Add tag_length to ocb_ctx, and drop length argument to ocb_digest.

diff --git a/ChangeLog b/ChangeLog
index e0c3a3c4611d7ab2868e8a56f5c815f179f8efca..2191cd77f9adf8868719f8b4ab5ee9a5b5d766de 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2026-01-14  Niels Möller  <nisse@lysator.liu.se>
 
+       * ocb.h (struct ocb_ctx): New field tag_length, storing the size
+       passed to ocb_set_nonce.
+       * ocb.c (ocb_set_nonce): Store tag length in context.
+       (ocb_digest): Delete length argument. Size of digest was stored in
+       the context by ocb_set_nonce. Updated all callers.
+       * ocb-aes128.c (ocb_aes128_digest): Deleted length argument.
+       * non-nettle.c (ocb_aes128_t96_digest): Deleted.
+
        * nettle.texinfo (CCM): Update CCM documentation.
 
        * ccm.h (CCM_MIN_DIGEST_SIZE): New constant.

diff --git a/non-nettle.c b/non-nettle.c
index 6ab1a098cf45e7577078b57d9198513327a995d9..2ca450f9ab5e9470f0c9e0149ee579608b27a818 100644 (file)
--- a/non-nettle.c
+++ b/non-nettle.c
@@ -292,7 +292,7 @@ ocb_aes128_decrypt_wrapper (struct ocb_aes128_ctx *ctx,
 static void
 ocb_aes128_digest_wrapper (struct ocb_aes128_ctx *ctx, uint8_t *digest)
 {
-  ocb_aes128_digest (&ctx->ocb, &ctx->key, OCB_DIGEST_SIZE, digest);
+  ocb_aes128_digest (&ctx->ocb, &ctx->key, digest);
 }
 
 const struct nettle_aead
@@ -317,12 +317,6 @@ ocb_aes128_t96_set_nonce (struct ocb_aes128_ctx *ctx, const uint8_t *nonce)
                        12, OCB_NONCE_SIZE, nonce);
 }
 
-static void
-ocb_aes128_t96_digest (struct ocb_aes128_ctx *ctx, uint8_t *digest)
-{
-  ocb_aes128_digest (&ctx->ocb, &ctx->key, 12, digest);
-}
-
 const struct nettle_aead
 nettle_ocb_aes128_t96 =
   { "ocb_aes128", sizeof(struct ocb_aes128_ctx),
@@ -334,5 +328,5 @@ nettle_ocb_aes128_t96 =
     (nettle_hash_update_func *) ocb_aes128_update_wrapper,
     (nettle_crypt_func *) ocb_aes128_encrypt_wrapper,
     (nettle_crypt_func *) ocb_aes128_decrypt_wrapper,
-    (nettle_hash_digest_func *) ocb_aes128_t96_digest,
+    (nettle_hash_digest_func *) ocb_aes128_digest_wrapper,
   };

diff --git a/ocb-aes128.c b/ocb-aes128.c
index c72ada2c842246b947afb44cbfd08a2128ce1b2e..b68db8dfdfcf712d04fcf29fa7c965e008193bfc 100644 (file)
--- a/ocb-aes128.c
+++ b/ocb-aes128.c
@@ -86,10 +86,9 @@ ocb_aes128_decrypt(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key
 
 void
 ocb_aes128_digest(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key,
-                 size_t length, uint8_t *digest)
+                 uint8_t *digest)
 {
-  ocb_digest (ctx, &key->ocb, &key->encrypt, (nettle_cipher_func *) aes128_encrypt,
-             length, digest);
+  ocb_digest (ctx, &key->ocb, &key->encrypt, (nettle_cipher_func *) aes128_encrypt, digest);
 }
 
 void

diff --git a/ocb.c b/ocb.c
index d0ec42a0178961fd635a65feeeff7f18aca16b30..aa201a3d65f2f498d67f29c1b919e2aedeae27ce 100644 (file)
--- a/ocb.c
+++ b/ocb.c
@@ -86,6 +86,8 @@ ocb_set_nonce (struct ocb_ctx *ctx,
   assert (tag_length > 0);
   assert (tag_length <= 16);
 
+  ctx->tag_length = tag_length;
+
   /* Bit size, or zero for tag_length == 16 */
   top.b[0] = (tag_length & 15) << 4;
   memset (top.b + 1, 0, 15 - nonce_length);
@@ -380,15 +382,15 @@ ocb_decrypt (struct ocb_ctx *ctx, const struct ocb_key *key,
 void
 ocb_digest (const struct ocb_ctx *ctx, const struct ocb_key *key,
            const void *cipher, nettle_cipher_func *f,
-           size_t length, uint8_t *digest)
+           uint8_t *digest)
 {
   union nettle_block16 block;
-  assert (length <= OCB_DIGEST_SIZE);
   block16_xor3 (&block,  &key->L[1],
                (ctx->message_count > 0) ? &ctx->offset : &ctx->initial);
   block16_xor (&block, &ctx->checksum);
   f (cipher, OCB_BLOCK_SIZE, block.b, block.b);
-  memxor3 (digest, block.b, ctx->sum.b, length);
+  assert (ctx->tag_length <= OCB_BLOCK_SIZE);
+  memxor3 (digest, block.b, ctx->sum.b, ctx->tag_length);
 }
 
 void
@@ -404,7 +406,7 @@ ocb_encrypt_message (const struct ocb_key *key,
   ocb_set_nonce (&ctx, cipher, f, tlength, nlength, nonce);
   ocb_update (&ctx, key, cipher, f, alength, adata);
   ocb_encrypt (&ctx, key, cipher, f,  clength - tlength, dst, src);
-  ocb_digest (&ctx, key, cipher, f, tlength, dst + clength - tlength);
+  ocb_digest (&ctx, key, cipher, f, dst + clength - tlength);
 }
 
 int
@@ -422,6 +424,6 @@ ocb_decrypt_message (const struct ocb_key *key,
   ocb_update (&ctx, key, encrypt_ctx, encrypt, alength, adata);
   ocb_decrypt (&ctx, key, encrypt_ctx, encrypt, decrypt_ctx, decrypt,
               mlength, dst, src);
-  ocb_digest (&ctx, key, encrypt_ctx, encrypt, tlength, digest.b);
+  ocb_digest (&ctx, key, encrypt_ctx, encrypt, digest.b);
   return memeql_sec(digest.b, src + mlength, tlength);
 }

diff --git a/ocb.h b/ocb.h
index 6586b4dce76afd36b68c67540a73073478bc1cd7..b925d50a424c2ceeb8bf35390bf1d10dd5b5df9f 100644 (file)
--- a/ocb.h
+++ b/ocb.h
@@ -78,6 +78,7 @@ struct ocb_ctx {
   union nettle_block16 sum;
   /* Authentication for the message */
   union nettle_block16 checksum;
+  unsigned short tag_length;
   /* Count of processed blocks. */
   uint32_t data_count;
   uint64_t message_count;
@@ -110,7 +111,7 @@ ocb_decrypt (struct ocb_ctx *ctx, const struct ocb_key *key,
 void
 ocb_digest (const struct ocb_ctx *ctx, const struct ocb_key *key,
            const void *cipher, nettle_cipher_func *f,
-           size_t length, uint8_t *digest);
+           uint8_t *digest);
 
 
 void
@@ -165,7 +166,7 @@ ocb_aes128_decrypt(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key
 
 void
 ocb_aes128_digest(struct ocb_ctx *ctx, const struct ocb_aes128_encrypt_key *key,
-                 size_t length, uint8_t *digest);
+                 uint8_t *digest);
 
 void
 ocb_aes128_encrypt_message (const struct ocb_aes128_encrypt_key *key,