diff options
author | Werner Koch <wk@gnupg.org> | 2015-01-16 14:55:03 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2015-01-16 14:55:03 +0100 |
commit | 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c (patch) | |
tree | 1eab7affe5d24e919a22a5d4a29c8303342cf8db /doc | |
parent | 9d2a22c94ae99f9301321082c4fb8d73f4085fda (diff) | |
download | libgcrypt-067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c.tar.gz |
Add OCB cipher mode
* cipher/cipher-ocb.c: New.
* cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c
* cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New.
(gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb.
* cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode.
(_gcry_cipher_open_internal): Setup default taglen of OCB.
(cipher_reset): Clear OCB specific data.
(cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
(_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions.
(_gcry_cipher_setiv): Add OCB specific nonce setting.
(_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN
* src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New.
(gcry_cipher_final): New.
* cipher/bufhelp.h (buf_xor_1): New.
* tests/basic.c (hex2buffer): New.
(check_ocb_cipher): New.
(main): Call it here. Add option --cipher-modes.
* tests/bench-slope.c (bench_aead_encrypt_do_bench): Call
gcry_cipher_final.
(bench_aead_decrypt_do_bench): Ditto.
(bench_aead_authenticate_do_bench): Ditto. Check error code.
(bench_ocb_encrypt_do_bench): New.
(bench_ocb_decrypt_do_bench): New.
(bench_ocb_authenticate_do_bench): New.
(ocb_encrypt_ops): New.
(ocb_decrypt_ops): New.
(ocb_authenticate_ops): New.
(cipher_modes): Add them.
(cipher_bench_one): Skip wrong block length for OCB.
* tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add
OCB support.
--
See the comments on top of cipher/cipher-ocb.c for the patent status
of the OCB mode.
The implementation has not yet been optimized and as such is not faster
that the other AEAD modes. A first candidate for optimization is the
double_block function. Large improvements can be expected by writing
an AES ECB function to work on multiple blocks.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/gcrypt.texi | 39 |
1 files changed, 31 insertions, 8 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 7337db95..8683ca88 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1650,7 +1650,14 @@ mode, which can be used with ChaCha20 and Salsa20 stream ciphers. @item GCRY_CIPHER_MODE_OCB @cindex OCB, OCB3 OCB is an Authenticated Encryption with Associated Data (AEAD) block -cipher mode, which is specified in RFC-7253. +cipher mode, which is specified in RFC-7253. Supported tag lengths +are 128, 96, and 64 bit with the default being 128 bit. To switch to +a different tag length @code{gcry_cipher_ctl} using the command +@code{GCRYCTL_SET_TAGLEN} and the address of an @code{int} variable +set to 12 (for 96 bit) or 8 (for 64 bit) provided for the +@code{buffer} argument and @code{sizeof(int)} for @code{buflen}. + +Note that the use of @code{gcry_cipher_final} is required. @end table @@ -1750,12 +1757,9 @@ vector is passed as the buffer @var{K} of length @var{l} bytes and copied to internal data structures. The function checks that the IV matches the requirement of the selected algorithm and mode. -This function is also used with Salsa20 and ChaCha20 stream ciphers -to set or update the required nonce. In this case it needs to be -called after setting the key. - -This function is also used with the AEAD cipher modes to set or -update the required nonce. +This function is also used by AEAD modes and with Salsa20 and ChaCha20 +stream ciphers to set or update the required nonce. In these cases it +needs to be called after setting the key. @end deftypefun @@ -1827,6 +1831,9 @@ is sufficient space. Note that overlapping buffers are not allowed. Depending on the selected algorithms and encryption mode, the length of the buffers must be a multiple of the block size. +Some encryption modes require that @code{gcry_cipher_final} is used +before the final data chunk is passed to this function. + The function returns @code{0} on success or an error code. @end deftypefun @@ -1847,11 +1854,27 @@ is sufficient space. Note that overlapping buffers are not allowed. Depending on the selected algorithms and encryption mode, the length of the buffers must be a multiple of the block size. +Some encryption modes require that @code{gcry_cipher_final} is used +before the final data chunk is passed to this function. + The function returns @code{0} on success or an error code. @end deftypefun -OpenPGP (as defined in RFC-2440) requires a special sync operation in +The OCB mode features integrated padding and must thus be told about +the end of the input data. This is done with: + +@deftypefun gcry_error_t gcry_cipher_final (gcry_cipher_hd_t @var{h}) + +Set a flag in the context to tell the encrypt and decrypt functions +that their next call will provide the last chunk of data. Only the +first call to this function has an effect and only for modes which +support it. Checking the error in in general not necessary. This is +implemented as a macro. +@end deftypefun + + +OpenPGP (as defined in RFC-4880) requires a special sync operation in some places. The following function is used for this: @deftypefun gcry_error_t gcry_cipher_sync (gcry_cipher_hd_t @var{h}) |