On Tue, Jun 19, 2018 at 5:27 PM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > On Sun, Jun 17, 2018 at 01:06:42PM +0300, Gilad Ben-Yossef wrote: >> >> It was ctr(aes). I wrongly assumed that we are supposed to unconditionally >> copy >> the cipher-text block post operation and let the caller do with it what it >> wants and so the >> code now does that for all cipher operations unconditionally. > > For CTR it doesn't matter whether the last block is less than a > block, you should still increment the counter. OK. got it. Although I am not sure how does one use this to continue encryption if the plaintext was not block aligned. > >> So what is a good description of what we are supposed to provide in that >> field post operation? >> The next IV? but as you stated, that is not necessarily useful for all >> ciphers. > > When in doubt, please refer to the generic implementation. If > that is still unclear or if it seems wrong, please post to the > list. Got it. So as a sanity check if I understood correctly I need to: - Increment counter in IV for CTS - Copy last ciphertext block for CFB and CBC to output IV (partial blocks not allowed) What about OFB? unless I've missed something there is no generic implementation... ? Thanks again, Gilad -- Gilad Ben-Yossef Chief Coffee Drinker values of β will give rise to dom!
