ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: CFB padding q

2000-07-29 06:50:22
from [Jeroen C. van Gelderen] [Permanent Link] 
Erron Criddle wrote:
[...]

 From section 12.8, item 12, it says; "FRE is xored with the next BS octets."

 From this, I read that the CFB requires the plaintext to be a multiple of
the blocksize of the symmetrical algorithm. 


I guess that strictly speaking the RFC is not correct. It 
should read:

 if( BS < remainder ):
    FRE is xored with the next 'BS' octets.
    go to step 12
 else:
    FRE is xored with the next 'remainder' octets.
    exit

Have a look at Bruce Schneier's description of standard CFB
mode on page 200 of Applied Cryptography, 2nd Edition. The
only difference between openpgpCFB and CFB mode is that the
openpgpCFB sometimes does an encryption before the shift
register is full.


For example, if we are using twofish that has a blocksize of 128 bits and
we only have 96 bits of plaintext, what/how do I pad the plaintext up to
128 bits?


You prefix 18 bytes as per RFC 2440, giving you 30 bytes to
encrypt. Initialize the shift register with an IV of all 
zeros.

Encrypt the shift register, which gives you 16 bytes of key 
stream. Encrypt the first 16 bytes by xor-ing 'em with the 
16 bytes of key stream and shift the encrypted bytes into the 
shift register as you go. (The shift register holds 16 bytes
so all the old bytes fall off the left end.)

Now encrypt the shift register again, which gives you the 
next 16 bytes of key stream. Encrypt the next *two* bytes by 
xor-ing with the first two key stream bytes and shift the
encrypted two bytes into the shift register. (Only two bytes
fall off the left end.)

Encrypt the shift register again (yes, you just threw away
14 of your key stream bytes unused) giving you the next 16 
bytes of key stream. Encrypt next 12 bytes by xor-ing and 
throw away the unused 4 bytes of your keystream.

No padding needed. A working implementation can be found at:

http://anoncvs.cryptix.org/cgi-bin/cvsweb.cgi/projects/  \
   jce/src/cryptix.jce.provider.cipher/                  \
   ModeCFB.java?rev=1.2&content-type=text/x-cvsweb-markup

HTH,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen(_at_)vangelderen(_dot_)org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CFB padding q, Erron Criddle
Next by Date:  Re: From Lorraine,as promised,I can lower your bill, callback123
Previous by Thread:  Re: CFB padding q, Erron Criddle
Next by Thread:  Re: From Lorraine,as promised,I can lower your bill, callback123
Indexes:  [Date] [Thread] [Top] [All Lists]