diff --git a/pkg/cryptstate/ocb2/ocb2.go b/pkg/cryptstate/ocb2/ocb2.go index b47bbb5..ad1d9bd 100644 --- a/pkg/cryptstate/ocb2/ocb2.go +++ b/pkg/cryptstate/ocb2/ocb2.go @@ -5,6 +5,9 @@ import ( "crypto/cipher" ) +// TagSize specifies the length in bytes of an OCB2 tag. +const TagSize = aes.BlockSize + func zeros(block []byte) { for i := range block { block[i] = 0 @@ -33,7 +36,7 @@ func times3(block []byte) { block[aes.BlockSize-1] ^= ((block[aes.BlockSize-1] << 1) ^ (carry * 135)) } -func Encrypt(cipher cipher.Block, dst []byte, src []byte, nonce []byte, tag []byte) (err error) { +func Encrypt(cipher cipher.Block, dst []byte, src []byte, nonce []byte, tag []byte) { var delta [aes.BlockSize]byte var checksum [aes.BlockSize]byte var tmp [aes.BlockSize]byte @@ -77,11 +80,9 @@ func Encrypt(cipher cipher.Block, dst []byte, src []byte, nonce []byte, tag []by times3(delta[0:]) xor(tmp[0:], delta[0:], checksum[0:]) cipher.Encrypt(tag[0:], tmp[0:]) - - return } -func Decrypt(cipher cipher.Block, plain []byte, encrypted []byte, nonce []byte, tag []byte) (err error) { +func Decrypt(cipher cipher.Block, plain []byte, encrypted []byte, nonce []byte, tag []byte) { var checksum [aes.BlockSize]byte var delta [aes.BlockSize]byte var tmp [aes.BlockSize]byte @@ -124,6 +125,4 @@ func Decrypt(cipher cipher.Block, plain []byte, encrypted []byte, nonce []byte, times3(delta[0:]) xor(tmp[0:], delta[0:], checksum[0:]) cipher.Encrypt(tag[0:], tmp[0:]) - - return } \ No newline at end of file diff --git a/pkg/cryptstate/ocb2/ocb2_test.go b/pkg/cryptstate/ocb2/ocb2_test.go index 954fb2f..6862ec6 100644 --- a/pkg/cryptstate/ocb2/ocb2_test.go +++ b/pkg/cryptstate/ocb2/ocb2_test.go @@ -3,9 +3,104 @@ package ocb2 import ( "bytes" "crypto/aes" + "encoding/hex" "testing" ) +func MustDecodeHex(s string) []byte { + buf, err := hex.DecodeString(s) + if err != nil { + panic("MustDecodeHex: " + err.Error()) + } + return buf +} + +type ocbVector struct { + Name string + Key string + Nonce string + Header string + PlainText string + CipherText string + Tag string +} + +func (v ocbVector) KeyBytes() []byte { + return MustDecodeHex(v.Key) +} + +func (v ocbVector) NonceBytes() []byte { + return MustDecodeHex(v.Nonce) +} + +func (v ocbVector) PlainTextBytes() []byte { + return MustDecodeHex(v.PlainText) +} + +func (v ocbVector) CipherTextBytes() []byte { + return MustDecodeHex(v.CipherText) +} + +func (v ocbVector) TagBytes() []byte { + return MustDecodeHex(v.Tag) +} + +// ocb128Vectors are the test vectors for OCB-AES128 from +// http://www.cs.ucdavis.edu/~rogaway/papers/draft-krovetz-ocb-00.txt +// +// Note: currently, the vectors with headers are not included in this list +// as this implementation does not implement header authentication. +var ocb128Vectors = []ocbVector{ + { + Name: "OCB2-AES-128-001", + Key: "000102030405060708090A0B0C0D0E0F", + Nonce: "000102030405060708090A0B0C0D0E0F", + PlainText: "", + CipherText: "", + Tag: "BF3108130773AD5EC70EC69E7875A7B0", + }, + { + Name: "OCB2-AES-128-002", + Key: "000102030405060708090A0B0C0D0E0F", + Nonce: "000102030405060708090A0B0C0D0E0F", + PlainText: "0001020304050607", + CipherText: "C636B3A868F429BB", + Tag: "A45F5FDEA5C088D1D7C8BE37CABC8C5C", + }, + { + Name: "OCB2-AES-128-003", + Key: "000102030405060708090A0B0C0D0E0F", + Nonce: "000102030405060708090A0B0C0D0E0F", + PlainText: "000102030405060708090A0B0C0D0E0F", + CipherText: "52E48F5D19FE2D9869F0C4A4B3D2BE57", + Tag: "F7EE49AE7AA5B5E6645DB6B3966136F9", + }, + { + Name: "OCB2-AES-128-003", + Key: "000102030405060708090A0B0C0D0E0F", + Nonce: "000102030405060708090A0B0C0D0E0F", + PlainText: "000102030405060708090A0B0C0D0E0F1011121314151617", + CipherText: "F75D6BC8B4DC8D66B836A2B08B32A636CC579E145D323BEB", + Tag: "A1A50F822819D6E0A216784AC24AC84C", + }, + { + Name: "OCB2-AES-128-004", + Key: "000102030405060708090A0B0C0D0E0F", + Nonce: "000102030405060708090A0B0C0D0E0F", + PlainText: "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + CipherText: "F75D6BC8B4DC8D66B836A2B08B32A636CEC3C555037571709DA25E1BB0421A27", + Tag: "09CA6C73F0B5C6C5FD587122D75F2AA3", + }, + { + Name: "OCB2-AES-128-005", + Key: "000102030405060708090A0B0C0D0E0F", + Nonce: "000102030405060708090A0B0C0D0E0F", + PlainText: "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", + CipherText: "F75D6BC8B4DC8D66B836A2B08B32A6369F1CD3C5228D79FD6C267F5F6AA7B231C7DFB9D59951AE9C", + Tag: "9DB0CDF880F73E3E10D4EB3217766688", + }, +} + func TestTimes2(t *testing.T) { msg := [aes.BlockSize]byte{ 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, @@ -55,4 +150,52 @@ func TestXor(t *testing.T) { t.Fatalf("XOR broken") } } +} + +func TestEncryptOCBAES128Vectors(t *testing.T) { + for _, vector := range ocb128Vectors { + cipher, err := aes.NewCipher(vector.KeyBytes()) + if err != nil { + t.Fatalf("%v", err) + } + + plainText := vector.PlainTextBytes() + cipherText := make([]byte, len(plainText)) + tag := make([]byte, TagSize) + Encrypt(cipher, cipherText, plainText, vector.NonceBytes(), tag) + + expectedCipherText := vector.CipherTextBytes() + if !bytes.Equal(cipherText, expectedCipherText) { + t.Fatalf("expected CipherText %#v, got %#v", expectedCipherText, cipherText) + } + + expectedTag := vector.TagBytes() + if !bytes.Equal(tag, expectedTag) { + t.Fatalf("expected tag %#v, got %#v", expectedTag, tag) + } + } +} + +func TestDecryptOCBAES128Vectors(t *testing.T) { + for _, vector := range ocb128Vectors { + cipher, err := aes.NewCipher(vector.KeyBytes()) + if err != nil { + t.Fatalf("%v", err) + } + + cipherText := vector.CipherTextBytes() + plainText := make([]byte, len(cipherText)) + tag := make([]byte, TagSize) + Decrypt(cipher, plainText, cipherText, vector.NonceBytes(), tag) + + expectedPlainText := vector.PlainTextBytes() + if !bytes.Equal(plainText, expectedPlainText) { + t.Fatalf("expected PlainText %#v, got %#v", expectedPlainText, plainText) + } + + expectedTag := vector.TagBytes() + if !bytes.Equal(tag, expectedTag) { + t.Fatalf("expected tag %#v, got %#v", expectedTag, tag) + } + } } \ No newline at end of file