search

libtom / libtomcrypt

LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
https://www.libtom.net
Other
1.58k stars 460 forks source link

Better documentation for CFB #590

Open MarekKnapek opened 2 years ago

MarekKnapek commented 2 years ago

Prerequisites

Description

If you look at the definition of CFB mode (for example in NIST SP 800-38A document), you will see that CFB mode can accept integer parameter (called s) telling the CFB (roughly) how many bits shall process at a time. The parameter is often incorporated into the mode's name (such as 1-bit CFB mode, the 8-bit CFB mode, the 64-bit CFB mode, or the 128-bit CFB mode).

The problem is, that libtomcrypt doesn't document which CFB variant it uses.

Therefore in this issue I suggest to improve libtomcrypt's documentation to tell its users that it always uses the "full width" version of CFB ("full-width" meaning 128-bit CFB for AES cipher (I didn't test with other ciphers, yet)). This might apply to other modes as well (I didn't test other modes, yet).

Steps to Reproduce

Write AES + CFB implementation from scratch (yes, I'm masochist reinventing wheel) and test its correctness against other crypto library (such as libtomcrypt) and discover that both libraries behave differently.

Version

Latest git head, develop branch, 1.17. Windows 10, x86 + x64, Visual Studio 2022.

Additional Information

It would be nice if libtomcrypt would implement the CFB s parameter, but this is not subject of this issue.

Best regards, Marek.

sjaeckel commented 2 years ago

Well, the documentation already states the following:

https://github.com/libtom/libtomcrypt/blob/06a81aeb227424182125363f7554fad5146d6d2a/doc/crypt.tex#L828

Looks like that isn't sufficient, maybe could require a bit more clarification.

Implementing the full spec would also be an option.

I'll leave this issue open until the doc is updated or the full spec is implemented, whichever comes first ;)

levitte commented 3 months ago

Note: this goes for OFB too.

sjaeckel commented 2 months ago

I added the different CFB modes in #587 , so current develop should be fine. @MarekKnapek can you maybe verify?

Note: this goes for OFB too.

Oh I wasn't aware of that! Reading that scanned document "FIPS PUB81" felt like a travel back in time :D

That shouldn't be too hard to implement, but also it's discouraged for more than 40 years IIUC... I doubt it even has been used in the wild since ltc exists ;)

MarekKnapek commented 2 months ago

I added the different CFB modes in #587 , so current develop should be fine. @MarekKnapek can you maybe verify?

Reading commits https://github.com/libtom/libtomcrypt/pull/587/commits/cf79facfb946a9134884d3795b2552b3b6ea50d3 and https://github.com/libtom/libtomcrypt/pull/587/commits/2613264ceff394847df7119eeb56a7b1803ca5ba in web browser seems fine. I can do some programming, but not sooner than this weekend.