README
¶
OCB3
OCB3 mode by Rogaway.
Security
Disclosure
This project uses full disclosure. If you find a security bug in an implementation, please e-mail me or create a GitHub issue.
Disclaimer
You should only use cryptography libraries that have been reviewed by cryptographers or cryptography engineers. While I am a cryptography engineer, I'm not your cryptography engineer, and I have not had this project reviewed by any other cryptographers.
Documentation
¶
Overview ¶
Package ocb3 implements the Offset codebook mode (OCB3) cipher block mode.
This implementation runs at around 25 cycles per byte for messages between 1 KiB and 8 KiB, measured on a 2021 MacBook Air M1.
This package is implemented per RFC 7253 and "The Design and Evolution of OCB" by Krovetz and Rogaway in the Journal of Cryptology (volume 34, issue 4)0.
OCB3's patents were abandoned in February 2021.
Index ¶
Constants ¶
const (
// BlockSize is the size in bytes of an OCB3 block.
BlockSize = 16
)
Variables ¶
This section is empty.
Functions ¶
func New ¶
New creates an OCB3 AEAD from a secure block cipher.
The AEAD uses a 96-bit nonce and 128-bit tag.
Nonces can either be random or a counter. Like many AEAD modes, they need not be secret.
Like many AEAD modes, (nonce, key) pairs must never be used to encrypt multiple messages (multiple calls to Seal). Doing so is catastrophic for both confidentiality and authenticity. It cannot be stressed enough: never allow (nonce, key) pairs to repeat while encrypting. It is a fatal error.
OCB3's confidentiality and authenticity claims degrade as the number of blocks, s, approaches s^2 / 2^128. Therefore, it is recommended that each key generate no more than 2^48 ciphertext blocks (about 4 PB), including associated data.
It is an error if the cipher's block size is not exactly BlockSize.
Types ¶
This section is empty.
Source Files