ocb3: import from offset-codebook-mode crate#587
ocb3: import from offset-codebook-mode crate#587tarcieri merged 15 commits intoRustCrypto:masterfrom
offset-codebook-mode crate#587Conversation
|
@dignifiedquire can you bump MSRV to 1.60? |
|
Thanks for working on this @dignifiedquire ! OCB is "mandatory to implement" in the new iteration of OpenPGP so this will definitely come in handy! |
just for the ocb crate for all crates? |
|
Just for ocb3 for now to get the tests passing |
|
ocb3 CI checks are now all passing |
|
now fully green :) |
| /// Doubles a block, in GF(2^128). | ||
| /// | ||
| /// Adapted from https://github.com/RustCrypto/universal-hashes/blob/9b0ac5d1/polyval/src/mulx.rs#L5-L18 | ||
| #[inline] | ||
| pub(crate) fn double(block: &Block) -> Block { | ||
| let mut v = u128::from_be_bytes((*block).into()); | ||
| let v_hi = v >> 127; | ||
|
|
||
| // If v_hi = 0, return (v << 1) | ||
| // If v_hi = 1, return (v << 1) xor (0b0...010000111) | ||
| v <<= 1; | ||
| v ^= v_hi ^ (v_hi << 1) ^ (v_hi << 2) ^ (v_hi << 7); | ||
| v.to_be_bytes().into() | ||
| } |
There was a problem hiding this comment.
I believe this polynomial is impl'd in the dbl crate, although I don't think we need to block a merge on that.
The reason polyval can't use that is because it's the reversed polynomial and little endian, whereas dbl is the big endian version.
| pub struct AesOcb3<Aes, NonceSize = U12, TagSize = U16> | ||
| where | ||
| NonceSize: self::NonceSize, | ||
| TagSize: self::TagSize, | ||
| { | ||
| cipher: Aes, |
There was a problem hiding this comment.
This should probably just be Ocb3 declared generic around a cipher C. I can fix that up after a merge.
There was a problem hiding this comment.
Also note AesOcb3 can be achieved as a type alias so this all works out-of-the-box still.
tarcieri
changed the title
offset-codebook-mode crate
4 participants
I have applied the outstanding issues from #550 in here, hoping to get this merged and published.