Implementation Question

["Brenton D. Rothchild" <brothchild@dstorage.com>]

Hello,

I'm trying to implement a simple example kernel module
that uses encryption.

I'm having trouble in the fact that unless I decrypt a string
immediately after I've encrypted it (meaning I can't encrypt
two strings and then go back and decrypt the first string), the
last (length % 16) bytes are not decrypted properly.

An example is:
This works:
1) Encrypt "abcdefghijklmnopqrstuvwxyz01234" -> encrypted string
2) Decrypt encrypted string -> "abcdefghijklmnopqrstuvwxyz01234"

This doesn't work:
1) Encrypt "abcdefghijklmnopqrstuvwxyz01234" -> encrypted string
2) ... do some other encryptions of other strings ...
3) Decrypt encrypted string -> "abcdefghijklmnopqrstuvwx......." 
where "......." is a constant, but incorrect character string.

I've checked byte for byte the encrypted strings, and in every
case they are identical.

I'm using aes-ecb to avoid any complications with IVs.  I've tried
ensuring that my input/output buffer to ci->encrypt/decrypt is a
zero-padded buffer with length that is a multiple of 16.

I've also ignored the 'memset(cx->iv, 0, cx->ci->ivsize)' since
ivsize is zero for aes-ecb (at least I think so - someone correct
me if I'm wrong?)

Am I missing something, perhaps not clearing some state in the 
cipher_context or cipher_implementation structs?  Or not setting
a state?  Will I need to use IV (which I have little clue on using :p)?

Any suggestions would be appreciated.  Thanks!
-Brenton Rothchild



  


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/