Reinitialization at every AES_CTR_xcrypt_buffer() call?

Question

Reinitialization at every AES_CTR_xcrypt_buffer() call?

Closed this issue 6 years ago · 1 comments

Hi,

I am trying to use AES_CTR_xcrypt_buffer() with a stream and I've encountered a problem.

I send the encrypted output over a TCP socket and decrypt it on the other side. I've deternined, however, that AES_CTR_xcrypt_buffer() is sensitive to how I feed the data to it.

If I encrypt all data at once on one side, but decrypt it in 200-byte blocks on the other side, the decryption breaks. This is because the value of bi inside AES_CTR_xcrypt_buffer() is not preserved between calls, so the counter is always incremented at the beginning of every call.

Shouldn't a stream cipher be insensitive to this in contrast with block ciphers?

Answer 1 · 2018-06-13T18:42:24.000Z

Hi @LubosD and thanks for your question:

When you're using a stream cipher, you have to use the same protocol for when to increment the counter/nonce/IV on both sides. That means, if you encrypt in a 1000 byte block on one side, but decrypt in 200 byte blocks on the other side, you should reset the IV in between calls, to be preserved.

The nonce is automatically incremented because in the CTR-mode of operation it is crucial to security that the same IV/counter is never reused (nonce -> number used once).

You have to manually control the IV/counter one way or the other :)