-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ocb3: import from offset-codebook-mode
crate
#587
Conversation
@dignifiedquire can you bump MSRV to 1.60? |
Thanks for working on this @dignifiedquire ! OCB is "mandatory to implement" in the new iteration of OpenPGP so this will definitely come in handy! |
just for the ocb crate for all crates? |
Just for ocb3 for now to get the tests passing |
ocb3 CI checks are now all passing |
now fully green :) |
/// Doubles a block, in GF(2^128). | ||
/// | ||
/// Adapted from https://github.com/RustCrypto/universal-hashes/blob/9b0ac5d1/polyval/src/mulx.rs#L5-L18 | ||
#[inline] | ||
pub(crate) fn double(block: &Block) -> Block { | ||
let mut v = u128::from_be_bytes((*block).into()); | ||
let v_hi = v >> 127; | ||
|
||
// If v_hi = 0, return (v << 1) | ||
// If v_hi = 1, return (v << 1) xor (0b0...010000111) | ||
v <<= 1; | ||
v ^= v_hi ^ (v_hi << 1) ^ (v_hi << 2) ^ (v_hi << 7); | ||
v.to_be_bytes().into() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this polynomial is impl'd in the dbl
crate, although I don't think we need to block a merge on that.
The reason polyval
can't use that is because it's the reversed polynomial and little endian, whereas dbl
is the big endian version.
pub struct AesOcb3<Aes, NonceSize = U12, TagSize = U16> | ||
where | ||
NonceSize: self::NonceSize, | ||
TagSize: self::TagSize, | ||
{ | ||
cipher: Aes, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably just be Ocb3
declared generic around a cipher C
. I can fix that up after a merge.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also note AesOcb3
can be achieved as a type alias so this all works out-of-the-box still.
offset-codebook-mode
crate
I have applied the outstanding issues from #550 in here, hoping to get this merged and published.