[gnutls-devel] GnuTLS | crypto: add API to retrieve the final IV for CFB ciphers (!988)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu May 2 17:00:41 CEST 2019

Is this internal IV subject to validation? Wouldn't it be feasible to do something like (not tested at all though):
gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CFB8, &key, &iv);
gnutls_cipher_encrypt(ch, data.data, data.size);
block_size = gnutls_cipher_get_block_size(GNUTLS_CIPHER_AES_128_CFB8);
if (data.size < block_size) {
  /* concatenate the initial IV and ciphertext */
  memcpy(next_iv, iv.data + block_size - (block_size - data.size), block_size - data.size);
  memcpy(next_iv + block_size - data.size, data.data, block_size - (block_size - data.size));
} else {
  /* use the last block of the ciphertext */
  memcpy(next_iv, data.data + (data.size - block_size), block_size);

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/988#note_166222618
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190502/4c786b6f/attachment-0001.html>

More information about the Gnutls-devel mailing list