From ca6f3e24a48ec1e75267280d618864d60bddbf7d Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 6 Oct 2011 13:11:08 +0000
Subject: [PATCH]  - Clarified use of AES and Camellia in CFB and CTR modes

---
 ChangeLog                   | 3 +++
 include/polarssl/aes.h      | 9 +++++++++
 include/polarssl/camellia.h | 8 ++++++++
 3 files changed, 20 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 815d1a576..83d6f0a72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,9 @@ Features
      supported version to a server to help buggy server implementations.
 	 (Closes ticket #36)
 
+Changes
+   * Documentation for AES and Camellia in modes CTR and CFB128 clarified.
+
 = Version 1.0.0 released on 2011-07-27
 Features
    * Expanded cipher layer with support for CFB128 and CTR mode
diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h
index efc13daf5..80fd6d932 100644
--- a/include/polarssl/aes.h
+++ b/include/polarssl/aes.h
@@ -111,6 +111,11 @@ int aes_crypt_cbc( aes_context *ctx,
 /**
  * \brief          AES-CFB128 buffer encryption/decryption.
  *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ *
+ * both 
  * \param ctx      AES context
  * \param mode     AES_ENCRYPT or AES_DECRYPT
  * \param length   length of the input data
@@ -134,6 +139,10 @@ int aes_crypt_cfb128( aes_context *ctx,
  *
  * Warning: You have to keep the maximum use of your counter in mind!
  *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ *
  * \param length        The length of the data
  * \param nc_off        The offset in the current stream_block (for resuming
  *                      within current cipher stream). The offset pointer to
diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h
index c81066c89..b2b12945f 100644
--- a/include/polarssl/camellia.h
+++ b/include/polarssl/camellia.h
@@ -117,6 +117,10 @@ int camellia_crypt_cbc( camellia_context *ctx,
 /**
  * \brief          CAMELLIA-CFB128 buffer encryption/decryption
  *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
+ *
  * \param ctx      CAMELLIA context
  * \param mode     CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
  * \param length   length of the input data
@@ -140,6 +144,10 @@ int camellia_crypt_cfb128( camellia_context *ctx,
  *
  * Warning: You have to keep the maximum use of your counter in mind!
  *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT.
+ *
  * \param length        The length of the data
  * \param nc_off        The offset in the current stream_block (for resuming
  *                      within current cipher stream). The offset pointer to