-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ocb and eax modes with aes #26
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pointing out aforementioned typo.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be nice, once we have EAX, OCB, and GCM, to be able to use all of them interchangeably, and also to do
var aeadInstance AEAD
if (...) {
aeadInstance = NewGCM(block)
} else {
aeadInstance = NewEAX(block)
}
aeadInstance.Seal(...)
So it might in fact be a good idea to implement the AEAD interface defined here: https://golang.org/src/crypto/cipher/gcm.go
The last check failed at EDIT: The following commit passed, so this is definitely an issue with EdDSA. EDIT: Fixed |
5ef8281
to
5f074ba
Compare
5f074ba
to
f94d6a5
Compare
OCB and EAX modes of operation as AEAD interfaces
Implemented OCB and EAX modes of operation from RFC7253 and BRW04, respectively. This pull request is a follow-up from 24, and it implements the AEAD interface (defined in gcm) for both modes.
Both packages include sets of randomly generated test vectors, which validated against OpenPGPjs.
OCB package
Supports any block cipher of block size 128 bits, and any tag and nonce sizes. Provided a new set of test vectors with AES-{128, 192, 256} and different tag and nonce lengths, in order to cover average cases (see comment below).
Optimized en/decryption speed when using incremental nonces
Storing a ciphertext accross en/decryptions allows to reduce the internal block cipher encryptions 63 out of 64 times, when using incremental nonces.
Tests
TestOCBImplementsAEADInterface
, see gcm.gorandom_vectors.go
Benchmarks
Plaintext length 2 ** 18 bytes, header length 16 bytes, crypto/rand generated
Seal
(encrypt and authenticate procedure of the AEAD interface)Open
(decrypt and validate procedure of the AEAD interface)EAX package
Tests
TestEAXImplementsAEADInterface
, see gcm.gorandom_vectors.go
Benchmarks
Plaintext length 2 ** 18 bytes, header length 16 bytes, crypto/rand generated
Seal
(encrypt and authenticate procedure of the AEAD interface)Open
(decrypt and validate procedure of the AEAD interface)Thanks to @twiss for help with debugging
Comment: The motivation for including a new set of test vectors for OCB comes from the fact that, in the test vectors provided by RFC7253, the
bottom
internal variable (which definesoffset
for the first time), does not exceed the value of15
. However, it can attain values up to 63, which are covered by these new vectors. This set of vectors includes key length in {128, 192, 256}, tag size 128 bits, and random nonce, header, and plaintext lengths.