> > But, I still don't understand why we need to do a memcpy after the > last round to save the last ciphered block as the new IV into the > context. In my opinion, it's useless, this context won't be used anymore. > http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/freebl/camellia.c&rev=1.2&mark=1541 >
Please reread the second half of my post. The context *WILL* be used again. You are assuming that camellia_encryptCBC is 'one-shot'. It is not. It is possible (even likely) that multiple calls will be made to the same encrypt function on the same context representing the same stream. In my example the entire data stream is datain1 + datain2 + datain3. They may all be decrypted in one massive decrypt call or multiple smaller decrypt call. The results must be the same. That means the block chaining of datain2 must pick up where datain1 left off. This mode happens regularly. S/MIME engines or sometimes in a pipeline stream of data. Bytes come through the pipeline in a non-regular fashion. You don't want to have to collect the entire message before you start encrypting/decrypting it so the message is broken up into bits. Same thing with SSL. Your data arrives in little packets. In fact in SSL you could get some data from the server, who will wait for your response, then more data from the server in the same encryption stream, so you need to keep a running context. Only the last iv is thrown away, and there is no way for this code to know the context is the last one until finish is called. bob > > Grégory. > >
-- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
