Package Cryptodome :: Package Cipher :: Module _mode_ocb :: Class OcbMode

Class OcbMode

object --+
         |
        OcbMode

Offset Codebook (OCB) mode.
Instance Methods
 
update(self, assoc_data)
Process the associated data.
 
encrypt(self, plaintext=None)
Encrypt the next piece of plaintext.
 
decrypt(self, ciphertext=None)
Decrypt the next piece of ciphertext.
 
digest(self)
Compute the binary MAC tag.
 
hexdigest(self)
Compute the printable MAC tag.
 
verify(self, received_mac_tag)
Validate the binary MAC tag.
 
hexverify(self, hex_mac_tag)
Validate the printable MAC tag.
 
encrypt_and_digest(self, plaintext)
Encrypt the message and create the MAC tag in one step.
 
decrypt_and_verify(self, ciphertext, received_mac_tag)
Decrypted the message and verify its authenticity in one step.

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __init__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Instance Variables
  block_size
The block size of the underlying cipher, in bytes.
  nonce
Nonce used for this session.
Properties

Inherited from object: __class__

Method Details

update(self, assoc_data)

 

Process the associated data.

If there is any associated data, the caller has to invoke this method one or more times, before using decrypt or encrypt.

By associated data it is meant any data (e.g. packet headers) that will not be encrypted and will be transmitted in the clear. However, the receiver shall still able to detect modifications.

If there is no associated data, this method must not be called.

The caller may split associated data in segments of any size, and invoke this method multiple times, each time with the next segment.

Parameters:
  • assoc_data (byte string) - A piece of associated data.

encrypt(self, plaintext=None)

 

Encrypt the next piece of plaintext.

After the entire plaintext has been passed (but before digest), you must call this method one last time with no arguments to collect the final piece of ciphertext.

If possible, use the method encrypt_and_digest instead.

Parameters:
  • plaintext (byte string) - The next piece of data to encrypt or None to signify that encryption has finished and that any remaining ciphertext has to be produced.
Returns:
the ciphertext, as a byte string. Its length may not match the length of the plaintext.

decrypt(self, ciphertext=None)

 

Decrypt the next piece of ciphertext.

After the entire ciphertext has been passed (but before verify), you must call this method one last time with no arguments to collect the remaining piece of plaintext.

If possible, use the method decrypt_and_verify instead.

Parameters:
  • ciphertext (byte string) - The next piece of data to decrypt or None to signify that decryption has finished and that any remaining plaintext has to be produced.
Returns:
the plaintext, as a byte string. Its length may not match the length of the ciphertext.

digest(self)

 

Compute the binary MAC tag.

Call this method after the final encrypt (the one with no arguments) to obtain the MAC tag.

The MAC tag is needed by the receiver to determine authenticity of the message.

Returns:
the MAC, as a byte string.

hexdigest(self)

 

Compute the printable MAC tag.

This method is like digest.

Returns:
the MAC, as a hexadecimal string.

verify(self, received_mac_tag)

 

Validate the binary MAC tag.

Call this method after the final decrypt (the one with no arguments) to check if the message is authentic and valid.

Parameters:
  • received_mac_tag (byte string) - This is the binary MAC, as received from the sender.
Raises:
  • ValueError - if the MAC does not match. The message has been tampered with or the key is incorrect.

hexverify(self, hex_mac_tag)

 

Validate the printable MAC tag.

This method is like verify.

Parameters:
  • hex_mac_tag (string) - This is the printable MAC, as received from the sender.
Raises:
  • ValueError - if the MAC does not match. The message has been tampered with or the key is incorrect.

encrypt_and_digest(self, plaintext)

 
Encrypt the message and create the MAC tag in one step.
Parameters:
  • plaintext (byte string) - The entire message to encrypt.
Returns:

a tuple with two byte strings:

  • the encrypted data
  • the MAC

decrypt_and_verify(self, ciphertext, received_mac_tag)

 
Decrypted the message and verify its authenticity in one step.
Parameters:
  • ciphertext (byte string) - The entire message to decrypt.
  • received_mac_tag (byte string) - This is the binary MAC, as received from the sender.
Returns:
the decrypted data (byte string).
Raises:
  • ValueError - if the MAC does not match. The message has been tampered with or the key is incorrect.