - if (m == 1) { - for (x = 0; x < ocb->block_len; x++) { - ocb->Lr[x] ^= polys[poly].poly_div[x]; - } - } - - /* set Li, checksum */ - zeromem(ocb->Li, ocb->block_len); - zeromem(ocb->checksum, ocb->block_len); - - /* set other params */ - ocb->block_index = 1; - - return CRYPT_OK; -} - -#undef polys - -#endif diff --git a/src/encauth/ocb/ocb_ntz.c b/src/encauth/ocb/ocb_ntz.c deleted file mode 100644 index bf933fd94..000000000 --- a/src/encauth/ocb/ocb_ntz.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_ntz.c - OCB implementation, internal function, by Tom St Denis -*/ - -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Returns the number of leading zero bits [from lsb up] - @param x The 32-bit value to observe - @return The number of bits [from the lsb up] that are zero -*/ -int ocb_ntz(unsigned long x) -{ -#if defined(LTC_HAVE_CTZL_BUILTIN) - if (x == 0) - return sizeof(unsigned long) * CHAR_BIT; - return __builtin_ctzl(x); -#else - int c; - x &= 0xFFFFFFFFUL; - c = 0; - while ((x & 1) == 0) { - ++c; - x >>= 1; - } - return c; -#endif -} - -#endif diff --git a/src/encauth/ocb/ocb_shift_xor.c b/src/encauth/ocb/ocb_shift_xor.c deleted file mode 100644 index 2f7bb3b88..000000000 --- a/src/encauth/ocb/ocb_shift_xor.c +++ /dev/null @@ -1,27 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_shift_xor.c - OCB implementation, internal function, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Compute the shift/xor for OCB (internal function) - @param ocb The OCB state - @param Z The destination of the shift -*/ -void ocb_shift_xor(ocb_state *ocb, unsigned char *Z) -{ - int x, y; - y = ocb_ntz(ocb->block_index++); - for (x = 0; x < ocb->block_len; x++) { - ocb->Li[x] ^= ocb->Ls[y][x]; - Z[x] = ocb->Li[x] ^ ocb->R[x]; - } -} - -#endif diff --git a/src/encauth/ocb/ocb_test.c b/src/encauth/ocb/ocb_test.c deleted file mode 100644 index c1ea9a8f0..000000000 --- a/src/encauth/ocb/ocb_test.c +++ /dev/null @@ -1,224 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file ocb_test.c - OCB implementation, self-test by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/** - Test the OCB protocol - @return CRYPT_OK if successful -*/ -int ocb_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - static const struct { - int ptlen; - unsigned char key[16], nonce[16], pt[34], ct[34], tag[16]; - } tests[] = { - - /* OCB-AES-128-0B */ -{ - 0, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0 }, - /* ct */ - { 0 }, - /* tag */ - { 0x15, 0xd3, 0x7d, 0xd7, 0xc8, 0x90, 0xd5, 0xd6, - 0xac, 0xab, 0x92, 0x7b, 0xc0, 0xdc, 0x60, 0xee }, -}, - - - /* OCB-AES-128-3B */ -{ - 3, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02 }, - /* ct */ - { 0xfc, 0xd3, 0x7d }, - /* tag */ - { 0x02, 0x25, 0x47, 0x39, 0xa5, 0xe3, 0x56, 0x5a, - 0xe2, 0xdc, 0xd6, 0x2c, 0x65, 0x97, 0x46, 0xba }, -}, - - /* OCB-AES-128-16B */ -{ - 16, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* ct */ - { 0x37, 0xdf, 0x8c, 0xe1, 0x5b, 0x48, 0x9b, 0xf3, - 0x1d, 0x0f, 0xc4, 0x4d, 0xa1, 0xfa, 0xf6, 0xd6 }, - /* tag */ - { 0xdf, 0xb7, 0x63, 0xeb, 0xdb, 0x5f, 0x0e, 0x71, - 0x9c, 0x7b, 0x41, 0x61, 0x80, 0x80, 0x04, 0xdf }, -}, - - /* OCB-AES-128-20B */ -{ - 20, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13 }, - /* ct */ - { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, - 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, - 0x70, 0x03, 0xeb, 0x55}, - /* tag */ - { 0x75, 0x30, 0x84, 0x14, 0x4e, 0xb6, 0x3b, 0x77, - 0x0b, 0x06, 0x3c, 0x2e, 0x23, 0xcd, 0xa0, 0xbb }, -}, - - /* OCB-AES-128-32B */ -{ - 32, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, - /* ct */ - { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, - 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, - 0x4a, 0xfc, 0xbb, 0x7f, 0xed, 0xc0, 0x8c, 0xa8, - 0x65, 0x4c, 0x6d, 0x30, 0x4d, 0x16, 0x12, 0xfa }, - - /* tag */ - { 0xc1, 0x4c, 0xbf, 0x2c, 0x1a, 0x1f, 0x1c, 0x3c, - 0x13, 0x7e, 0xad, 0xea, 0x1f, 0x2f, 0x2f, 0xcf }, -}, - - /* OCB-AES-128-34B */ -{ - 34, - /* key */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - /* nonce */ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - /* pt */ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21 }, - /* ct */ - { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, - 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, - 0xd4, 0x90, 0x3d, 0xd0, 0x02, 0x5b, 0xa4, 0xaa, - 0x83, 0x7c, 0x74, 0xf1, 0x21, 0xb0, 0x26, 0x0f, - 0xa9, 0x5d }, - - /* tag */ - { 0xcf, 0x83, 0x41, 0xbb, 0x10, 0x82, 0x0c, 0xcf, - 0x14, 0xbd, 0xec, 0x56, 0xb8, 0xd7, 0xd6, 0xab }, -}, - -}; - - int err, x, idx, res; - unsigned long len; - unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE], outpt[MAXBLOCKSIZE]; - - /* AES can be under rijndael or aes... try to find it */ - if ((idx = find_cipher("aes")) == -1) { - if ((idx = find_cipher("rijndael")) == -1) { - return CRYPT_NOP; - } - } - - for (x = 0; x < (int)LTC_ARRAY_SIZE(tests); x++) { - len = sizeof(outtag); - if ((err = ocb_encrypt_authenticate_memory(idx, tests[x].key, 16, - tests[x].nonce, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) { - return err; - } - - if (ltc_compare_testvector(outtag, len, tests[x].tag, sizeof(tests[x].tag), "OCB Tag", x) || - ltc_compare_testvector(outct, tests[x].ptlen, tests[x].ct, tests[x].ptlen, "OCB CT", x)) { - return CRYPT_FAIL_TESTVECTOR; - } - - /* Decrypt with separate input and output buffers. Historically - * s_ocb_done() had an aliasing bug in its decrypt path that only - * surfaced when ct and pt were distinct buffers (the earlier - * in-place call below masked it). Run this case first so it is - * exercised on every test vector. - */ - XMEMSET(outpt, 0, sizeof(outpt)); - if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen, - outpt, tests[x].tag, len, &res)) != CRYPT_OK) { - return err; - } - if ((res != 1) || ltc_compare_testvector(outpt, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB separate-buffer", x)) { -#ifdef LTC_TEST_DBG - printf("\n\nOCB: Failure-decrypt (separate buffers) - res = %d\n", res); -#endif - return CRYPT_FAIL_TESTVECTOR; - } - - /* Also exercise the in-place form for backward compatibility. */ - if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen, - outct, tests[x].tag, len, &res)) != CRYPT_OK) { - return err; - } - if ((res != 1) || ltc_compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB", x)) { -#ifdef LTC_TEST_DBG - printf("\n\nOCB: Failure-decrypt - res = %d\n", res); -#endif - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -#endif /* LTC_TEST */ -} - -#endif /* LTC_OCB_MODE */ - - -/* some comments - - -- it's hard to seek - -- hard to stream [you can't emit ciphertext until full block] - -- The setup is somewhat complicated... -*/ diff --git a/src/encauth/ocb/s_ocb_done.c b/src/encauth/ocb/s_ocb_done.c deleted file mode 100644 index a889372db..000000000 --- a/src/encauth/ocb/s_ocb_done.c +++ /dev/null @@ -1,140 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ -/* SPDX-License-Identifier: Unlicense */ - -/** - @file s_ocb_done.c - OCB implementation, internal helper, by Tom St Denis -*/ -#include "tomcrypt_private.h" - -#ifdef LTC_OCB_MODE - -/* Since the last block is encrypted in CTR mode the same code can - * be used to finish a decrypt or encrypt stream. The only difference - * is we XOR the final ciphertext into the checksum so we have to xor it - * before we CTR [decrypt] or after [encrypt] - * - * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... - */ - -/** - Shared code to finish an OCB stream - @param ocb The OCB state - @param pt The remaining plaintext [or input] - @param ptlen The length of the input (octets) - @param ct [out] The output buffer - @param tag [out] The destination for the authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @param mode The mode we are terminating, 0==encrypt, 1==decrypt - @return CRYPT_OK if successful -*/ -int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode) - -{ - unsigned char *Z, *Y, *X; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - if ((int)ptlen > ocb->block_len || (int)ptlen < 0) { - return CRYPT_INVALID_ARG; - } - - /* allocate ram */ - Z = XMALLOC(MAXBLOCKSIZE); - Y = XMALLOC(MAXBLOCKSIZE); - X = XMALLOC(MAXBLOCKSIZE); - if (X == NULL || Y == NULL || Z == NULL) { - if (X != NULL) { - XFREE(X); - } - if (Y != NULL) { - XFREE(Y); - } - if (Z != NULL) { - XFREE(Z); - } - return CRYPT_MEM; - } - - /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */ - ocb_shift_xor(ocb, X); - XMEMCPY(Z, X, ocb->block_len); - - X[ocb->block_len-1] ^= (ptlen*8)&255; - X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255; - for (x = 0; x < ocb->block_len; x++) { - X[x] ^= ocb->Lr[x]; - } - - /* Y[m] = E(X[m])) */ - if ((err = ecb_encrypt_block(X, Y, &ocb->key)) != CRYPT_OK) { - goto error; - } - - if (mode == 1) { - /* decrypt mode: xor C[m] into checksum. The function's parameter - * names are misleading (see header comment) -- in decrypt mode the - * input ciphertext lives in `pt` (not `ct`), and `ct` is the output - * plaintext buffer that has not been written yet. Reading from `ct` - * here only happens to work when the caller aliases the input and - * output buffers (in-place decryption); with separate buffers the - * checksum is computed against uninitialised memory and the tag - * verification fails. Use `pt` (the input parameter) so the code - * works for both in-place and separate-buffer callers. - */ - for (x = 0; x < (int)ptlen; x++) { - ocb->checksum[x] ^= pt[x]; - } - } - - /* C[m] = P[m] xor Y[m] */ - for (x = 0; x < (int)ptlen; x++) { - ct[x] = pt[x] ^ Y[x]; - } - - if (mode == 0) { - /* encrypt mode */ - /* xor C[m] into checksum */ - for (x = 0; x < (int)ptlen; x++) { - ocb->checksum[x] ^= ct[x]; - } - } - - /* xor Y[m] and Z[m] into checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= Y[x] ^ Z[x]; - } - - /* encrypt checksum, er... tag!! */ - if ((err = ecb_encrypt_block(ocb->checksum, X, &ocb->key)) != CRYPT_OK) { - goto error; - } - ecb_done(&ocb->key); - - /* now store it */ - for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) { - tag[x] = X[x]; - } - *taglen = x; - -#ifdef LTC_CLEAN_STACK - zeromem(X, MAXBLOCKSIZE); - zeromem(Y, MAXBLOCKSIZE); - zeromem(Z, MAXBLOCKSIZE); - zeromem(ocb, sizeof(*ocb)); -#endif -error: - XFREE(X); - XFREE(Y); - XFREE(Z); - - return err; -} - -#endif - diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index e6a9e8f2f..19d0c6aab 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -305,7 +305,6 @@ #define LTC_EAX_MODE -#define LTC_OCB_MODE #define LTC_OCB3_MODE #define LTC_CCM_MODE #define LTC_GCM_MODE @@ -753,7 +752,7 @@ #error LTC_ECB_MODE not defined, but all other modes depend on it #endif #if defined(LTC_OMAC) || defined(LTC_PMAC) || defined(LTC_XCBC) || defined(LTC_F9_MODE) || defined(LTC_EAX_MODE) || \ - defined(LTC_OCB_MODE) || defined(LTC_OCB3_MODE) || defined(LTC_CCM_MODE) || defined(LTC_GCM_MODE) ) + defined(LTC_OCB3_MODE) || defined(LTC_CCM_MODE) || defined(LTC_GCM_MODE) ) #error LTC_ECB_MODE not defined, but most MAC and AEAD modes depend on it #endif #endif diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h index 7716eee4e..44f4a3ecd 100644 --- a/src/headers/tomcrypt_mac.h +++ b/src/headers/tomcrypt_mac.h @@ -285,72 +285,6 @@ int eax_decrypt_verify_memory(int cipher, int eax_test(void); #endif /* EAX MODE */ -#ifdef LTC_OCB_MODE -typedef struct { - unsigned char L[MAXBLOCKSIZE], /* L value */ - Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ - Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ - Lr[MAXBLOCKSIZE], /* L * x^-1 */ - R[MAXBLOCKSIZE], /* R value */ - checksum[MAXBLOCKSIZE]; /* current checksum */ - - symmetric_ECB key; /* scheduled key for cipher */ - unsigned long block_index; /* index # for current block */ - int block_len; /* length of block */ -} ocb_state; - -LTC_DEPRECATED(ocb3_init) -int ocb_init(ocb_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, const unsigned char *nonce); - -LTC_DEPRECATED(ocb3_encrypt) -int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct); -LTC_DEPRECATED(ocb3_decrypt) -int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt); - -LTC_DEPRECATED(ocb3_done) -int ocb_done_encrypt(ocb_state *ocb, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -LTC_DEPRECATED(ocb3_done) -int ocb_done_decrypt(ocb_state *ocb, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, int *stat); - -LTC_DEPRECATED(ocb3_encrypt_authenticate_memory) -int ocb_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -LTC_DEPRECATED(ocb3_decrypt_verify_memory) -int ocb_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat); - -LTC_DEPRECATED(ocb3_test) -int ocb_test(void); - -/* internal functions */ -LTC_DEPRECATED(nothing. API will be removed.) -void ocb_shift_xor(ocb_state *ocb, unsigned char *Z); -LTC_DEPRECATED(nothing. API will be removed.) -int ocb_ntz(unsigned long x); -LTC_DEPRECATED(nothing. API will be removed.) -int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode); - -#endif /* LTC_OCB_MODE */ - #ifdef LTC_OCB3_MODE typedef struct { unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */ diff --git a/src/misc/crypt/crypt_sizes.c b/src/misc/crypt/crypt_sizes.c index 26f2d13fc..47830aed1 100644 --- a/src/misc/crypt/crypt_sizes.c +++ b/src/misc/crypt/crypt_sizes.c @@ -206,9 +206,6 @@ static const crypt_size s_crypt_sizes[] = { #ifdef LTC_EAX_MODE SZ_STRINGIFY_T(eax_state), #endif -#ifdef LTC_OCB_MODE - SZ_STRINGIFY_T(ocb_state), -#endif #ifdef LTC_OCB3_MODE SZ_STRINGIFY_T(ocb3_state), #endif diff --git a/tests/mac_test.c b/tests/mac_test.c index 7a904b760..d1c0307c6 100644 --- a/tests/mac_test.c +++ b/tests/mac_test.c @@ -23,9 +23,6 @@ int mac_test(void) #ifdef LTC_EAX_MODE DO(eax_test()); #endif -#ifdef LTC_OCB_MODE - DO(ocb_test()); -#endif #ifdef LTC_OCB3_MODE DO(ocb3_test()); #endif From b6d4e6384ebd4ee5489679d53cfa6904a94dfdd3 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 15 Apr 2026 11:27:55 +0200 Subject: [PATCH 4/4] Update makefiles --- libtomcrypt_VS2008.vcproj | 48 --------------------------------------- makefile.mingw | 4 ---- makefile.msvc | 4 ---- makefile.unix | 4 ---- makefile_include.mk | 4 ---- sources.cmake | 11 --------- 6 files changed, 75 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index 88056e78e..666fc5a50 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -735,54 +735,6 @@ > - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/makefile.mingw b/makefile.mingw index 6cc7a2091..43f26cc30 100644 --- a/makefile.mingw +++ b/makefile.mingw @@ -56,10 +56,6 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ -src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \ src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \ src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \ diff --git a/makefile.msvc b/makefile.msvc index 67082f7ce..a95967734 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -49,10 +49,6 @@ src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_ad src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \ src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \ src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \ -src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \ -src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \ -src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \ -src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \ src/encauth/ocb3/ocb3_add_aad.obj src/encauth/ocb3/ocb3_decrypt.obj src/encauth/ocb3/ocb3_decrypt_last.obj \ src/encauth/ocb3/ocb3_decrypt_verify_memory.obj src/encauth/ocb3/ocb3_done.obj \ src/encauth/ocb3/ocb3_encrypt.obj src/encauth/ocb3/ocb3_encrypt_authenticate_memory.obj \ diff --git a/makefile.unix b/makefile.unix index c7c4caa18..b2d163ca5 100644 --- a/makefile.unix +++ b/makefile.unix @@ -70,10 +70,6 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ -src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \ src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \ src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \ diff --git a/makefile_include.mk b/makefile_include.mk index ef8014507..3389a5388 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -241,10 +241,6 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ -src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \ src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \ src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \ diff --git a/sources.cmake b/sources.cmake index 4953425de..72e7a1e47 100644 --- a/sources.cmake +++ b/sources.cmake @@ -62,17 +62,6 @@ src/encauth/gcm/gcm_mult_h.c src/encauth/gcm/gcm_process.c src/encauth/gcm/gcm_reset.c src/encauth/gcm/gcm_test.c -src/encauth/ocb/ocb_decrypt.c -src/encauth/ocb/ocb_decrypt_verify_memory.c -src/encauth/ocb/ocb_done_decrypt.c -src/encauth/ocb/ocb_done_encrypt.c -src/encauth/ocb/ocb_encrypt.c -src/encauth/ocb/ocb_encrypt_authenticate_memory.c -src/encauth/ocb/ocb_init.c -src/encauth/ocb/ocb_ntz.c -src/encauth/ocb/ocb_shift_xor.c -src/encauth/ocb/ocb_test.c -src/encauth/ocb/s_ocb_done.c src/encauth/ocb3/ocb3_add_aad.c src/encauth/ocb3/ocb3_decrypt.c src/encauth/ocb3/ocb3_decrypt_last.c