In message <[EMAIL PROTECTED]> on Mon, 23 Jun 2003 18:22:37 +0200, Thierry Boivin <[EMAIL PROTECTED]> said:
Thierry.Boivin> My understanding of this one is (in a practical perspective) is : Thierry.Boivin> calling programs maintain a 64 bit long nonce counter. This counter is to be incremented by one from messages to messages. As this nonce is used to form the high part of a 128 bit long counter value -- we add 0 for the low part -- , the "counter" element is globally incremented by 2**64 from messages to messages. This is for the behavior of the calling program. If considering the routine implementing the message encryption (so the openssl routine), message is to be split into blocks and each block encrypted with a specific counter value : first block is used with the initial counter given by the application (64 bit long value <<64 + 64 bit long zeros.). Next blocks of the message are then encrypted using a "counter value of blockN = counter value of blokcN-1 + 1" operation. And when should the increment by 2^64 occur? Is that something that the application should make sure happens with some kind of call to the currently non-existing functino AES_incr_ctr() (perhaps done in EVP_EncryptFinal())? If everyone can agree on such an interpretation, I have no problems changing it, as long as it also makes the implement crunch the available test vectors properly. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]