Block Cipher Modes of Operation

Most of Symmetric Cryptography Algorithms implemented in Intel IPP are Block Ciphers, which operate on data blocks of the fixed size. Block Ciphers encrypt a plaintext block into a ciphertext block or decrypts a ciphertext block into a plaintext block. The size of the data blocks depends on the specific algorithm. Table “Block Sizes in Symmetric Algorithms” shows the correspondence between Block Ciphers applied and their data block size.

Block Cipher modes of executing the operation of encryption/decryption are applied in practice more frequently than “pure” Block Ciphers. On one hand, the modes enable you to process arbitrary length data stream. On the other hand, they provide additional security strength.

Intel IPP for cryptography supports five widely used modes, as specified in [NIST SP 800-38A]:

• Electronic Code Book (ECB) mode
• Cipher Block Chain (CBC) mode
• Cipher Feedback (CFB) mode
• Output Feedback (OFB) mode
• Counter (CTR) mode.

Note

For simplicity and consistency, the mathematical expression and pseudocode in this section describes the behaviour of each function.

The cryptographic functions described in this section require the application to specify both the plaintext message and the ciphertext message lengths as multiples of block size of the respective algorithm (see Table “Block Sizes in Symmetric Algorithms”). To meet this requirement in ciphering the message, the application may use any padding scheme, for example, the scheme defined in [PKCS7]. In case padding is used, the application is responsible for correct interpretation and processing of the last deciphered message block. So of the three padding schemes available for earlier releases,

typedef enum {
    NONE  = 0, IppsCPPaddingNONE = 0,
    PKCS7 = 1, IppsCPPaddingPKCS7 = 1,
    ZEROS = 2, IppsCPPaddingZEROS = 2
} IppsCPPadding;
 

only IppsCPPaddingNONE remains acceptable.

Copyright © 2000 - 2011, Intel Corporation. All rights reserved.