OCB-AES implementation in pure Python

Submitted by Paweł Krawczyk on czw., 2010-01-21 01:21

Kryptografia

Experimental implementation of OCB authentication-encryption mode using AES in pure Python.

This code is experimental and may have bugs, even though it passes all test vectors. Example interface:

        >>> aes = AES(128)
        >>> ocb = OCB(aes)
        >>> nonce = range(16)         # AES block size
        >>> key = [0] * (128/8)       # AES keysize used here
        >>> plaintext = range(10)      # arbitrary length plaintext for encryption
        >>> header = [1] * 5          # arbitrary length "header" plaintext
        >>> ocb.setNonce(nonce)       # nonce MUST NOT be used more than once
        >>> ocb.setKey(key)           # AES key for encryption
        >>> (tag,ciphertext) = ocb.encrypt(plaintext, header)
        
        ciphertext is same length as plaintext
        header remains unencrypted
        tag is 16 bytes long message authentication code (not secret)
        
        >>> print tag, ciphertext
        [112, 241, 108, 123, 21, 7, 119, 43, 239, 210, 156, 158, 111, 17, 42, 46] [180, 107, 115, 96, 69, 33, 217, 56, 249, 65]
        >>> (is_authentic, plaintext2) = ocb.decrypt(header, ciphertext, tag)
        
        is_authentic is True if ciphertext matches "tag" and is authentic
        otherwise plaintext is empty
        
        >>> print is_authentic, plaintext2
        True [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]

More information on OCB:

http://www.cs.ucdavis.edu/~rogaway/ocb/

Download:

http://ipsec.pl/files/ipsec/pyocb_0.zip