subtle

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 16, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package subtle provides subtle implementations of the DeterministicAEAD primitive.

Index

Constants

View Source
const (
	// AESSIVKeySize is the key size in bytes.
	AESSIVKeySize = 64
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AESSIV

type AESSIV struct {
	// contains filtered or unexported fields
}

AESSIV is an implementation of AES-SIV-CMAC as defined in https://tools.ietf.org/html/rfc5297.

AESSIV implements a deterministic encryption with associated data (i.e. the DeterministicAEAD interface). Hence the implementation below is restricted to one AD component.

Security Note:

Chatterjee, Menezes and Sarkar analyze AES-SIV in Section 5.1 of https://www.math.uwaterloo.ca/~ajmeneze/publications/tightness.pdf

Their analysis shows that AES-SIV is susceptible to an attack in a multi-user setting. Concretely, if an attacker knows the encryption of a message m encrypted and authenticated with k different keys, then it is possible to find one of the MAC keys in time 2^b / k where b is the size of the MAC key. A consequence of this attack is that 128-bit MAC keys give unsufficient security. Since 192-bit AES keys are not supported by tink for voodoo reasons and RFC 5297 only supports same size encryption and MAC keys this implies that keys must be 64 bytes (2*256 bits) long.

func NewAESSIV

func NewAESSIV(key []byte) (*AESSIV, error)

NewAESSIV returns an AESSIV instance.

func (*AESSIV) DecryptDeterministically

func (asc *AESSIV) DecryptDeterministically(ciphertext, associatedData []byte) ([]byte, error)

DecryptDeterministically deterministically decrypts ciphertext with associatedData.

func (*AESSIV) EncryptDeterministically

func (asc *AESSIV) EncryptDeterministically(plaintext, associatedData []byte) ([]byte, error)

EncryptDeterministically deterministically encrypts plaintext with associatedData.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL