[go: up one dir, main page]

aesni 0.8.0

AES (Rijndael) block ciphers implementation using AES-NI
Documentation

AES block ciphers implementation using AES-NI instruction set.

This crate does not implement any software fallback and does not automatically check CPUID, so if you are using this crate make sure to run software on an appropriate hardware or to use software fallback (e.g. from aes-soft crate) with runtime detection of AES-NI availability (e.g. by using cupid crate).

When using this crate do not forget to enable aes target feature, otherwise you will get a compilation error. You can do it either by using RUSTFLAGS="-C target-feature=+aes" or by editing your .cargo/config.

Ciphers functionality is accessed using BlockCipher trait from block-cipher-trait crate.

CTR mode

In addition to core block cipher functionality this crate provides optimized CTR mode implementation. This functionality requires additionall ssse3 target feature and feature-gated behind ctr feature flag, which is enabled by default. If you only need block ciphers, disable default features with default-features = false in your Cargro.toml.

AES-CTR functionality is accessed using traits from stream-cipher crate.

Vulnerability

Lazy FP state restory vulnerability can allow local process to leak content of the FPU register, in which round keys are stored. This vulnerability can be mitigated at the operating system level by installing relevant patches. (i.e. keep your OS updated!) More info:

Usage example

use aesni::block_cipher::generic_array::GenericArray;
use aesni::block_cipher::{BlockCipher, NewBlockCipher};
use aesni::Aes128;

let key = GenericArray::from_slice(&[0u8; 16]);
let mut block = GenericArray::clone_from_slice(&[0u8; 16]);
let mut block8 = GenericArray::clone_from_slice(&[block; 8]);
// Initialize cipher
let cipher = aesni::Aes128::new(&key);

let block_copy = block.clone();
// Encrypt block in-place
cipher.encrypt_block(&mut block);
// And decrypt it back
cipher.decrypt_block(&mut block);
assert_eq!(block, block_copy);

// We can encrypt 8 blocks simultaneously using
// instruction-level parallelism
let block8_copy = block8.clone();
cipher.encrypt_blocks(&mut block8);
cipher.decrypt_blocks(&mut block8);
assert_eq!(block8, block8_copy);

Runtime detection

If you plan to use AES with runtime detection (e.g. via is_x86_feature_detected!("aes")), then you'll need to enable nocheck feature to disable compile-time target checks. Note that techincally doing so will make API of this crate unsafe, so you MUST ensure that this crate will be used in contexts with enabled necessary target features!

Related documents