Home | Trees | Indices | Help |
|
---|
|
object --+ | SivMode
Synthetic Initialization Vector (SIV).
This is an Authenticated Encryption with Associated Data (AEAD) mode. It provides both confidentiality and authenticity.
The header of the message may be left in the clear, if needed, and it will still be subject to authentication. The decryption step tells the receiver if the message comes from a source that really knowns the secret key. Additionally, decryption detects if any part of the message - including the header - has been modified or corrupted.
Unlike other AEAD modes such as CCM, EAX or GCM, accidental reuse of a nonce is not catastrophic for the confidentiality of the message. The only effect is that an attacker can tell when the same plaintext (and same associated data) is protected with the same key.
The length of the MAC is fixed to the block size of the underlying cipher. The key size is twice the length of the key of the underlying cipher.
This mode is only available for AES ciphers.
Cipher |
|
|
---|---|---|
AES-128 | 16 | 32 |
AES-192 | 16 | 48 |
AES-256 | 16 | 64 |
See RFC5297 and the original paper.
Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
Inherited from |
Instance Variables | |
block_size The block size of the underlying cipher, in bytes. |
|
nonce Public attribute is only available in case of non-deterministic encryption. |
Properties | |
Inherited from |
Method Details |
Protect one associated data component For SIV, the associated data is a sequence (vector) of non-empty byte strings (components). This method consumes the next component. It must be called once for each of the components that constitue the associated data. Note that the components have clear boundaries, so that: >>> cipher.update(b"builtin") >>> cipher.update(b"securely") is not equivalent to: >>> cipher.update(b"built") >>> cipher.update(b"insecurely") If there is no associated data, this method must not be called.
|
Encrypt data with the key and the parameters set at initialization. A cipher object is stateful: once you have encrypted a message you cannot encrypt (or decrypt) another message using the same object. This method can be called only once. You cannot reuse an object for encrypting or decrypting other data with the same key. This function does not add any padding to the plaintext.
|
Decrypt data with the key and the parameters set at initialization. For SIV, decryption and verification must take place at the same point. This method shall not be used. Use decrypt_and_verify instead. |
Compute the binary MAC tag. The caller invokes this function at the very end. This method returns the MAC that shall be sent to the receiver, together with the ciphertext.
|
Compute the printable MAC tag. This method is like digest.
|
Validate the binary MAC tag. The caller invokes this function at the very end. This method checks if the decrypted message is indeed valid (that is, if the key is correct) and it has not been tampered with while in transit.
|
Validate the printable MAC tag. This method is like verify.
|
|
Perform decryption and verification in one step. A cipher object is stateful: once you have decrypted a message you cannot decrypt (or encrypt) another message with the same object. You cannot reuse an object for encrypting or decrypting other data with the same key. This function does not remove any padding from the plaintext.
|
Home | Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Thu Feb 16 14:05:21 2017 | http://epydoc.sourceforge.net |