Movatterモバイル変換

Jump to content

AES implementations

Русский

From Wikipedia, the free encyclopedia

Implementations of Advanced Encryption Standard

This article'suse ofexternal links may not follow Wikipedia's policies or guidelines. Pleaseimprove this article by removingexcessive orinappropriate external links, and converting useful links where appropriate intofootnote references.(July 2024) (Learn how and when to remove this message)

There are various implementations of theAdvanced Encryption Standard, also known as Rijndael.

Libraries

Rijndael is free for any use public or private, commercial or non-commercial.^[1] The authors of Rijndael used to provide a homepage^[2] for the algorithm. Care should be taken when implementing AES in software, in particular around side-channel attacks.

The algorithm operates on plaintext blocks of 16 bytes. Encryption of shorter blocks is possible only bypadding the source bytes, usually withnull bytes. This can be accomplished via several methods, the simplest of which assumes that the final byte of the cipher identifies the number of null bytes of padding added.

Implementation Considerations

Careful choice must be made in selecting themode of operation of the cipher. The simplest mode encrypts and decrypts each 128-bit block separately. In this mode, calledelectronic code book (ECB), blocks that are identical will be encrypted identically; this is entirely insecure. It makes some of the plaintext structure visible in the ciphertext. Selecting other modes, such as using a sequential counter over the block prior to encryption (i.e., CTR mode) and removing it after decryption avoids this problem. Another mode,Cipher Block Chaining (CBC) is one of the most commonly used modes of AES due to its use in TLS. CBC uses a random initialization vector (IV) to ensure that distinct ciphertexts are produced even when the same plaintext is encoded multiple times. The IV can be transmitted in the clear without jeopardizing security. A common practice is to prepend the 16 byte IV to the ciphertext, which gives the decrypter easy access to the IV. Care must be taken to use a new IV for every encryption operation, since otherwise an attacker can recover plaintext.

Current list of FIPS 197 validated cryptographic modules (hosted by NIST)
Current list of FIPS 140 validated cryptographic modules with validated AES implementations (hosted by NIST) – Most of these involve a commercial implementation of AES algorithms. Look for "FIPS-approved algorithms" entry in the "Level / Description" column followed by "AES" and then a specific certificate number.

C/ASM library

Libgcrypt
wolfSSL (previously CyaSSL)
GnuTLS
Network Security Services
OpenSSL
LibreSSL
BoringSSL
mbed TLS (previously PolarSSL)
Reference original implementation
axTLS
Microsoft CryptoAPI usesCryptographic Service Providers to offer encryption implementations. The Microsoft AES Cryptographic Provider was introduced in Windows XP and can be used with any version of the Microsoft CryptoAPI.^[3]
tiny-AES-c Small portable AES128/192/256 in C (suitable for embedded systems)
AES-256 A byte-oriented portable AES-256 implementation in C
Solaris Cryptographic Framework offers multiple implementations, with kernel providers for hardware acceleration onx86 (using the IntelAES instruction set) and onSPARC (using the SPARC AES instruction set). It is available inSolaris and derivatives, as of Solaris 10.^[4]
OpenAES portable C cryptographic library
LibTomCrypt is a modular and portable cryptographic toolkit that provides developers with well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and other routines.
libSodium API forNaCl
AES Dust Compact implementation of AES-128 encryption in C, x86, AMD64, ARM32 and ARM64 assembly.
MSP430 AES Implementation for embedded 16-bit microcontroller
Gladman AES AES code with optional support for Intel AES NI and VIA ACE by Dr. Brian Gladman.

C++ library

Botan has implemented Rijndael since its very first release in 2001
Crypto++ A comprehensive C++ public-domain implementation of encryption and hash algorithms. FIPS validated

C/CUDA library

gKrypt has implemented Rijndael on CUDA with its first release in 2012

C# /.NET

As of version 3.5 of the.NET Framework, the System.Security.Cryptography namespace contains both a fully managed implementation of AES and a managed wrapper around theCAPI AES implementation.
Bouncy Castle Crypto Library

Delphi

Delphi Encryption Compendium[2] has a cross platform capable AES implementation, among implementations of various other cryptographic algorithms

Go

Thecrypto/aes package in standard library

Java

Java Cryptography Extension, integrated in theJava Runtime Environment since version 1.4.2
IAIK JCE
Bouncy Castle Crypto Library

Python

PyCrypto – The Python Cryptography Toolkit PyCrypto, extended inPyCryptoDome
keyczar – Cryptography Toolkit keyczar
M2Crypto – M2Crypto is the most complete OpenSSL wrapper for Python.
Cryptography – Python library which exposes cryptographic recipes and primitives.
PyNaCl – Python binding for libSodium (NaCl)

JavaScript

SJCL library – contains JavaScript implementations of AES in CCM, CBC, OCB and GCM modes
AES-JS – portable JavaScript implementation of AES ECB and CTR modes
Forge – JavaScript implementations of AES in CBC, CTR, OFB, CFB, and GCM modes
asmCrypto – JavaScript implementation of popular cryptographic utilities with focus on performance. Supports CBC, CFB, CCM modes.
pidCrypt – open source JavaScript library. Only supports the CBC and CTR modes.

Rust

aes – Rust implementation.

LabVIEW

AES LabVIEW – LabVIEW implementation.

Zig

std.crypto.aes - Zig Standard Library. Includes hardware support for AES-NI on x86_64 and ARM AES Extensions on AArch64.

Applications

Archive and compression tools

File encryption

Away RJN Cryptography^[5] uses Rijndael Algorithm (NIST AES) 256-bit Data Blocks, Cipher Key and CTR (Counter Mode) for any and all Document or picture encryption in Windows only.
Gpg4win
Ncrypt

Encrypting file systems

Mostencrypting file systems use AES,^{[citation needed]} e.g.NTFS

Disk / partition encryption

BitLocker (part of certain editions ofWindows operating systems)
CipherShed
DiskCryptor
FileVault (part of theMac OS X operating system, and also the includedDisk Utility makes AES-encrypted drive images)
GBDE
Geli (software)
LibreCrypt (discontinued)
LUKS
Private Disk
TrueCrypt (discontinued)
VeraCrypt

Storage encryption

Bloombase StoreSafe
Brocade Encryption Switch
IBM Encryption Blade
Vormetric Transparent Encryption (VTE)

Security for communications in local area networks

IEEE 802.11i, an amendment to the originalIEEE 802.11 standard specifying security mechanisms for wireless networks, uses AES-128 in CCM mode (CCMP).
TheITU-T G.hn standard, which provides a way to create a high-speed (up to 1 Gigabit/s)local area network using existing home wiring (power lines, phone lines andcoaxial cables), uses AES-128 for encryption.

Miscellaneous

DataLocker Uses AES 256-bit CBC and XTS mode hardware encryption
Get Backup Pro^[6] uses AES-128 and AES-256
GPG, GPL-licensed, includes AES, AES-192, and AES-256 as options.
IPsec
IronKey Uses AES 128-bit and 256-bit CBC-mode hardware encryption
KeePass Password Safe
LastPass^[7]
Linux kernel'sCrypto API, now exposed to userspace
NetLib Encryptionizer supports AES 128/256 in CBC, ECB and CTR modes for file and folder encryption on the Windows platform.
Pidgin (software), has a plugin that allows for AES Encryption
Javascrypt^[8] Free open-source text encryption tool runs entirely in web browser, send encrypted text over insecure e-mail or fax machine.
PyEyeCrypt^[9] Free open-source text encryption tool/GUI with user-selectable AES encryption methods and PBKDF2 iterations.
Signal Protocol
- Google Allo (optional)
- Facebook Messenger (optional)
- Signal
- TextSecure
- WhatsApp
SocialDocs file encryption uses AES256 to provide a free-online file encryption tool
XFire uses AES-128, AES-192 and AES 256 to encrypt usernames and passwords
Certain games and engines, such as theRockstar Advanced Game Engine used inGrand Theft Auto IV, use AES to encrypt game assets in order to deter hacking in multiplayer.

Hardware

x86-64 andARM processors include theAES instruction set.
On IBMzSeries mainframes, AES is implemented as the KM series of assembler opcodes when various Message Security Assist facilities are installed.
SPARC S3 core processors include the AES instruction set, which is used withSPARC T4 andSPARC T5 systems.

References

^Letter Submitted by creators Daemen and Rijndael
^Original homepage andarchived copy
^"Microsoft AES Cryptographic Provider". 9 July 2021.
^"System Administration Guide: Security Services, Chapter 13 Solaris Cryptographic Framework (Overview)". Oracle. September 2010. Retrieved2012-11-27.
^"Untitled 1".
^"Get Backup Pro is a solid backup utility for Macs".Engadget. 25 October 2014. Retrieved2016-04-26.
^AES 256-bit encryption with routinely-increased PBKDF2 iterations
^[1]Web Browser,fourmilab.ch/javascrypt
^PyEyeCrypt at github Windows,OSX andLinux binaries andPython source code included in release v1.1

v t e Block ciphers (security summary)
Common algorithms	AES Blowfish DES (internal mechanics,Triple DES) Serpent SM4 Twofish
Less common algorithms	ARIA Camellia CAST-128 GOST IDEA LEA RC5 RC6 SEED Skipjack TEA XTEA
Other algorithms	3-Way Adiantum Akelarre Anubis Ascon BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES LOKI (97,89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q QARMA RC2 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES xmx XXTEA Zodiac
Design	Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Confusion and diffusion Round Avalanche effect Block size Key size Key whitening (Whitening transformation)
Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM Biclique attack 3-subset MITM attack Linear (Piling-up lemma) Differential Impossible Truncated Higher-order Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Modn Related-key Slide Rotational Side-channel Timing Power-monitoring Electromagnetic Acoustic Differential-fault XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff
Standardization	AES process CRYPTREC NESSIE NSA Suite B CNSA
Utilization	Initialization vector Mode of operation Padding

v t e Cryptography
General	History of cryptography Outline of cryptography Classical cipher Cryptographic protocol Authentication protocol Cryptographic primitive Cryptanalysis Cryptocurrency Cryptosystem Cryptographic nonce Cryptovirology Hash function Cryptographic hash function Key derivation function Secure Hash Algorithms Digital signature Kleptography Key (cryptography) Key exchange Key generator Key schedule Key stretching Keygen Machines Ransomware Random number generation Cryptographically secure pseudorandom number generator (CSPRNG) Pseudorandom noise (PRN) Secure channel Insecure channel Subliminal channel Encryption Decryption End-to-end encryption Harvest now, decrypt later Information-theoretic security Plaintext Codetext Ciphertext Shared secret Trapdoor function Trusted timestamping Key-based routing Onion routing Garlic routing Kademlia Mix network
Mathematics	Cryptographic hash function Block cipher Stream cipher Symmetric-key algorithm Authenticated encryption Public-key cryptography Quantum key distribution Quantum cryptography Post-quantum cryptography Message authentication code Random numbers Steganography
Category

Retrieved from "https://en.wikipedia.org/w/index.php?title=AES_implementations&oldid=1300317624"

Advanced Encryption Standard

Hidden categories:

[8]ページ先頭

©2009-2026 Movatter.jp