Modes

• The IMode Interface: The standard mode interface.
• The ModeFactory Class: How to obtain a mode instance.
• Mode Example: A simple programming example.

Cipher modes operate on the next level up from the underlying block cipher. They transform the blocks going in and out of the cipher in ways to give them desirable properties in certain circumstances. The cipher modes implemented by GNU Crypto, which is contained in the gnu.crypto.mode package and are referenced herein by their three-letter abbreviations described below, are:

• Cipher block chaining mode. The "CBC" mode makes every block of the ciphertext depend upon all previous blocks by adding feedback to the transformation. This is done by XORing the plaintext with the previous ciphertext (or, with the first block, an initialization vector) before it is transformed. That is, encryption looks like: C[i] = ENCRYPT(k, P_i ^ C[i-1]); and decryption is P[i] = C[i-1] ^ DECRYPT(C[i]).
• Counter mode. Counter mode, referred to as "CTR" mode, is one of a class of sequenced cipher modes that turn the underlying cipher into a keystream. Counter mode relys on a simple counter register that is updated for every block processed. For plaintexts P[1] ... P[n], ciphertexts C[1] ... C[n], counter elements T[1] ... T[n], and an encryption function ENCRYPT(k, ...), encryption is defined as C[i] = P[i] ^ ENCRYPT(k, T[i]) and decryption as P[i] = C[i] ^ ENCRYPT(k, T[i]).
• Electronic codebook mode. Or "ECB" mode, is the most obvious cipher mode: the cipher block is the direct output of the forward function, and the plain block is the direct output of the inverse function. That is, encryption is C_i = E_k(P_i) and decryption is P_i = E_k^\bgroup-1\egroup(C_i).
• Integer counter mode. "ICM" mode has features in common with counter mode described above. The counter, T_i, is computed by T_i = (T_0 + i) \bmod 256^b, where b is the cipher's block size. T_0 is initialized to the integer representation of some initialization vector. The keystream bytes are then E_k(T_i). Encryption and decryption are then C_i = P_i \oplus E_k(T_i) and P_i = C_i \oplus E_k(T_i), respectively.
• Output feeback mode. "OFB" mode creates a keystream by repeatedly iterating the underlying block cipher over an initialization vector. That is, the ith keystream block is X_i = E(X_\bgroup i-1\egroup) for 1 < i \leq n, and X_1 = IV. Like the other stream modes, the input block i is transformed by the exclusive-or of the block with X_i.