aesccm

package module
v0.0.0-...-c5df73b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2016 License: MIT Imports: 8 Imported by: 0

README

AesCCM - An imlementation of CCM for signing AES encrypted messages

license

Note: this has been designed to work specifically with the Go-FTL AesSRP middleware. It should be a general purpose CCM implementation - but all of the testing has been

  1. On 64 bit architecture. No 32 bit tests have been run.
  2. With AES encryption. No other encryption has been tested.

Referneces

[https://tools.ietf.org/html/rfc3610][https://tools.ietf.org/html/rfc3610]

[https://en.wikipedia.org/wiki/CCM_mode][https://en.wikipedia.org/wiki/CCM_mode]

[http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CCM.pdf][http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CCM.pdf]

[http://csrc.nist.gov/groups/STM/cavp/documents/mac/ccmval.html][http://csrc.nist.gov/groups/STM/cavp/documents/mac/ccmval.html]

[https://www.cryptopp.com/wiki/CCM_Mode][https://www.cryptopp.com/wiki/CCM_Mode]

[https://github.com/weidai11/cryptopp/blob/master/ccm.cpp][https://github.com/weidai11/cryptopp/blob/master/ccm.cpp]

Also look in ./doc directory

License

MIT except for ./xor.go and ./xor_test.go that are from the GO source code. See LICENSE file.

Documentation

Overview

Implement CCM as per RFC 3610 - https://tools.ietf.org/html/rfc3610 Counter with CBC-MAC

From: http://www.codeproject.com/Articles/21877/Applied-Crypto-Block-Ciphers

"FIPS 81 specifies two MACs: CFB and CBC. CBC-MAC, which is based on DES, is a widely used algorithm to compute a message authentication code. CFB mode MACs are lesser known, and have some disadvantages compared to the CBC mode. CBC-MAC is now considered insecure for certain messages, such as those which vary in length. This has lead to the development of stronger MACs using 128 bit ciphers such as AES with a counter (RFC 3610). This is known as CCM, or Counter with CBC-MAC.'

From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ccm/ccm.pdf

Index

Constants

View Source
const CcmBlockSize = aes.BlockSize

ok - from spec

View Source
const CcmTagSize = 16

Variables

View Source
var ErrCiphertextTooLong = errors.New("AESCCM: ciphertext exceeds maximum length")
View Source
var ErrCiphertextTooShort = errors.New("AESCCM: ciphertext below minimum length")
View Source
var ErrInvalidBlockSize = errors.New("AESCCM: A 128-bit block cipher is mandatory")
View Source
var ErrInvalidNonceLength = errors.New("AESCCM: invalid nonce length")
View Source
var ErrNonceSize = errors.New("AESCCM: Invalid nonce size")
View Source
var ErrOpenError = errors.New("AESCCM: Message authentication failed")
View Source
var ErrPlaintextTooLong = errors.New("AESCCM: plaintext exceeds maximum length")
View Source
var ErrTagSize = errors.New("AESCCM: TagSize must be one standard tag size of 4, 6, 8, 10, 12, 14, or 16")

Functions

func CalculateNonceLengthFromMessageLength

func CalculateNonceLengthFromMessageLength(lenOfPlaintext int) int

Working with SJCL assumes that you have a 32 bit arcitecture and this limits the outputs from this.

func MaxNonceLength

func MaxNonceLength(pdatalen int) int

ok - MaxNonceLength returns the maximum nonce length for a given input plaintext. Negative return value is an error with too long a palaintext.

Taken Directly from SJCL code: See: https://github.com/bitwiseshiftleft/sjcl/blob/version-0.8/core/ccm.js This matches with the older "public domain" version of SJCL - current implemenation is a little fancier but works the same. // compute the length of the length

for (L=2; L<4 && ol >>> 8*L; L++) {}
if (L < 15 - ivl) { L = 15-ivl; }

Types

type CCM

type CCM interface {
	cipher.AEAD
	// MaxLength calculates the maximum length of plaintext that can be used in calls to Seal.
	// The maximum length of ciphertext in calls to Open is MaxLength()+'c.M'.
	// The maximum length is related to CCM's `L` parameter (15-noncesize) and
	// is 1<<(8*L) - 1 (but also limited by the maximum size of an int).
	MaxLength() int
}

ok - from spec Definition: CCM is a block cipher in Counter with CBC-MAC mode. Meat the cipher.AEAD interface specification.

type AEAD interface {
        // NonceSize returns the size of the nonce that must be passed to Seal
        // and Open.
        NonceSize() int

        // Overhead returns the maximum difference between the lengths of a
        // plaintext and its ciphertext.
        Overhead() int

        // Seal encrypts and authenticates plaintext, authenticates the
        // additional data and appends the result to dst, returning the updated
        // slice. The nonce must be NonceSize() bytes long and unique for all
        // time, for a given key.
        //
        // The plaintext and dst may alias exactly or not at all. To reuse
        // plaintext's storage for the encrypted output, use plaintext[:0] as dst.
        Seal(dst, nonce, plaintext, additionalData []byte) []byte

        // Open decrypts and authenticates ciphertext, authenticates the
        // additional data and, if successful, appends the resulting plaintext
        // to dst, returning the updated slice. The nonce must be NonceSize()
        // bytes long and both it and the additional data must match the
        // value passed to Seal.
        //
        // The ciphertext and dst may alias exactly or not at all. To reuse
        // ciphertext's storage for the decrypted output, use ciphertext[:0] as dst.
        //
        // Even if the function fails, the contents of dst, up to its capacity,
        // may be overwritten.
        Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error)
}

func NewCCM

func NewCCM(blk cipher.Block, TagSize int, NonceSize int) (c CCM, err error)

ok - NewCCM builds the 128-bit block cipher (input) into the CCM interface type. Check That TagSize is an even integer between 4 and 16 inclusive. This is used as CCM's `M` parameter. Check That NonceSize is an integer between 7 and 13 inclusive. This is 15-noncesize is used as CCM's `L` parameter.

type CCMType

type CCMType struct {
	M uint64 // # of octets(bytes) in authentication field	(field size 3) == (M-2)/2
	L uint64 // # of octets(bytes) in length field			(field size 3) == L-1
	// contains filtered or unexported fields
}

ok - from spec CCMType represents a Counter with CBC-MAC with a specific key.

func (*CCMType) MaxLength

func (ccmt *CCMType) MaxLength() int

ok - from spec Directly from rfc3610 -

func (*CCMType) NonceSize

func (ccmt *CCMType) NonceSize() int

ok - from spec Directly from rfc3610 - Interface Function

func (*CCMType) Open

func (ccmt *CCMType) Open(dst, nonce, ct, adata []byte) ([]byte, error)

Open is the complement operation to Seal. This is what you do on the receiving end when you have a CCM sealed and encrypted message. It calculates the CCM based on the nonce, cypher text and adata then performs a compare to verify that the data matches the original.

func (*CCMType) Overhead

func (ccmt *CCMType) Overhead() int

ok - from spec Directly from rfc3610 - this is the TagSize -- Interface Function

func (*CCMType) Seal

func (ccmt *CCMType) Seal(dst, nonce, plaintext, adata []byte) (rv []byte)

Seal - adds the CCM tag to the plaintext. The data is encrypted and the results are added to 'dst'. The nonce is used and therefore must be NonceSize() long.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL