Robert Relyea a écrit :
But, I still don't understand why we need to do a memcpy after the
last round to save the last ciphered block as the new IV into the
context. In my opinion, it's useless, this context won't be used anymore.
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/freebl/camellia.c&rev=1.2&mark=1541
Please reread the second half of my post.
The context *WILL* be used again.
You are assuming that camellia_encryptCBC is 'one-shot'. It is not. It
is possible (even likely) that multiple calls will be made to the same
encrypt function on the same context representing the same stream. In my
example the entire data stream is datain1 + datain2 + datain3. They may
all be decrypted in one massive decrypt call or multiple smaller decrypt
call. The results must be the same. That means the block chaining of
datain2 must pick up where datain1 left off.
This mode happens regularly. S/MIME engines or sometimes in a pipeline
stream of data. Bytes come through the pipeline in a non-regular
fashion. You don't want to have to collect the entire message before you
start encrypting/decrypting it so the message is broken up into bits.
Same thing with SSL. Your data arrives in little packets. In fact in SSL
you could get some data from the server, who will wait for your
response, then more data from the server in the same encryption stream,
so you need to keep a running context.
Only the last iv is thrown away, and there is no way for this code to
know the context is the last one until finish is called.
bob
Thank you Bob for your detailed response. I knew what I presumed was
wrong but I didn't understand why. Now it's clear.
You were very helpful.
Regards,
Gregory.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
