Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ocb3: import from offset-codebook-mode crate #587

Merged
merged 15 commits into from
Mar 25, 2024

Conversation

dignifiedquire
Copy link
Member

I have applied the outstanding issues from #550 in here, hoping to get this merged and published.

@tarcieri
Copy link
Member

@dignifiedquire can you bump MSRV to 1.60?

@wiktor-k
Copy link

Thanks for working on this @dignifiedquire !

OCB is "mandatory to implement" in the new iteration of OpenPGP so this will definitely come in handy!

@dignifiedquire
Copy link
Member Author

@dignifiedquire can you bump MSRV to 1.60?

just for the ocb crate for all crates?

@tarcieri
Copy link
Member

Just for ocb3 for now to get the tests passing

@dignifiedquire
Copy link
Member Author

ocb3 CI checks are now all passing

Cargo.lock Outdated Show resolved Hide resolved
@dignifiedquire
Copy link
Member Author

now fully green :)

ocb3/Cargo.toml Outdated Show resolved Hide resolved
Comment on lines +17 to +30
/// Doubles a block, in GF(2^128).
///
/// Adapted from https://github.com/RustCrypto/universal-hashes/blob/9b0ac5d1/polyval/src/mulx.rs#L5-L18
#[inline]
pub(crate) fn double(block: &Block) -> Block {
let mut v = u128::from_be_bytes((*block).into());
let v_hi = v >> 127;

// If v_hi = 0, return (v << 1)
// If v_hi = 1, return (v << 1) xor (0b0...010000111)
v <<= 1;
v ^= v_hi ^ (v_hi << 1) ^ (v_hi << 2) ^ (v_hi << 7);
v.to_be_bytes().into()
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this polynomial is impl'd in the dbl crate, although I don't think we need to block a merge on that.

The reason polyval can't use that is because it's the reversed polynomial and little endian, whereas dbl is the big endian version.

Comment on lines +88 to +93
pub struct AesOcb3<Aes, NonceSize = U12, TagSize = U16>
where
NonceSize: self::NonceSize,
TagSize: self::TagSize,
{
cipher: Aes,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably just be Ocb3 declared generic around a cipher C. I can fix that up after a merge.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also note AesOcb3 can be achieved as a type alias so this all works out-of-the-box still.

@tarcieri tarcieri changed the title follow up: OCB3 crate ocb3: import from offset-codebook-mode crate Mar 25, 2024
@tarcieri tarcieri merged commit c2fe6b3 into RustCrypto:master Mar 25, 2024
91 checks passed
@dignifiedquire dignifiedquire deleted the dig-ocb3 branch March 25, 2024 20:05
@tarcieri tarcieri mentioned this pull request Mar 29, 2024
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants