Skip to content

Commit

Permalink
feat(ocb3): implement flexible nonce size (#589)
Browse files Browse the repository at this point in the history
  • Loading branch information
dignifiedquire authored Mar 25, 2024
1 parent 1a4e1e8 commit c0e9ae4
Showing 1 changed file with 13 additions and 20 deletions.
33 changes: 13 additions & 20 deletions ocb3/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -379,8 +379,6 @@ where

/// Computes nonce-dependent variables as defined
/// in https://www.rfc-editor.org/rfc/rfc7253.html#section-4.2
///
/// Assumes a 96-bit nonce and 128-bit tag.
fn nonce_dependent_variables<
Cipher: BlockSizeUser<BlockSize = U16> + BlockEncrypt,
NonceSize: ArrayLength<u8> + IsLessOrEqual<U15>,
Expand All @@ -389,21 +387,18 @@ fn nonce_dependent_variables<
nn: &Nonce<NonceSize>,
tag_len: u32,
) -> (usize, [u8; 24]) {
let mut nonce = [0u8; 16];
nonce[4..16].copy_from_slice(nn.as_slice());
let mut nonce = u128::from_be_bytes(nonce);
// Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N
nonce |= 1 << 96;
match tag_len {
16 => {}
x if x < 16 => {
nonce |= (u128::from(tag_len) * 8) << (128 - 7);
}
_ => unreachable!(),
}
let mut nonce = [0u8; 16];
nonce[0] = (((tag_len * 8) % 128) << 1) as u8;

let start = 16 - NonceSize::to_usize();
nonce[start..16].copy_from_slice(nn.as_slice());
nonce[16 - NonceSize::to_usize() - 1] |= 1;

// Separate the last 6 bits into `bottom`, and the rest into `top`.
let bottom = usize::try_from(nonce & 0b111111).unwrap();
let bottom = nonce[15] & 0b111111;

let nonce = u128::from_be_bytes(nonce);
let top = nonce & !0b111111;

let mut ktop = Block::from(top.to_be_bytes());
Expand All @@ -418,13 +413,11 @@ fn nonce_dependent_variables<
}
stretch[16..].copy_from_slice(&ktop[..8]);

(bottom, stretch)
(bottom as usize, stretch)
}

/// Computes the initial offset as defined
/// in https://www.rfc-editor.org/rfc/rfc7253.html#section-4.2
///
/// Assumes a 96-bit nonce and 128-bit tag.
fn initial_offset<
Cipher: BlockSizeUser<BlockSize = U16> + BlockEncrypt,
NonceSize: ArrayLength<u8> + IsLessOrEqual<U15>,
Expand Down Expand Up @@ -553,8 +546,8 @@ mod tests {
let (bottom, stretch) = nonce_dependent_variables(&cipher, &Nonce::from(nonce), TAGLEN);
let offset_0 = initial_offset(&cipher, &Nonce::from(nonce), TAGLEN);

assert_eq!(bottom, expected_bottom);
assert_eq!(stretch, expected_stretch);
assert_eq!(offset_0, expected_offset_0);
assert_eq!(bottom, expected_bottom, "bottom");
assert_eq!(stretch, expected_stretch, "stretch");
assert_eq!(offset_0, expected_offset_0, "offset");
}
}

0 comments on commit c0e9ae4

Please sign in to comment.