search

randombit / botan

Cryptography Toolkit
https://botan.randombit.net
BSD 2-Clause "Simplified" License
2.58k stars 568 forks source link

AES/OCB encrypting 16 byte buffer fails (botan 2.6, x86_64, ubuntu 18.10) #1753

Open jkivilin opened 5 years ago

jkivilin commented 5 years ago

Hello,

I'm get hit by assert failure at: https://github.com/randombit/botan/blob/2d9a5c1ffa61c2a30cb66518ef2de496467540ed/src/lib/modes/aead/ocb/ocb.cpp#L369

I think this check should be "sz % block_size() == 0" and not "sz % update_granularity() == 0" as it is now.

Issue seen when trying to run AES/OCB on my benchmarking tool, which uses buffer sizes that are multiple of 16 bytes: bench-slope-botan: Botan 2.6.0 (unreleased, revision unknown, distribution Ubuntu) Cipher: AES-128 | nanosecs/byte mebibytes/sec cycles/byte CBC enc | 1.47 ns/B 646.7 MiB/s - c/B CBC dec | 0.609 ns/B 1566.2 MiB/s - c/B CFB enc | 1.96 ns/B 487.4 MiB/s - c/B CFB dec | 2.38 ns/B 400.8 MiB/s - c/B OFB enc | 1.68 ns/B 566.1 MiB/s - c/B OFB dec | 1.55 ns/B 615.9 MiB/s - c/B CTR enc | 0.572 ns/B 1667.5 MiB/s - c/B CTR dec | 0.554 ns/B 1722.1 MiB/s - c/B XTS enc | 1.05 ns/B 907.5 MiB/s - c/B XTS dec | 0.926 ns/B 1030.3 MiB/s - c/B GCM enc | 0.648 ns/B 1472.7 MiB/s - c/B GCM dec | 0.648 ns/B 1472.6 MiB/s - c/B GCM auth | 0.180 ns/B 5287.3 MiB/s - c/B EAX enc | 2.01 ns/B 475.0 MiB/s - c/B EAX dec | 2.02 ns/B 471.2 MiB/s - c/B EAX auth | 1.68 ns/B 566.2 MiB/s - c/B OCB auth | 2.32 ns/B 411.8 MiB/s - c/B OCB enc | terminate called after throwing an instance of 'Botan::Exception' what(): False assertion 'Invalid OCB input size' (expression sz % update_granularity() == 0) in process @/build/botan-qhNgyG/botan-2.6.0/src/lib/modes/aead/ocb/ocb.cpp:364 Aborted (core dumped)

randombit commented 5 years ago

Thanks for the report, I think you are right. If so decryption is similarly affected. I'll look at this soon.

randombit commented 5 years ago

@jkivilin Unrelated but I thought your name was familiar, indeed last year I read your thesis on block cipher optimizations, a very useful work thank you.

jkivilin commented 5 years ago

I'm glad you found thesis useful.

About the benchmarking tool.. I've uploaded Botan version to https://github.com/jkivilin/bench-slopes in case you want to try it out. Repo has rudimentary autoconf support but if that fails, manually building slope.c and bench-slope-botan.cpp should be quite straightforward.