ctaes icon indicating copy to clipboard operation
ctaes copied to clipboard

Published 20 hours ago verified publisher icon bitcoin-core

AES modes

Open prusnak opened this issue 7 years ago • 8 comments

Is there a demand or plan to add various AES modes?

prusnak avatar Oct 16 '17 21:10 prusnak

Is there a demand or plan to add various AES modes?

You tell us if there is a demand? :) Which modes, in particular? Most modes are fairly trivial. For CTR modes a different AES implementation approach may be best (in particular one that runs several blocks in parallel can be more efficient) although CTR modes are .. yuck.

gmaxwell avatar Oct 28 '17 03:10 gmaxwell

libbtc has a CBC implementation based on ctaes (only 256). https://github.com/libbtc/libbtc/blob/master/src/aes256_cbc.c

I think there is a demand... I heard of serval developers who are doing (or did) an CBC implementation on top of ctaes.

jonasschnelli avatar Oct 28 '17 06:10 jonasschnelli

I believe at least CTR and CBC mode should be included here. It's sort of incomplete and dangerous to use without.

sipa avatar Oct 28 '17 11:10 sipa

CBC, CFB and CTR would be really nice to have.

prusnak avatar Oct 28 '17 13:10 prusnak

SIV perhaps, it would be a shame to support ultra-footgunny CTR and not also support at least something relatively safe.

gmaxwell avatar Oct 29 '17 21:10 gmaxwell

What's status of this? Still considered a good idea to include some AES modes here, just nobody has time and interest?

At my dayjob, we currently are looking for some AES library to use both at server and embedded end and this looks like a good candidate. And if we implement CBC anyway, I might as well send a PR here.

kristapsk avatar Jul 31 '18 12:07 kristapsk

I would gladly include constant-time CBC here.

sipa avatar Jul 31 '18 16:07 sipa

CBC mode is implemented in #14.

sipa avatar Aug 18 '20 22:08 sipa