In fact, this change to the OCB draft has now been made. The BC
implementation and tests (Java and C#) have been modified to conform to
the new "draft-irtf-cfrg-ocb-03". The changes are also in the latest
Java beta release. As indicated below, this change has no effect on the
output when the TAGLEN is 128 bits and IV <= 15 bytes.
Regards,
Pete Dettman
On 10/06/2013 6:00 PM, Peter Dettman wrote:
For anyone interested in OCB:
As part of the 1.49 release, we included an implementation of the OCB
mode, based on the current draft spec "draft-irtf-cfrg-ocb-00". There
is also an implementation in the C# build, though as yet unreleased.
It has been brought to my attention that there is some discussion on
CFRG (see
http://www.ietf.org/mail-archive/web/cfrg/current/msg03450.html and
the containing thread) which may lead to a small change that would
affect backward-compatibility for some configurations.
My understanding is that if you use the mode with a full 128-bit
TAGLEN, and supply no more than 15 bytes of IV, then the change
suggested in the link above will not affect the output of the
algorithm. Users who wish to use the mode outside of those parameters
would be well-advised to follow the discussion at that thread, and
ensure they understand the implications of doing so.
Regards,
Pete Dettman
