Documentation ¶
Overview ¶
Package ocb2 implements the version 2 of the OCB authenticated-encryption algorithm. OCB2 is specified in http://www.cs.ucdavis.edu/~rogaway/papers/draft-krovetz-ocb-00.txt.
Note that this implementation is limited to block ciphers with a block size of 128 bits.
It should also be noted that OCB's author, Phil Rogaway <rogaway@cs.ucdavis.edu>, holds several US patents on the algorithm. This should be considered before using this code in your own projects. See OCB's FAQ for more info: http://www.cs.ucdavis.edu/~rogaway/ocb/ocb-faq.htm#patent:phil
The Mumble Project has a license to use OCB mode in its BSD licensed code on a royalty free basis.
Index ¶
Constants ¶
const ( // BlockSize defines the block size that this particular implementation // of OCB2 is made to work on. BlockSize = 16 // TagSize specifies the length in bytes of a full OCB2 tag. // As per the specification, applications may truncate their // tags to a given length, but advocates that typical applications // should use a tag length of at least 8 bytes (64 bits). TagSize = BlockSize // NonceSize specifies the length in bytes of an OCB2 nonce. NonceSize = BlockSize )
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
Decrypt takes a ciphertext, a nonce, and a tag as its input and outputs a decrypted plaintext (if successful) and a boolean flag that determines whether the function successfully decrypted the given ciphertext.
Before using the decrpyted plaintext, the application should verify that the computed authentication tag matches the tag that was produced when encrypting the message (taking into consideration that OCB tags are allowed to be truncated to a length less than ocb.TagSize).
The block cipher used in function must work on a block size equal to ocb2.BlockSize. The tag slice used in this function must have a length equal to ocb2.TagSize. The nonce slice used in this function must have a length equal to ocb2.NonceSize. If any of the above are violated, Encrypt will panic.
func Encrypt ¶
Encrypt encrypts the plaintext src and outputs the corresponding ciphertext into dst. Besides outputting a ciphertext into dst, Encrypt also outputs an authentication tag of ocb2.TagSize bytes into tag, which should be used to verify the authenticity of the message on the receiving side.
To ensure both authenticity and secrecy of messages, each invocation to this function must be given an unique nonce of ocb2.NonceSize bytes. The nonce need not be secret (it can be a counter), but it needs to be unique.
The block cipher used in function must work on a block size equal to ocb2.BlockSize. The tag slice used in this function must have a length equal to ocb2.TagSize. The nonce slice used in this function must have a length equal to ocb2.NonceSize. If any of the above are violated, Encrypt will panic.
Types ¶
This section is empty.