[patch] allow ctr mode to handle 'unaligned' plaintext blocks and improve ctr benchmarks

Werner Koch wk at gnupg.org
Tue Dec 30 14:42:31 CET 2008

On Mon, 29 Dec 2008 22:07, robert at roberthogan.net said:

> I needed to use AES in CTR mode but found that libgcrypt's current 
> implementation does not allow for 'unaligned' blocks of plaintext, i.e. 
> where the plaintext is not a multiple of the context's blocksize.

That is clearly a bug and needs to be fixed.

> to add this functionality to libgcrypt and have supplied the patch below. 
> The code there is licensed under 3-clause BSD which is GPL-compatible. I 

As per the GNU coding standards we would need to exchange legal papers
with the orginal author and you to include this code - this would be a
hassle for such a bug.  Thus, I am going to implement it of my own,
probably as the first task next year.  See
https://bugs.g10code.com/gnupg/issue983 .

> The results from the unit tests I've added to basic.c are the output from 
> patched do_ctr_encrypt() on my machine so shouldn't be taken as validating 

I'll add this test to the regression test of course.  Thanks.

> The Tor code also finds some optimization while incrementing the counter. I 
> will test this out later and see if the gains are appreciable. 

Would it be helpful for you or TOR to have the code further optimized?
We already have CFB and CBS optimizations for AES and adding CTR should
not be a big problem.  However, I can do further optimizations only
after the release of 1.4.4.



Now I need to prepare tomorrows shutdown of our TOR server
allium.gnupg.org due to the German data retention laws :-((.

Artikel 10 Grundgesetz, you served as well since May 23, 1949.  Bye, bye
for now and lets hope that the Federal Constitutional Court will decide

Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gcrypt-devel mailing list