[gnutls-devel] GnuTLS | crypto: add API to retrieve the final IV for CFB ciphers (!988)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu May 2 17:07:39 CEST 2019




Hi Daiki,

> Is this internal IV subject to validation?

Yes, I need the IV after an encrypt or decrypt operation.

> Wouldn't it be feasible to do
> something like (not tested at all though):

> ```c
> gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CFB8, &key, &iv);
> gnutls_cipher_encrypt(ch, data.data, data.size);
> block_size = gnutls_cipher_get_block_size(GNUTLS_CIPHER_AES_128_CFB8);
> if (data.size < block_size) {
>   /* concatenate the initial IV and ciphertext */
>   memcpy(next_iv, iv.data + block_size - (block_size - data.size),
> block_size - data.size); memcpy(next_iv + block_size - data.size,
> data.data, block_size - (block_size - data.size)); } else {
>   /* use the last block of the ciphertext */
>   memcpy(next_iv, data.data + (data.size - block_size), block_size);
> }
> ```

It seems that you are proposing to re-create the IV operation GnuTLS applies
in the calling code. This is not permissible. We need the IV that was left by
GnuTLS' operation.

Ciao
Stephan

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/988#note_166225271
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190502/d7608d37/attachment.html>


More information about the Gnutls-devel mailing list