Erron Criddle wrote:
[...]
From section 12.8, item 12, it says; "FRE is xored with the next BS octets."
From this, I read that the CFB requires the plaintext to be a multiple of
the blocksize of the symmetrical algorithm.
I guess that strictly speaking the RFC is not correct. It
should read:
if( BS < remainder ):
FRE is xored with the next 'BS' octets.
go to step 12
else:
FRE is xored with the next 'remainder' octets.
exit
Have a look at Bruce Schneier's description of standard CFB
mode on page 200 of Applied Cryptography, 2nd Edition. The
only difference between openpgpCFB and CFB mode is that the
openpgpCFB sometimes does an encryption before the shift
register is full.
For example, if we are using twofish that has a blocksize of 128 bits and
we only have 96 bits of plaintext, what/how do I pad the plaintext up to
128 bits?
You prefix 18 bytes as per RFC 2440, giving you 30 bytes to
encrypt. Initialize the shift register with an IV of all
zeros.
Encrypt the shift register, which gives you 16 bytes of key
stream. Encrypt the first 16 bytes by xor-ing 'em with the
16 bytes of key stream and shift the encrypted bytes into the
shift register as you go. (The shift register holds 16 bytes
so all the old bytes fall off the left end.)
Now encrypt the shift register again, which gives you the
next 16 bytes of key stream. Encrypt the next *two* bytes by
xor-ing with the first two key stream bytes and shift the
encrypted two bytes into the shift register. (Only two bytes
fall off the left end.)
Encrypt the shift register again (yes, you just threw away
14 of your key stream bytes unused) giving you the next 16
bytes of key stream. Encrypt next 12 bytes by xor-ing and
throw away the unused 4 bytes of your keystream.
No padding needed. A working implementation can be found at:
http://anoncvs.cryptix.org/cgi-bin/cvsweb.cgi/projects/ \
jce/src/cryptix.jce.provider.cipher/ \
ModeCFB.java?rev=1.2&content-type=text/x-cvsweb-markup
HTH,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
jeroen(_at_)vangelderen(_dot_)org _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_