-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for CTS? #59
Comments
I ended up digging into this pretty deeply to try to understand the problem space. I'm not sure it's possible in this crate? The issue is that in CTS mode, the input isn't a multiple of block size. This ends up throwing off the interfaces of this crate which assume blocks will have been pre-padded if required. The closest I could find that suits the behaviour here with CTS is actually https://docs.rs/aes-gcm/0.10.3/aes_gcm/type.Aes128Gcm.html since that user interface doesn't rely on a blocksize that is fixed. But of course, these traits are related to the AEAD traits which CTS doesn't satisfy. So awkwardly, this would probably actually mean for the CTS modes that a new trait for non-authenticated but also non-padded types are needed. So perhaps that becomes too much to ask to add since that's a lot of additions (the traits for CipherTextStealing in addition to CBC-CS1, 2 and 3.) |
CS2 and CS3 can be implemented generically over block modes (e.g. it will be useful for Belt modes). IIRC CS1 can be implemented only for CBC. We do not have suitable traits for them right now, but we can start with inherent methods. I have a draft implementation, but it's not finished yet. |
@newpavlov hey. Could you share your draft implementation? Maybe I can finish it. Need it so much. |
Some standards like Kerberos like to use block modes that are really rare and uncommon. One of these is CTS which is referenced https://www.rfc-editor.org/rfc/rfc8009#section-1 and SP800-38+ in section 4.
However, almost nothing supports this. It would be great if it could be added to this this crate, since I'm certainly not a cryptographer and I am not confident to implement it myself. :)
The text was updated successfully, but these errors were encountered: