eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Correct and simplify block-based cipher modes

Browse source 
OFB and CFB are streaming modes. XTS is a not a cipher mode but it
doesn't use a separate padding step. This leaves only CBC as a block
cipher mode that needs a padding step.

Since CBC is the only mode that uses a separate padding step, and is
likely to remain the only mode in the future, encode the padding mode
directly in the algorithm constant, rather than building up an
algorithm value from a chaining mode and a padding mode. This greatly
simplifies the interface as well as some parts of the implementation.
This commit is contained in:
Gilles Peskine 2018-08-21 14:02:45 +02:00
parent 81ba4abb02
commit daea26f70f
5 changed files with 132 additions and 202 deletions
Download patch file Download diff file Expand all files Collapse all files

6
programs/psa/crypto_examples.c
View file

@ -167,8 +167,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
key_bits = 256,
part_size = block_size,
};
const psa_algorithm_t alg = PSA_ALG_CBC_BASE |
PSA_ALG_BLOCK_CIPHER_PAD_NONE;
const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
psa_status_t status;
size_t output_len = 0;
@ -216,8 +215,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
part_size = 10,
};
const psa_algorithm_t alg = PSA_ALG_CBC_BASE |
PSA_ALG_BLOCK_CIPHER_PAD_PKCS7;
const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
psa_status_t status;
size_t output_len = 0;