Home | Trees | Indices | Help |
|
---|
|
object --+ | CcmMode
Counter with CBC-MAC (CCM).
This is an Authenticated Encryption with Associated Data (AEAD) mode. It provides both confidentiality and authenticity.
The header of the message may be left in the clear, if needed, and it will still be subject to authentication. The decryption step tells the receiver if the message comes from a source that really knowns the secret key. Additionally, decryption detects if any part of the message - including the header - has been modified or corrupted.
This mode requires a nonce. The nonce shall never repeat for two different messages encrypted with the same key, but it does not need to be random. Note that there is a trade-off between the size of the nonce and the maximum size of a single message you can encrypt.
It is important to use a large nonce if the key is reused across several messages and the nonce is chosen randomly.
It is acceptable to us a short nonce if the key is only used a few times or if the nonce is taken from a counter.
The following table shows the trade-off when the nonce is chosen at random. The column on the left shows how many messages it takes for the keystream to repeat on average. In practice, you will want to stop using the key way before that.
Avg. # of messages before keystream repeats | nonce size (bytes) | Max. message size (bytes) |
---|---|---|
2^52 | 13 | 64K |
2^48 | 12 | 16M |
2^44 | 11 | 4G |
2^40 | 10 | 1T |
2^36 | 9 | 64P |
2^32 | 8 | 16E |
This mode is only available for ciphers that operate on 128 bits blocks (e.g. AES but not TDES).
See NIST SP800-38C or RFC3610.
Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
Inherited from |
Instance Variables | |
block_size The block size of the underlying cipher, in bytes. |
|
nonce The nonce used for this cipher instance |
Properties | |
Inherited from |
Method Details |
Protect associated data If there is any associated data, the caller has to invoke this function one or more times, before using decrypt or encrypt. By associated data it is meant any data (e.g. packet headers) that will not be encrypted and will be transmitted in the clear. However, the receiver is still able to detect any modification to it. In CCM, the associated data is also called additional authenticated data (AAD). If there is no associated data, this method must not be called. The caller may split associated data in segments of any size, and invoke this method multiple times, each time with the next segment.
|
Encrypt data with the key set at initialization. A cipher object is stateful: once you have encrypted a message you cannot encrypt (or decrypt) another message using the same object. This method can be called only once if msg_len was not passed at initialization. If msg_len was given, the data to encrypt can be broken up in two or more pieces and encrypt can be called multiple times. That is, the statement:
is equivalent to:
This function does not add any padding to the plaintext.
|
Decrypt data with the key set at initialization. A cipher object is stateful: once you have decrypted a message you cannot decrypt (or encrypt) another message with the same object. This method can be called only once if msg_len was not passed at initialization. If msg_len was given, the data to decrypt can be broken up in two or more pieces and decrypt can be called multiple times. That is, the statement:
is equivalent to:
This function does not remove any padding from the plaintext.
|
Compute the binary MAC tag. The caller invokes this function at the very end. This method returns the MAC that shall be sent to the receiver, together with the ciphertext.
|
Compute the printable MAC tag. This method is like digest.
|
Validate the binary MAC tag. The caller invokes this function at the very end. This method checks if the decrypted message is indeed valid (that is, if the key is correct) and it has not been tampered with while in transit.
|
Validate the printable MAC tag. This method is like verify.
|
|
|
Home | Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Thu Feb 16 14:05:21 2017 | http://epydoc.sourceforge.net |