Clarify comments on use of AES OFB block mode

2018-06-02 18:27:04 +01:00 · 2018-06-02 18:27:04 +01:00 · 968646c079
commit 968646c079
parent 00131446be
1 changed files with 16 additions and 7 deletions
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@ -309,13 +309,22 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
 *        The OFB operation is identical for encryption or decryption, therefore
 *        no operation mode needs to be specified.
 *
- * \note  Upon exit, the content of the IV is updated so that you can
- *        call the same function again on the next
- *        block(s) of data and get the same result as if it was
- *        encrypted in one call. This allows a "streaming" usage.
- *        If you need to retain the contents of the
- *        IV, you must either save it manually or use the cipher
- *        module instead.
+ * \note  Upon exit, the content of iv, the Initialisation Vector, is updated
+ *        so that you can call the same function again on the next block(s) of
+ *        data and get the same result as if it was encrypted in one call. This
+ *        allows a "streaming" usage, by initialising iv_off to 0 before the
+ *        first call, and preserving its value between calls.
+ *
+ *        For block by block usage, (or non-streaming use), the iv should be
+ *        initialised on each call to a unique value, and iv_off set to 0 on
+ *        each call.
+ *
+ *        If you need to retain the contents of the initialisation vector, you
+ *        must either save it manually or use the cipher module instead.
+ *
+ *        For the OFB mode, the initiallisation vector must be unique and must
+ *        be unique for every encryption operation. Reuse of an initialisation
+ *        vector will compromise security.
 *
 *
 * \param ctx      The AES context to use for encryption or decryption.