cipher is immutable but its method takes mutable self about block-ciphers HOT 6 CLOSED

It consumes self. The mut is an implementation detail of the local binding after self is consumed.

from block-ciphers.

I didn't know Rust allow that. That said, why consumes self? why not using a reference?

The types that implement this trait might not be Copy. with the current method, it could cause problems when cipher is part of a struct, when the struct itself is not moved.

And looking more closely, encrypt_vec actually calls encrypt_blocks which takes &mut self , not consuming self:

from block-ciphers.

Because CBC mode requires padding for security. The one-shot API prevents misuse.

it could cause problems when cipher is part of a struct

Clone the cipher type before instantiating it.

from block-ciphers.

Note that creation of block modes from ciphers is a really cheap operation and cloning a cipher instance is not too costly either.

But nevertheless, I wonder if we can add impl<T: BlockCipher> BlockCipher for &T, this could make it possible to instantiate a block mode using block cipher reference (although we would have to slightly change BlockCipher definition to accommodate for that).

from block-ciphers.

Because CBC mode requires padding for security. The one-shot API prevents misuse.

I don't understand. It seems padding is done using the buf / block, not self:

Maybe I'm missing something?

from block-ciphers.

For security reasons:

• IVs cannot be reused.
• the last block encrypted must be padded.

The encryptor is stateful, and for e.g. CBC mode begins with an IV and then uses the previous (encrypted) block as the IV of the next.

There's no further secure operations possible after completing CBC mode encryption. If we were to reset the instance, it would let you reuse an IV. You can't add any more blocks, because padding is used to signal the end of the message.

If you want to encrypt a new message, you must start over with a new IV.

from block-ciphers.