Page MenuHome GnuPG

unaligned access in CTR mode
Closed, ResolvedPublic

Description

Robert Hogan reported on gcrypt-devel:

I needed to use AES in CTR mode but found that libgcrypt's current
implementation does not allow for 'unaligned' blocks of plaintext, i.e.
where the plaintext is not a multiple of the context's blocksize.

Details

Version
all

Event Timeline

werner set Due Date to Jan 5 2009, 1:00 AM.Dec 30 2008, 2:48 PM
werner set Version to all.
werner added projects: libgcrypt, Bug Report.
werner added a subscriber: werner.
werner changed Due Date from Jan 5 2009, 1:00 AM to Jan 15 2009, 1:00 AM.Jan 5 2009, 2:53 PM

On further inspection I figured that it is not a unaligned problem, which would
clearly be a bug, but a restriction that the function works only onh full
blocks. This is the same as with CBC mode with the little difference that the
CBC mode detects this and returns an error. The most straightforward fix would
be to detect this usage error in CTR mode too.

The proposed change has no provisions to handle the case of left over input
data. We need to decide whether we want to add a general buffered mode to the
cipher layer to allow working with arbitrary sized data chunks.

werner removed Due Date.

I have implemented the mentioned checks for CTR in libgcrypt trunk, rev 1414.

I have the buffering layer on my private TODO list. Feel free to add a new
report with a wish if that is important to you.