Documentation
¶
Overview ¶
Package api provides the internal API, and common helpers/definitions.
Index ¶
- Constants
- Variables
- func EncodeEncTweak(out *[TweakSize]byte, tag []byte, blockNr int)
- func EncodeTagTweak(out *[TweakSize]byte, prefix byte, blockNr int)
- func H(t *[STKSize]byte)
- func STKDeriveK(key []byte, derivedKs *[STKCount][STKSize]byte)
- func XORBytes(out, a, b []byte, n int)
- type Factory
- type Instance
Constants ¶
View Source
const ( BlockSize = 16 KeySize = 32 Rounds = 16 TweakSize = 16 TagSize = 16 STKSize = 16 STKCount = Rounds + 1 PrefixADBlock = 0x2 // 0010 PrefixADFinal = 0x6 // 0110 PrefixMsgBlock = 0x0 // 0000 PrefixMsgFinal = 0x4 // 0100 PrefixTag = 0x1 // 0001 PrefixShift = 4 )
Variables ¶
View Source
var Rcons = [STKCount]byte{
0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a,
0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39,
0x72,
}
A.2 RCON constants
Functions ¶
func STKDeriveK ¶
STKDeriveK derives the K component of the Sub-Tweak Key for each round. The derived partial STK is combined with the tweak to produce each round key.
For every single block encrypted or decrypted with a given key, the per-round STK's contribution from the key is the same (LFSR/permuted Tk2/Tk3), and can be calculated once, and XORed into the permuted tweak per round.
Types ¶
type Instance ¶
type Instance interface {
// E authenticate and encrypts ad/msg with the nonce, and writes
// ciphertext || tag to dst.
E(nonce, dst, ad, msg []byte)
// D decrypts and authenticates ad/ct with the nonce and writes
// the plaintext to dst, and returns true iff the authentication
// succeeds.
//
// Callers MUST scrub dst iff the call returns false.
//
// Note: dst is guaranteed NOT to alias with ct.
D(nonce, dst, ad, ct []byte) bool
}
Source Files
Click to show internal directories.
Click to hide internal directories.