Ian Boyd
11/29/2002 3:39:00 AM
i'm trying to understand the thinking of the guy who wrote the
ICryptoTransform interface. There seems to be conflicting cryptographic
ideas going on. Specifically what happens when someone calls
ICryptoTransform.TransformBlock.
What happens if they pass an inputCount that is not a multiple of a block
size. Imagine a block size of 8, and they pass 10 bytes.
Now all the encryption is based on an ECB that requires an entire 8-byte
block to encrypt. If you do not have a whole block, you can do one of two
things. You can either pad the (in this example) 2nd block, by adding
6-bytes and then encrypt a full block. Or you can use CipherText Stealing
(CTS), and end up with an 10 block output.
But the option to use CTS is listed as an encryption mode, independent of
EBC or CBC. So which mode am i expecting the encryptor to be using for
everything except the final two blocks when in CTS mode? Or am i just to
assume that CBC mode is to be used for CTS, except for all but the last
block.
Also, what happens if for exampe i specify i want to use CBC mode, and no
padding? The input is not a block-size multiple, and i'm not using CTS (i'm
using CBC). Does that throw an exception?
What happens if i specify use CTS and padding? Which will it do? Will it
pad, and then not need to steal, or will it not pad, and steal the
ciphertext. Or will it throw an exception?
Additionally, what is "TransformFinalBlock" really for? i would guess that
any calls to "TransformBlock" must specify an input byte count that is a
multiple of the block size, and no CTS or padding will EVER be used for it.
And the only time CTS or padding would be applied is in a call to
TransformFinalBlock - where it is intented that you will pass your final
short block.
Can someone please clarify the documentation WRT these issues?