You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For AES, (also known as Rijndael) there are four descriptors which complicate issues a little. The descriptors
643
-
rijndael\_desc and rijndael\_enc\_desc provide the cipher named \textit{rijndael}. The descriptors aes\_desc and
644
-
aes\_enc\_desc provide the cipher name \textit{aes}. Functionally both \textit{rijndael} and \textit{aes} are the same cipher. The
646
+
For AES, (also known as Rijndael) there are multiple descriptors which complicate issues a little. As of FIXME-version-next
647
+
the library also integrates hardware-accelerated AES operations (e.g. AES-NI on amd64 with SSE4.1). Therefor the functionality of
648
+
the descriptors for the AES algorithm has changed. The rijndael\_desc and rijndael\_enc\_desc descriptors provide the cipher
649
+
named \textit{rijndael} which contains the software implementation of the algorithm. The descriptors aes\_desc and aes\_enc\_desc
650
+
provide the cipher named \textit{aes} and implement an auto-detection mechanism that chooses between the software-only \textit{rijndael}
651
+
and the hardware-accelerated implementation.
652
+
653
+
Functionally both \textit{rijndael} and \textit{aes} are the same cipher. The
645
654
only difference is when you call find\_cipher() you have to pass the correct name. The cipher descriptors with \textit{enc}
646
655
in the middle (e.g. rijndael\_enc\_desc) are related to an implementation of Rijndael with only the encryption routine
647
656
and tables. The decryption and self--test function pointers of both \textit{encrypt only} descriptors are set to \textbf{NULL} and
648
657
should not be called.
649
658
650
659
The \textit{encrypt only} descriptors are useful for applications that only use the encryption function of the cipher. Algorithms such
651
-
as EAX, PMAC and OMAC only require the encryption function. So far this \textit{encrypt only} functionality has only been implemented for
652
-
Rijndael as it makes the most sense for this cipher.
660
+
as EAX, PMAC and OMAC or the CTR mode only require the encryption function. So far this \textit{encrypt only} functionality has only
661
+
been implemented for Rijndael as it makes the most sense for this cipher.
653
662
654
663
\item
655
664
Note that for \textit{DES} and \textit{3DES} they use 8 and 24 byte keys but only 7 and 21 [respectively] bytes of the keys are in
656
665
fact used for the purposes of encryption. My suggestion is just to use random 8/24 byte keys instead of trying to make a 8/24
657
666
byte string from the real 7/21 byte key.
658
667
659
-
For \textit{3DES} exists a two-key mode, that can be initialized by calling the setup function with a \textit{keylen} of 16. This results in the re-usage of key \textit{K1} as key \textit{K3}. This mode has been specified as \textit{Keying Option 2} in FIPS 46-3.
668
+
For \textit{3DES} exists a two-key mode, that can be initialized by calling the setup function with a \textit{keylen} of 16.
669
+
This results in the re-usage of key \textit{K1} as key \textit{K3}. This mode has been specified as \textit{Keying Option 2} in FIPS 46-3.
660
670
661
671
\item
662
672
Note that \textit{Twofish} has additional configuration options (Figure \ref{fig:twofishopts}) that take place at build time. These options are found in
0 commit comments