From b2448c593a93524c26925d384def7edc6715c623 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 1 Aug 2017 14:44:37 +0200 Subject: [PATCH] ocb3: properly handle empty AAD * allow passing "no additional data" to ocb3_decrypt_verify_memory() and ocb3_encrypt_authenticate_memory() * ensure that the caller didn't want to add AAD --- src/encauth/ocb3/ocb3_add_aad.c | 5 +++-- src/encauth/ocb3/ocb3_decrypt_verify_memory.c | 6 ++++-- src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c | 6 ++++-- src/encauth/ocb3/ocb3_test.c | 13 +++---------- 4 files changed, 14 insertions(+), 16 deletions(-) diff --git a/src/encauth/ocb3/ocb3_add_aad.c b/src/encauth/ocb3/ocb3_add_aad.c index da5a162..755ec4c 100644 --- a/src/encauth/ocb3/ocb3_add_aad.c +++ b/src/encauth/ocb3/ocb3_add_aad.c @@ -29,9 +29,10 @@ int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen unsigned long datalen, l; LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(aad != NULL); + if (aad == NULL) LTC_ARGCHK(aadlen == 0); + if (aadlen == 0) LTC_ARGCHK(aad == NULL); - if (aadlen == 0) return CRYPT_OK; + if (aad == NULL || aadlen == 0) return CRYPT_OK; if (ocb->adata_buffer_bytes > 0) { l = ocb->block_len - ocb->adata_buffer_bytes; diff --git a/src/encauth/ocb3/ocb3_decrypt_verify_memory.c b/src/encauth/ocb3/ocb3_decrypt_verify_memory.c index 89a7742..da54ffa 100644 --- a/src/encauth/ocb3/ocb3_decrypt_verify_memory.c +++ b/src/encauth/ocb3/ocb3_decrypt_verify_memory.c @@ -73,8 +73,10 @@ int ocb3_decrypt_verify_memory(int cipher, goto LBL_ERR; } - if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) { - goto LBL_ERR; + if (adata != NULL || adatalen != 0) { + if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) { + goto LBL_ERR; + } } if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) { diff --git a/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c b/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c index 28db891..1f81a26 100644 --- a/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c +++ b/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c @@ -59,8 +59,10 @@ int ocb3_encrypt_authenticate_memory(int cipher, goto LBL_ERR; } - if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) { - goto LBL_ERR; + if (adata != NULL || adatalen != 0) { + if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) { + goto LBL_ERR; + } } if ((err = ocb3_encrypt_last(ocb, pt, ptlen, ct)) != CRYPT_OK) { diff --git a/src/encauth/ocb3/ocb3_test.c b/src/encauth/ocb3/ocb3_test.c index bcb5d67..a9bfb61 100644 --- a/src/encauth/ocb3/ocb3_test.c +++ b/src/encauth/ocb3/ocb3_test.c @@ -180,7 +180,7 @@ int ocb3_test(void) if ((err = ocb3_encrypt_authenticate_memory(idx, key, sizeof(key), nonce, sizeof(nonce), - tests[x].aad, tests[x].aadlen, + tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) { return err; @@ -194,9 +194,9 @@ int ocb3_test(void) if ((err = ocb3_decrypt_verify_memory(idx, key, sizeof(key), nonce, sizeof(nonce), - tests[x].aad, tests[x].aadlen, + tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen, outct, tests[x].ptlen, - outct, tests[x].tag, len, &res)) != CRYPT_OK) { + outct, tests[x].tag, len, &res)) != CRYPT_OK) { return err; } if ((res != 1) || compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB3", x)) { @@ -212,13 +212,6 @@ int ocb3_test(void) #endif /* LTC_OCB3_MODE */ -/* some comments - - -- it's hard to seek - -- hard to stream [you can't emit ciphertext until full block] - -- The setup is somewhat complicated... -*/ - /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */