In message <[EMAIL PROTECTED]> on Mon, 23 Jun 2003 18:22:37 +0200, Thierry Boivin
<[EMAIL PROTECTED]> said:
Thierry.Boivin> My understanding of this one is (in a practical perspective) is :
Thierry.Boivin> calling programs maintain a 64 bit long nonce counter. This counter is
to be incremented by one from messages to messages. As this nonce is used to form the
high part of a 128 bit long counter value -- we add 0 for the low part -- , the
"counter" element is globally incremented by 2**64 from messages to messages. This is
for the behavior of the calling program. If considering the routine implementing the
message encryption (so the openssl routine), message is to be split into blocks and
each block encrypted with a specific counter value : first block is used with the
initial counter given by the application (64 bit long value <<64 + 64 bit long
zeros.). Next blocks of the message are then encrypted using a "counter value of
blockN = counter value of blokcN-1 + 1" operation.
And when should the increment by 2^64 occur? Is that something that
the application should make sure happens with some kind of call to the
currently non-existing functino AES_incr_ctr() (perhaps done in
EVP_EncryptFinal())?
If everyone can agree on such an interpretation, I have no problems
changing it, as long as it also makes the implement crunch the
available test vectors properly.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
