Hi Everyone, We should be checking-in OCB shortly. Its being prepared on my testing clone.
OCB mode is in the process of being widened for block sizes upto 1024-bit, but we are only supporting 128-bit block sizes. The wider sizes are trickier due to the bit twiddling so I'd like to have access to a few other implementations before we pull the trigger on wider sizes. OCB mode is kind of tricky in general because AuthenticatedSymmetricCipher is not really designed for single pass AEAD modes. AuthenticatedSymmetricCipher was designed at a time when there was one single pass AEAD mode and it was patented. Just about everything other than OCB was double pass to avoid infringing on the patent. Dual pass processing means the library assumes the encryptor and the authenticator are discrete components. When data is transformed there are two calls - one to encrypt/decrypt, and one to mac/verify. The current framework does not allow us to just encrypt, which is where the MAC'ing occurs with OCB (its literally an XOR into a running checksum), so we have to provide phony MessageAuthenticationCodes (the library is calling them whether needed or not). A lot has changed since AEAD support was added. OCB is widely available for free for projects like Botan, Crypto++ and OpenSSL. And the CAESAR competition (https://competitions.cr.yp.to/caesar.html) is chocked full of the next generation single pass AEAD modes. I kinda feel like AuthenticatedSymmetricCipher needs a small update to better accommodate single pass modes. The rub is I don't have enough experience with the interfaces to know where to best apply the changes. At this point in time I think the best course of action is to "wait and see". Eventually the changes will become apparent. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
