Developer Reference

Contents

Block Cipher Modes of Operation

Most of Symmetric Cryptography Algorithms implemented in Intel® IPP are Block Ciphers, which operate on data blocks of the fixed size. Block Ciphers encrypt a plaintext block into a ciphertext block or decrypts a ciphertext block into a plaintext block. The size of the data blocks depends on the specific algorithm. The table below shows the correspondence between Block Ciphers applied and their data block size.
Block Sizes in Symmetric Algorithms  
Block Cipher Name
Data Block Size (bits)
Rijndael128 (AES)
128
TDES
64
SMS4
128
Block Cipher modes of executing the operation of encryption/decryption are applied in practice more frequently than “pure” Block Ciphers. On one hand, the modes enable you to process arbitrary length data stream. On the other hand, they provide additional security strength.
Intel IPP for cryptography supports five widely used modes, as specified in [NIST SP 800-38A]:
  • Electronic Code Book (ECB) mode
  • Cipher Block Chain (CBC) mode
  • Cipher Feedback (CFB) mode
  • Output Feedback (OFB) mode
  • Counter (CTR) mode.

Using the OFB mode

Intel IPP function APIs of the OFB mode contain the
ofbBlkSize
parameter, which represents size of the feedback. Possible size values vary between 8 and
B
*8 bits, where
B
is the data block size of the underlying cipher. For cryptographic strength reasons, avoid using
ofbBlkSize
smaller than
B
*8 bits.

Using the CTR mode

IPP calls performing encryption and decryption treat the processed message
msg
of length
msgLen
as an integral data unit. So the
ippsAESEncryptCTR
or
ippsAESDencryptCTR
function processes the whole message in a single call.
If an application cannot encrypt or decrypt the message in a single call, the input data
M
can be treated as a set of blocks
M
=
M
0
| |
M
1
| |...
M
n
-1
| |
M
n
where:
  • n
    is the largest integer so that
    B
    *
    n
    is not bigger than the
    M
    size;
  • lengths of the first
    n
    blocks
    M
    0
    , ...,
    M
    n
    -1
    are multiple to the data block size
    B
    of the underlying cipher;
  • size of the last block
    M
    n
    is between 0 and
    B
    -1 bytes.
In this case, the application processes the message
M
using a sequence of IPP encryption or decryption calls.
The cryptographic functions described in this require the application to specify both the plaintext message and the ciphertext message lengths as multiples of block size of the respective algorithm (see Table
“Block Sizes in Symmetric Algorithms”
). To meet this requirement in ciphering the message, the application may use any padding scheme, for example, the scheme defined in [PKCS7]. In case padding is used, the application is responsible for correct interpretation and processing of the last deciphered message block. So of the three padding schemes available for earlier releases,
typedef enum { NONE = 0, IppsCPPaddingNONE = 0, PKCS7 = 1, IppsCPPaddingPKCS7 = 1, ZEROS = 2, IppsCPPaddingZEROS = 2 } IppsCPPadding;  
only
IppsCPPaddingNONE
remains acceptable.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804