Request: CFB mode with 1-byte segment size, useful for streaming (CFB-8 or CFB-1)

[iceiix]

Can aes_frast CFB mode be used with segment sizes other than the block size? From the code https://github.com/KaneGreen/aes_frast/blob/master/src/aes_with_operation_mode.rs#L228 it doesn't appear so:

/// The feedback size is fixed to 128 bits, which is the same as block size.  

but this would be useful for streaming, effectively converting the block cipher into a stream cipher. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Feedback_(CFB)

To use CFB to make a self-synchronizing stream cipher that will synchronize for any multiple of x bits lost, start by initializing a shift register the size of the block size with the initialization vector. This is encrypted with the block cipher, and the highest x bits of the result are XOR'ed with x bits of the plaintext to produce x bits of ciphertext. These x bits of output are shifted into the shift register, and the process (starting with encrypting the shift register with the block cipher) repeats for the next x bits of plaintext. Decryption is similar, start with the initialization vector, encrypt, and XOR the high bits of the result with x bits of the ciphertext to produce x bits of plaintext, then shift the x bits of the ciphertext into the shift register and encrypt again. This way of proceeding is known as CFB-8 or CFB-1 (according to the size of the shifting).

For comparison, openssl these are aes-128-cfb1 and aes-128-cfb8, and in Python PyCrypto, segment_size:

from Crypto.Cipher import AES

key=b"XXXXXXXXXXXXXXXX"
iv=key

cipher=AES.new(key, AES.MODE_CFB, iv, segment_size=8);
plain = b"\x41"
print "plain =",map(ord, plain)

print "encrypted =",map(ord, cipher.encrypt(plain)) # 209
print "encrypted2 =",map(ord, cipher.encrypt(plain)) # 150
print

cipher=AES.new(key, AES.MODE_CFB, iv);
print "decrypted =",map(ord, cipher.decrypt(b"\xd1")) # 65
print "decrypted2 =",map(ord, cipher.decrypt(b"\x96")) # 65

Trying to port some code which used the Rust OpenSSL crate for CFB in 8-bit mode, first attempt using RustCrypto crates but not yet supported RustCrypto/block-ciphers#28, maybe will switch if it is implemented or to this module if possible.

[KaneGreen]

I am sorry to see this now. But I don't think cfb1 and cfb8 is a good idea. For the following reason:

1. This crate has NEVER been conducted. There is no security guarantee.
2. Less feedback size leads to more times to call function to encrypt or decrypt a block. As an estimate, cfb8 is 16 times slower than cfb128, and cfb1 is another 8 times slower than cfb8. I can't tell you if this can improve security and it is worth or not. But I know that in pure Rust-lang code, they will be really slow.
3. In the new cryptography practice, AES CFB and OFB are both not recommended. Maybe CTR or GCM are OK. However AEAD might be the best choice now, which hasn't been supported by this crate.
4. In fact, when I start writing the CFB code, I've considered the custom feedback size problem. At that time I thought it would be very complicate and give up supporting it.

Anyway, I will re-consider this. But I'm not sure whether supporting cfb1 and cfb8 or not. Probably not.

[KaneGreen]

In commit d0489f0, I added CFB8 support. The crate version goes to 0.1.4.