From 867a4548b95705291a3afdd66d76e7f17ba2618f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Fri, 19 May 2023 21:37:57 +0200
Subject: [PATCH] Fix ocb loop for processing larger messages.
From Jussi Kivilinna:
* ocb.c (ocb_crypt_n): Fix broken loop logic.
* testsuite/ocb-test.c (test_main): Add test vector from libgcrypt,
with larger message, to exercise above loop.
---
ChangeLog | 7 +++
ocb.c | 4 +-
testsuite/ocb-test.c | 105 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 114 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 6312ac00..ef55b347 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2023-05-19 Niels Möller <nisse@lysator.liu.se>
+
+ From Jussi Kivilinna:
+ * ocb.c (ocb_crypt_n): Fix broken loop logic.
+ * testsuite/ocb-test.c (test_main): Add test vector from libgcrypt,
+ with larger message, to exercise above loop.
+
2023-05-16 Niels Möller <nisse@lysator.liu.se>
* x86_64/ghash-update.asm: Use separate unaligned load
diff --git a/ocb.c b/ocb.c
index 9de90af7..22ddf915 100644
--- a/ocb.c
+++ b/ocb.c
@@ -230,14 +230,14 @@ ocb_crypt_n (struct ocb_ctx *ctx, const struct ocb_key *key,
: OCB_MAX_BLOCKS - 1 + (ctx->message_count & 1);
ocb_fill_n (key, &ctx->offset, ctx->message_count, blocks, o);
- ctx->message_count += n;
+ ctx->message_count += blocks;
size = blocks * OCB_BLOCK_SIZE;
memxor3 (block[0].b, o[0].b, src, size);
f (cipher, size, block[0].b, block[0].b);
memxor3 (dst, block[0].b, o[0].b, size);
- n -= blocks; src += size; dst -= size;
+ n -= blocks; src += size; dst += size;
}
}
diff --git a/testsuite/ocb-test.c b/testsuite/ocb-test.c
index 3892ddda..37d0d7ac 100644
--- a/testsuite/ocb-test.c
+++ b/testsuite/ocb-test.c
@@ -297,4 +297,109 @@ test_main(void)
SHEX("0001020304050607"), /* auth data */
SHEX("0001020304050607"), /* plaintext */
SHEX("6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009")); /* ciphertext */
+
+ /* Test-vector from libgcrypt:tests/basic.c: */
+ test_aead(&nettle_ocb_aes128, (nettle_hash_update_func *) set_nonce_tag96,
+ SHEX("0F0E0D0C0B0A09080706050403020100"), /* key */
+ SHEX("000102030405060708090A0B0C0D0E0F1011121314151617"
+ "18191A1B1C1D1E1F2021222324252627"), /* auth data */
+ /* test vector for checksumming */
+ SHEX("01000000000000000000000000000000"
+ "02000000000000000000000000000000"
+ "04000000000000000000000000000000"
+ "08000000000000000000000000000000"
+ "10000000000000000000000000000000"
+ "20000000000000000000000000000000"
+ "40000000000000000000000000000000"
+ "80000000000000000000000000000000"
+ "00010000000000000000000000000000"
+ "00020000000000000000000000000000"
+ "00040000000000000000000000000000"
+ "00080000000000000000000000000000"
+ "00100000000000000000000000000000"
+ "00200000000000000000000000000000"
+ "00400000000000000000000000000000"
+ "00800000000000000000000000000000"
+ "00000100000000000000000000000000"
+ "00000200000000000000000000000000"
+ "00000400000000000000000000000000"
+ "00000800000000000000000000000000"
+ "00001000000000000000000000000000"
+ "00002000000000000000000000000000"
+ "00004000000000000000000000000000"
+ "00008000000000000000000000000000"
+ "00000001000000000000000000000000"
+ "00000002000000000000000000000000"
+ "00000004000000000000000000000000"
+ "00000008000000000000000000000000"
+ "00000010000000000000000000000000"
+ "00000020000000000000000000000000"
+ "00000040000000000000000000000000"
+ "00000080000000000000000000000000"
+ "00000000010000000000000000000000"
+ "00000000020000000000000000000000"
+ "00000000040000000000000000000000"
+ "00000000080000000000000000000000"
+ "00000000100000000000000000000000"
+ "00000000200000000000000000000000"
+ "00000000400000000000000000000000"
+ "00000000800000000000000000000000"
+ "00000000000100000000000000000000"
+ "00000000000200000000000000000000"
+ "00000000000400000000000000000000"
+ "00000000000800000000000000000000"
+ "00000000001000000000000000000000"
+ "00000000002000000000000000000000"
+ "00000000004000000000000000000000"
+ "00000000008000000000000000000000"), /* plaintext */
+ SHEX("01105c6e36f6ac480f022c51e31ed702"
+ "90fda4b7b783194d4b4be8e4e1e2dff4"
+ "6a0804d1c5f9f808ea7933e31c063233"
+ "2bf65a22b20bb13cde3b80b3682ba965"
+ "b1207c58916f7856fa9968b410e50dee"
+ "98b35c071163d1b352b9bbccd09fde29"
+ "b850f40e71a8ae7d2e2d577f5ee39c46"
+ "7fa28130b50a123c29958e4665dda9a5"
+ "e0793997f8f19633a96392141d6e0e88"
+ "77850ed4364065d1d2f8746e2f1d5fd1"
+ "996cdde03215306503a30e41f58ef3c4"
+ "400365cfea4fa6381157c12a46598edf"
+ "18604854462ec66e3d3cf26d4723cb6a"
+ "9d801095048086a606fdb9192760889b"
+ "a8ce2e70e1b55a469137a9e2e6734565"
+ "283cb1e2c74f37e0854d03e33f8ba499"
+ "ef5d9af4edfce077c6280338f0a64286"
+ "2e6bc27ebd5a4c91b3778e22631251c8"
+ "c5bb75a10945597a9d6c274fc82d3338"
+ "b403a0a549d1375f26e71ef22bce0941"
+ "93ea87e2ed72fce0546148c351eec3be"
+ "867bb1b96070c377fff3c98e21562beb"
+ "475cfe28abcaaedf49981f6599b15140"
+ "ea6130d24407079f18ba9d4a8960b082"
+ "b39c57320e2e064f02fde88c23112146"
+ "1cac3655868aef584714826ee4f361fb"
+ "e6d692e1589cbb9dd3c74fa628df2a1f"
+ "3b0029b1d62b7e9978013ed3c793c1dd"
+ "1f184c8f7022a853cac40b74ac749aa3"
+ "f33f0d14732dfda0f2c3c20591bf1f5a"
+ "710ec0d0bca342baa5146068a78ff58c"
+ "66316312b7a98af35a0f4e92799b4047"
+ "f047ae61f25c28d232ce5c168cc745d6"
+ "6da13cb0f9e38a696635dba7a21571cf"
+ "cd64ec8cc33db7879f59a90d9edd00f6"
+ "a899e39ab36b9269a3ac04ebad9326bf"
+ "53cd9b400168a61714cd628a4056d236"
+ "bd8622c76daa54cb65f5db2fe03bafbe"
+ "0b23549ae31136f607293e8093a21934"
+ "74fd5e9c2451b4c8e0499e6ad34fafc8"
+ "ab77722a282f7f84b14ddebf7e696300"
+ "c1ef92d4a0263c6cca104530f996e272"
+ "f58992ff68d642b071a5848dc4acf2ae"
+ "28fb1f27ae0f297d5136a7a0a4a03e89"
+ "b588755b8217a1c62773790e69261269"
+ "19f45daf7b3ccf18e3fc590a9a0e172f"
+ "033ac4d13c3decc4c62d7de718ace802"
+ "140452dc850989f6762e3578bbb04be3"), /* ciphertext */
+ SHEX("BBAA9988776655443322110D"), /* nonce */
+ SHEX("1a237c599c4649f4e586b2de")); /* tag */
}
--
GitLab