OCB

From OpenSSLWiki
Jump to navigationJump to search

OCB is the Offset Code Book mode. The mode provides an efficient form of authenticated encryption with additional data, which is commonly referred to as an AEAD scheme. OCB mode is efficient because blocks of data are visited once to generate the cipher text and create the authentication tag. In contrast, modes like CCM, EAX and GCM visit the block of data twice due to US patent encumbrances - once to encrypt the data and once to create the authentication tag. For more information, see Dr. David Wagner's comparison of AEAD schemes at AEAD Comparison.

This mode has been patented by Professor Phil Rogaway and licensed to OpenSSL with the license grant available here. Dr. Rogaway's paper can be found at Authenticated-Encryption with Associated-Data. Test vectors and a reference implementation for interoperability testing can be found at OCB News and Code.

Please see EVP Symmetric Encryption and Decryption or EVP Authenticated Encryption and Decryption. The choice of EVP_CIPHER includes:

$ grep "EVP_.*_ocb" include/openssl/evp.h
const EVP_CIPHER *EVP_aes_128_ocb(void);
const EVP_CIPHER *EVP_aes_192_ocb(void);
const EVP_CIPHER *EVP_aes_256_ocb(void);