From 332890e105b43abd143d6e0a7e3225f35d54199a Mon Sep 17 00:00:00 2001
From: Hannes Mehnert <hannes@mehnert.org>
Date: Tue, 18 Jun 2024 14:51:15 +0200
Subject: [PATCH] ccm: remove maclen argument, and ensure tag_size = block_size

---
 src/ccm.ml          | 25 +++++++++++--------------
 src/cipher_block.ml | 12 ++++++------
 2 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/src/ccm.ml b/src/ccm.ml
index 23c30cf7..a0e02ec6 100644
--- a/src/ccm.ml
+++ b/src/ccm.ml
@@ -74,8 +74,8 @@ let prepare_header nonce adata plen tlen =
 
 type mode = Encrypt | Decrypt
 
-let crypto_core_into ~cipher ~mode ~key ~nonce ~maclen ~adata src ~src_off dst ~dst_off len =
-  let cbcheader = prepare_header nonce adata len maclen in
+let crypto_core_into ~cipher ~mode ~key ~nonce ~adata src ~src_off dst ~dst_off len =
+  let cbcheader = prepare_header nonce adata len block_size in
 
   let small_q = 15 - String.length nonce in
   let ctr_flag_val = flags 0 0 (small_q - 1) in
@@ -127,15 +127,12 @@ let crypto_core_into ~cipher ~mode ~key ~nonce ~maclen ~adata src ~src_off dst ~
       loop iv (succ ctr) src (src_off + block_size) dst (dst_off + block_size) (len - block_size)
     end
   in
-  let last = loop cbcprep 1 src src_off dst dst_off len in
-  (* assert (maclen = Bytes.length last); *)
-  (* assert (block_size = maclen); *)
-  last
+  loop cbcprep 1 src src_off dst dst_off len
 
-let crypto_core ~cipher ~mode ~key ~nonce ~maclen ~adata data =
+let crypto_core ~cipher ~mode ~key ~nonce ~adata data =
   let datalen = String.length data in
   let dst = Bytes.create datalen in
-  let t = crypto_core_into ~cipher ~mode ~key ~nonce ~maclen ~adata data ~src_off:0 dst ~dst_off:0 datalen in
+  let t = crypto_core_into ~cipher ~mode ~key ~nonce ~adata data ~src_off:0 dst ~dst_off:0 datalen in
   dst, t
 
 let crypto_t t nonce cipher key =
@@ -143,13 +140,13 @@ let crypto_t t nonce cipher key =
   cipher ~key (Bytes.unsafe_to_string ctr) ~src_off:0 ctr ~dst_off:0 ;
   unsafe_xor_into (Bytes.unsafe_to_string ctr) ~src_off:0 t ~dst_off:0 (Bytes.length t)
 
-let unsafe_generation_encryption_into ~cipher ~key ~nonce ~maclen ~adata src ~src_off dst ~dst_off ~tag_off len =
-  let t = crypto_core_into ~cipher ~mode:Encrypt ~key ~nonce ~maclen ~adata src ~src_off dst ~dst_off len in
+let unsafe_generation_encryption_into ~cipher ~key ~nonce ~adata src ~src_off dst ~dst_off ~tag_off len =
+  let t = crypto_core_into ~cipher ~mode:Encrypt ~key ~nonce ~adata src ~src_off dst ~dst_off len in
   crypto_t t nonce cipher key ;
-  Bytes.unsafe_blit t 0 dst tag_off maclen
+  Bytes.unsafe_blit t 0 dst tag_off block_size
 
-let unsafe_decryption_verification_into ~cipher ~key ~nonce ~maclen ~adata src ~src_off ~tag_off dst ~dst_off len =
-  let tag = String.sub src tag_off maclen in
-  let t = crypto_core_into ~cipher ~mode:Decrypt ~key ~nonce ~maclen ~adata src ~src_off dst ~dst_off len in
+let unsafe_decryption_verification_into ~cipher ~key ~nonce ~adata src ~src_off ~tag_off dst ~dst_off len =
+  let tag = String.sub src tag_off block_size in
+  let t = crypto_core_into ~cipher ~mode:Decrypt ~key ~nonce ~adata src ~src_off dst ~dst_off len in
   crypto_t t nonce cipher key ;
   Eqaf.equal tag (Bytes.unsafe_to_string t)
diff --git a/src/cipher_block.ml b/src/cipher_block.ml
index 249d1ee1..5ac862c5 100644
--- a/src/cipher_block.ml
+++ b/src/cipher_block.ml
@@ -363,7 +363,7 @@ module Modes = struct
 
   module GCM_of (C : Block.Core) : Block.GCM = struct
 
-    let _ = assert (C.block = 16)
+    assert (C.block = 16)
     module CTR = CTR_of (C) (Counters.C128be32)
 
     type key = { key : C.ekey ; hkey : GHASH.key }
@@ -455,9 +455,9 @@ module Modes = struct
 
   module CCM16_of (C : Block.Core) : Block.CCM16 = struct
 
-    let _ = assert (C.block = 16)
+    assert (C.block = 16)
 
-    let tag_size = 16
+    let tag_size = C.block
 
     type key = C.ekey
 
@@ -469,8 +469,8 @@ module Modes = struct
       C.encrypt ~key ~blocks:1 src src_off dst dst_off
 
     let unsafe_authenticate_encrypt_into ~key ~nonce ?(adata = "") src ~src_off dst ~dst_off ~tag_off len =
-      Ccm.unsafe_generation_encryption_into ~cipher ~key ~nonce ~maclen:tag_size
-        ~adata src ~src_off dst ~dst_off ~tag_off len
+      Ccm.unsafe_generation_encryption_into ~cipher ~key ~nonce ~adata
+        src ~src_off dst ~dst_off ~tag_off len
 
     let valid_nonce nonce =
       let nsize = String.length nonce in
@@ -496,7 +496,7 @@ module Modes = struct
       String.sub res 0 (String.length cs), String.sub res (String.length cs) tag_size
 
     let unsafe_authenticate_decrypt_into ~key ~nonce ?(adata = "") src ~src_off ~tag_off dst ~dst_off len =
-      Ccm.unsafe_decryption_verification_into ~cipher ~key ~nonce ~maclen:tag_size ~adata src ~src_off ~tag_off dst ~dst_off len
+      Ccm.unsafe_decryption_verification_into ~cipher ~key ~nonce ~adata src ~src_off ~tag_off dst ~dst_off len
 
     let authenticate_decrypt_into ~key ~nonce ?adata src ~src_off ~tag_off dst ~dst_off len =
       check_offset ~tag:"CCM" ~buf:"src" ~off:src_off ~len (String.length src);