Ocb and eax modes with aes #26
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zugzwang
commented
Aug 16, 2019
zugzwang
commented
Aug 16, 2019
zugzwang
commented
Aug 16, 2019
twiss
reviewed
Aug 19, 2019
There was a problem hiding this comment.
It might be nice, once we have EAX, OCB, and GCM, to be able to use all of them interchangeably, and also to do
var aeadInstance AEAD
if (...) {
aeadInstance = NewGCM(block)
} else {
aeadInstance = NewEAX(block)
}
aeadInstance.Seal(...)So it might in fact be a good idea to implement the AEAD interface defined here: https://golang.org/src/crypto/cipher/gcm.go
|
The last check failed at EDIT: The following commit passed, so this is definitely an issue with EdDSA. EDIT: Fixed |
This was referenced Aug 20, 2019
Closed
twiss
reviewed
Aug 22, 2019
zugzwang
force-pushed
the
ocb-and-eax-modes-with-aes
branch
4 times, most recently
from
5ef8281
to
5f074ba
Compare
zugzwang
force-pushed
the
ocb-and-eax-modes-with-aes
branch
from
5f074ba
to
f94d6a5
Compare
twiss
reviewed
Aug 23, 2019
twiss
reviewed
Aug 23, 2019
added 9 commits
August 23, 2019 14:00
twiss
reviewed
Aug 27, 2019
twiss
reviewed
Aug 29, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
OCB and EAX modes of operation as AEAD interfaces
Implemented OCB and EAX modes of operation from RFC7253 and BRW04, respectively. This pull request is a follow-up from 24, and it implements the AEAD interface (defined in gcm) for both modes.
Both packages include sets of randomly generated test vectors, which validated against OpenPGPjs.
OCB package
Supports any block cipher of block size 128 bits, and any tag and nonce sizes. Provided a new set of test vectors with AES-{128, 192, 256} and different tag and nonce lengths, in order to cover average cases (see comment below).
Optimized en/decryption speed when using incremental nonces
Storing a ciphertext accross en/decryptions allows to reduce the internal block cipher encryptions 63 out of 64 times, when using incremental nonces.
Tests
TestOCBImplementsAEADInterface, see gcm.gorandom_vectors.goBenchmarks
Plaintext length 2 ** 18 bytes, header length 16 bytes, crypto/rand generated
Seal(encrypt and authenticate procedure of the AEAD interface)Open(decrypt and validate procedure of the AEAD interface)EAX package
Tests
TestEAXImplementsAEADInterface, see gcm.gorandom_vectors.goBenchmarks
Plaintext length 2 ** 18 bytes, header length 16 bytes, crypto/rand generated
Seal(encrypt and authenticate procedure of the AEAD interface)Open(decrypt and validate procedure of the AEAD interface)Thanks to @twiss for help with debugging
Comment: The motivation for including a new set of test vectors for OCB comes from the fact that, in the test vectors provided by RFC7253, the
bottominternal variable (which definesoffsetfor the first time), does not exceed the value of15. However, it can attain values up to 63, which are covered by these new vectors. This set of vectors includes key length in {128, 192, 256}, tag size 128 bits, and random nonce, header, and plaintext lengths.