Import offset-cookbook-mode
#550
Conversation
| /// Number of L values to be precomputed. Precomputing m values, allows | ||
| /// processing inputs of length up to 2^m blocks (2^m * 16 bytes) without | ||
| /// needing to calculate L values at runtime. | ||
| /// | ||
| /// By setting this to 32, we can process inputs of length up to 1 terabyte. | ||
| const L_TABLE_SIZE: usize = 32; |
There was a problem hiding this comment.
Should we support inputs longer than one terabyte?
| associated_data: hex!("").to_vec(), | ||
| plaintext: hex!("").to_vec(), | ||
| ciphertext: hex!("785407BFFFC8AD9EDCC5520AC9111EE6").to_vec(), | ||
| }, |
There was a problem hiding this comment.
These tests are better implemented using the new_test macro. If you want, I can generate blobby file for these tests a bit later.
| @@ -0,0 +1,602 @@ | |||
| #![no_std] | |||
| #![cfg_attr(docsrs, feature(doc_cfg))] | |||
| #![doc = include_str!("../README.md")] | |||
There was a problem hiding this comment.
If you include readme, it would be nice to add a simple example or two into it.
| pub type Tag<TagSize> = GenericArray<u8, TagSize>; | ||
|
|
||
| /// AES-OCB3 with a 128-bit key, 96-bit nonce, and 128-bit tag. | ||
| pub type Aes128Ocb3 = AesOcb3<Aes128, U12>; |
There was a problem hiding this comment.
You don't feature gate these aliases properly. Personally, I would prefer for this crate to be cipher-agnostic, maybe later we could introduce aes-ocb3 as a helper combination crate.
|
Thank you for the detailed comments. I'd like to push back gently against decoupling OCB3 from AES. This implementation of OCB3 assumes a 128-bit blockcipher, which limits its utility with other blockciphers. |
|
@sgmenda you can express the block size requirement generically by bounding on the Cipher: BlockCipher<BlockSize = U16>One of the advantages of making the underlying cipher generic is that it becomes possible to replace the AES implementation with e.g. a hardware cryptographic accelerator. Embedded platforms which use such accelerators can benefit greatly from OCB because it cuts the number of cipher invocations in half versus e.g. the more commonly used CCM mode. |
|
@tarcieri Ah, TIL. I will make the change then. |
|
applied the missing CR in here: #587 |
Re sgmenda/offset-cookbook-mode#1
I slightly cleaned up the code, made the implementation generic over Aes, added more KATs, and tried to match the repo's style.