README
¶
AesCCM - An imlementation of CCM for signing AES encrypted messages
Note: this has been designed to work specifically with the Go-FTL AesSRP middleware. It should be a general purpose CCM implementation - but all of the testing has been
- On 64 bit architecture. No 32 bit tests have been run.
- With AES encryption. No other encryption has been tested.
Referneces
[https://tools.ietf.org/html/rfc3610][https://tools.ietf.org/html/rfc3610]
[https://en.wikipedia.org/wiki/CCM_mode][https://en.wikipedia.org/wiki/CCM_mode]
[https://www.cryptopp.com/wiki/CCM_Mode][https://www.cryptopp.com/wiki/CCM_Mode]
Also look in ./doc directory
License
MIT except for ./xor.go and ./xor_test.go that are from the GO source code. See LICENSE file.
Documentation
¶
Overview ¶
Implement CCM as per RFC 3610 - https://tools.ietf.org/html/rfc3610 Counter with CBC-MAC
From: http://www.codeproject.com/Articles/21877/Applied-Crypto-Block-Ciphers
"FIPS 81 specifies two MACs: CFB and CBC. CBC-MAC, which is based on DES, is a widely used algorithm to compute a message authentication code. CFB mode MACs are lesser known, and have some disadvantages compared to the CBC mode. CBC-MAC is now considered insecure for certain messages, such as those which vary in length. This has lead to the development of stronger MACs using 128 bit ciphers such as AES with a counter (RFC 3610). This is known as CCM, or Counter with CBC-MAC.'
From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ccm/ccm.pdf
Index ¶
Constants ¶
const CcmBlockSize = aes.BlockSize
ok - from spec
const CcmTagSize = 16
Variables ¶
var ErrCiphertextTooLong = errors.New("AESCCM: ciphertext exceeds maximum length")
var ErrCiphertextTooShort = errors.New("AESCCM: ciphertext below minimum length")
var ErrInvalidBlockSize = errors.New("AESCCM: A 128-bit block cipher is mandatory")
var ErrInvalidNonceLength = errors.New("AESCCM: invalid nonce length")
var ErrNonceSize = errors.New("AESCCM: Invalid nonce size")
var ErrOpenError = errors.New("AESCCM: Message authentication failed")
var ErrPlaintextTooLong = errors.New("AESCCM: plaintext exceeds maximum length")
var ErrTagSize = errors.New("AESCCM: TagSize must be one standard tag size of 4, 6, 8, 10, 12, 14, or 16")
Functions ¶
func CalculateNonceLengthFromMessageLength ¶
Working with SJCL assumes that you have a 32 bit arcitecture and this limits the outputs from this.
func MaxNonceLength ¶
ok - MaxNonceLength returns the maximum nonce length for a given input plaintext. Negative return value is an error with too long a palaintext.
Taken Directly from SJCL code: See: https://github.com/bitwiseshiftleft/sjcl/blob/version-0.8/core/ccm.js This matches with the older "public domain" version of SJCL - current implemenation is a little fancier but works the same. // compute the length of the length
for (L=2; L<4 && ol >>> 8*L; L++) {}
if (L < 15 - ivl) { L = 15-ivl; }
Types ¶
type CCM ¶
type CCM interface {
cipher.AEAD
// MaxLength calculates the maximum length of plaintext that can be used in calls to Seal.
// The maximum length of ciphertext in calls to Open is MaxLength()+'c.M'.
// The maximum length is related to CCM's `L` parameter (15-noncesize) and
// is 1<<(8*L) - 1 (but also limited by the maximum size of an int).
MaxLength() int
}
ok - from spec Definition: CCM is a block cipher in Counter with CBC-MAC mode. Meat the cipher.AEAD interface specification.
type AEAD interface {
// NonceSize returns the size of the nonce that must be passed to Seal
// and Open.
NonceSize() int
// Overhead returns the maximum difference between the lengths of a
// plaintext and its ciphertext.
Overhead() int
// Seal encrypts and authenticates plaintext, authenticates the
// additional data and appends the result to dst, returning the updated
// slice. The nonce must be NonceSize() bytes long and unique for all
// time, for a given key.
//
// The plaintext and dst may alias exactly or not at all. To reuse
// plaintext's storage for the encrypted output, use plaintext[:0] as dst.
Seal(dst, nonce, plaintext, additionalData []byte) []byte
// Open decrypts and authenticates ciphertext, authenticates the
// additional data and, if successful, appends the resulting plaintext
// to dst, returning the updated slice. The nonce must be NonceSize()
// bytes long and both it and the additional data must match the
// value passed to Seal.
//
// The ciphertext and dst may alias exactly or not at all. To reuse
// ciphertext's storage for the decrypted output, use ciphertext[:0] as dst.
//
// Even if the function fails, the contents of dst, up to its capacity,
// may be overwritten.
Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error)
}
func NewCCM ¶
ok - NewCCM builds the 128-bit block cipher (input) into the CCM interface type. Check That TagSize is an even integer between 4 and 16 inclusive. This is used as CCM's `M` parameter. Check That NonceSize is an integer between 7 and 13 inclusive. This is 15-noncesize is used as CCM's `L` parameter.
type CCMType ¶
type CCMType struct {
M uint64 // # of octets(bytes) in authentication field (field size 3) == (M-2)/2
L uint64 // # of octets(bytes) in length field (field size 3) == L-1
// contains filtered or unexported fields
}
ok - from spec CCMType represents a Counter with CBC-MAC with a specific key.
func (*CCMType) Open ¶
Open is the complement operation to Seal. This is what you do on the receiving end when you have a CCM sealed and encrypted message. It calculates the CCM based on the nonce, cypher text and adata then performs a compare to verify that the data matches the original.
Source Files
Directories