Fix ocb loop for processing larger messages.

author Niels Möller <nisse@lysator.liu.se>

Fri, 19 May 2023 19:37:57 +0000 (21:37 +0200)

committer Niels Möller <nisse@lysator.liu.se>

Fri, 19 May 2023 19:37:57 +0000 (21:37 +0200)
author Niels Möller <nisse@lysator.liu.se>
Fri, 19 May 2023 19:37:57 +0000 (21:37 +0200)
committer Niels Möller <nisse@lysator.liu.se>
Fri, 19 May 2023 19:37:57 +0000 (21:37 +0200)
diff --git a/ChangeLog b/ChangeLog

index 6312ac00761fb85d6de1362726e529a08b45cb1a..ef55b347b562fc188671ed32ae5e18c1d298af1b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2023-05-19  Niels Möller  <nisse@lysator.liu.se>
+
+       From Jussi Kivilinna:
+       * ocb.c (ocb_crypt_n): Fix broken loop logic.
+       * testsuite/ocb-test.c (test_main): Add test vector from libgcrypt,
+       with larger message, to exercise above loop.
+
  2023-05-16  Niels Möller  <nisse@lysator.liu.se>
  
         * x86_64/ghash-update.asm: Use separate unaligned load
diff --git a/ocb.c b/ocb.c

index 9de90af7a7daa3728df88faddad8afe20d664e94..22ddf915b1ffd4e87ce74445f333fd9d85eb1287 100644 (file)
--- a/ocb.c
+++ b/ocb.c
@@ -230,14 +230,14 @@ ocb_crypt_n (struct ocb_ctx *ctx, const struct ocb_key *key,
         : OCB_MAX_BLOCKS - 1 + (ctx->message_count & 1);
  
        ocb_fill_n (key, &ctx->offset, ctx->message_count, blocks, o);
-      ctx->message_count += n;
+      ctx->message_count += blocks;
  
        size = blocks * OCB_BLOCK_SIZE;
        memxor3 (block[0].b, o[0].b, src, size);
        f (cipher, size, block[0].b, block[0].b);
        memxor3 (dst, block[0].b, o[0].b, size);
  
-      n -= blocks; src += size; dst -= size;
+      n -= blocks; src += size; dst += size;
      }
  }
  
diff --git a/testsuite/ocb-test.c b/testsuite/ocb-test.c

index 3892dddaad9e8ae0b577bc9b813e7c735fbdc7f6..37d0d7acba21d78fabb3f8e341e46b8c37018755 100644 (file)
--- a/testsuite/ocb-test.c
+++ b/testsuite/ocb-test.c
@@ -297,4 +297,109 @@ test_main(void)
             SHEX("0001020304050607"), /* auth data */
             SHEX("0001020304050607"), /* plaintext */
             SHEX("6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009")); /* ciphertext */
+
+  /* Test-vector from libgcrypt:tests/basic.c: */
+  test_aead(&nettle_ocb_aes128, (nettle_hash_update_func *) set_nonce_tag96,
+          SHEX("0F0E0D0C0B0A09080706050403020100"), /* key */
+          SHEX("000102030405060708090A0B0C0D0E0F1011121314151617"
+               "18191A1B1C1D1E1F2021222324252627"), /* auth data */
+          /* test vector for checksumming */
+          SHEX("01000000000000000000000000000000"
+               "02000000000000000000000000000000"
+               "04000000000000000000000000000000"
+               "08000000000000000000000000000000"
+               "10000000000000000000000000000000"
+               "20000000000000000000000000000000"
+               "40000000000000000000000000000000"
+               "80000000000000000000000000000000"
+               "00010000000000000000000000000000"
+               "00020000000000000000000000000000"
+               "00040000000000000000000000000000"
+               "00080000000000000000000000000000"
+               "00100000000000000000000000000000"
+               "00200000000000000000000000000000"
+               "00400000000000000000000000000000"
+               "00800000000000000000000000000000"
+               "00000100000000000000000000000000"
+               "00000200000000000000000000000000"
+               "00000400000000000000000000000000"
+               "00000800000000000000000000000000"
+               "00001000000000000000000000000000"
+               "00002000000000000000000000000000"
+               "00004000000000000000000000000000"
+               "00008000000000000000000000000000"
+               "00000001000000000000000000000000"
+               "00000002000000000000000000000000"
+               "00000004000000000000000000000000"
+               "00000008000000000000000000000000"
+               "00000010000000000000000000000000"
+               "00000020000000000000000000000000"
+               "00000040000000000000000000000000"
+               "00000080000000000000000000000000"
+               "00000000010000000000000000000000"
+               "00000000020000000000000000000000"
+               "00000000040000000000000000000000"
+               "00000000080000000000000000000000"
+               "00000000100000000000000000000000"
+               "00000000200000000000000000000000"
+               "00000000400000000000000000000000"
+               "00000000800000000000000000000000"
+               "00000000000100000000000000000000"
+               "00000000000200000000000000000000"
+               "00000000000400000000000000000000"
+               "00000000000800000000000000000000"
+               "00000000001000000000000000000000"
+               "00000000002000000000000000000000"
+               "00000000004000000000000000000000"
+               "00000000008000000000000000000000"), /* plaintext */
+          SHEX("01105c6e36f6ac480f022c51e31ed702"
+               "90fda4b7b783194d4b4be8e4e1e2dff4"
+               "6a0804d1c5f9f808ea7933e31c063233"
+               "2bf65a22b20bb13cde3b80b3682ba965"
+               "b1207c58916f7856fa9968b410e50dee"
+               "98b35c071163d1b352b9bbccd09fde29"
+               "b850f40e71a8ae7d2e2d577f5ee39c46"
+               "7fa28130b50a123c29958e4665dda9a5"
+               "e0793997f8f19633a96392141d6e0e88"
+               "77850ed4364065d1d2f8746e2f1d5fd1"
+               "996cdde03215306503a30e41f58ef3c4"
+               "400365cfea4fa6381157c12a46598edf"
+               "18604854462ec66e3d3cf26d4723cb6a"
+               "9d801095048086a606fdb9192760889b"
+               "a8ce2e70e1b55a469137a9e2e6734565"
+               "283cb1e2c74f37e0854d03e33f8ba499"
+               "ef5d9af4edfce077c6280338f0a64286"
+               "2e6bc27ebd5a4c91b3778e22631251c8"
+               "c5bb75a10945597a9d6c274fc82d3338"
+               "b403a0a549d1375f26e71ef22bce0941"
+               "93ea87e2ed72fce0546148c351eec3be"
+               "867bb1b96070c377fff3c98e21562beb"
+               "475cfe28abcaaedf49981f6599b15140"
+               "ea6130d24407079f18ba9d4a8960b082"
+               "b39c57320e2e064f02fde88c23112146"
+               "1cac3655868aef584714826ee4f361fb"
+               "e6d692e1589cbb9dd3c74fa628df2a1f"
+               "3b0029b1d62b7e9978013ed3c793c1dd"
+               "1f184c8f7022a853cac40b74ac749aa3"
+               "f33f0d14732dfda0f2c3c20591bf1f5a"
+               "710ec0d0bca342baa5146068a78ff58c"
+               "66316312b7a98af35a0f4e92799b4047"
+               "f047ae61f25c28d232ce5c168cc745d6"
+               "6da13cb0f9e38a696635dba7a21571cf"
+               "cd64ec8cc33db7879f59a90d9edd00f6"
+               "a899e39ab36b9269a3ac04ebad9326bf"
+               "53cd9b400168a61714cd628a4056d236"
+               "bd8622c76daa54cb65f5db2fe03bafbe"
+               "0b23549ae31136f607293e8093a21934"
+               "74fd5e9c2451b4c8e0499e6ad34fafc8"
+               "ab77722a282f7f84b14ddebf7e696300"
+               "c1ef92d4a0263c6cca104530f996e272"
+               "f58992ff68d642b071a5848dc4acf2ae"
+               "28fb1f27ae0f297d5136a7a0a4a03e89"
+               "b588755b8217a1c62773790e69261269"
+               "19f45daf7b3ccf18e3fc590a9a0e172f"
+               "033ac4d13c3decc4c62d7de718ace802"
+               "140452dc850989f6762e3578bbb04be3"), /* ciphertext */
+          SHEX("BBAA9988776655443322110D"), /* nonce */
+          SHEX("1a237c599c4649f4e586b2de")); /* tag */
  }
author	Niels Möller <nisse@lysator.liu.se>
	Fri, 19 May 2023 19:37:57 +0000 (21:37 +0200)
committer	Niels Möller <nisse@lysator.liu.se>
	Fri, 19 May 2023 19:37:57 +0000 (21:37 +0200)
ChangeLog		patch \| blob \| blame \| history
ocb.c		patch \| blob \| blame \| history
testsuite/ocb-test.c		patch \| blob \| blame \| history