Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better documentation for CFB #590

Open
3 tasks done
MarekKnapek opened this issue Apr 29, 2022 · 4 comments
Open
3 tasks done

Better documentation for CFB #590

MarekKnapek opened this issue Apr 29, 2022 · 4 comments

Comments

@MarekKnapek
Copy link

Prerequisites

Description

If you look at the definition of CFB mode (for example in NIST SP 800-38A document), you will see that CFB mode can accept integer parameter (called s) telling the CFB (roughly) how many bits shall process at a time. The parameter is often incorporated into the mode's name (such as 1-bit CFB mode, the 8-bit CFB mode, the 64-bit CFB mode, or the 128-bit CFB mode).

The problem is, that libtomcrypt doesn't document which CFB variant it uses.

Therefore in this issue I suggest to improve libtomcrypt's documentation to tell its users that it always uses the "full width" version of CFB ("full-width" meaning 128-bit CFB for AES cipher (I didn't test with other ciphers, yet)). This might apply to other modes as well (I didn't test other modes, yet).

Steps to Reproduce

Write AES + CFB implementation from scratch (yes, I'm masochist reinventing wheel) and test its correctness against other crypto library (such as libtomcrypt) and discover that both libraries behave differently.

Version

Latest git head, develop branch, 1.17.
Windows 10, x86 + x64, Visual Studio 2022.

Additional Information

It would be nice if libtomcrypt would implement the CFB s parameter, but this is not subject of this issue.

Best regards, Marek.
@sjaeckel
Copy link
Member

Well, the documentation already states the following:

libtomcrypt/doc/crypt.tex

Line 828 in 06a81ae

Note that in this library the output feedback width is equal to the size of the block cipher. That is this mode is used

Looks like that isn't sufficient, maybe could require a bit more clarification.

Implementing the full spec would also be an option.

I'll leave this issue open until the doc is updated or the full spec is implemented, whichever comes first ;)

@levitte
Copy link
Collaborator

levitte commented Aug 19, 2024

Note: this goes for OFB too.

@sjaeckel
Copy link
Member

sjaeckel commented Sep 5, 2024

I added the different CFB modes in #587 , so current develop should be fine. @MarekKnapek can you maybe verify?

Note: this goes for OFB too.

Oh I wasn't aware of that! Reading that scanned document "FIPS PUB81" felt like a travel back in time :D

That shouldn't be too hard to implement, but also it's discouraged for more than 40 years IIUC... I doubt it even has been used in the wild since ltc exists ;)

@MarekKnapek
Copy link
Author

I added the different CFB modes in #587 , so current develop should be fine. @MarekKnapek can you maybe verify?

Reading commits cf79fac and 2613264 in web browser seems fine. I can do some programming, but not sooner than this weekend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sjaeckel @levitte @MarekKnapek