aadomn
commented
1 year ago Actually the header file is correct: it is possible to pass as input parameters either the same key twice, or two different keys (since bitsliced/fixsliced AES on 32-bit platforms processes two blocks at a time, it allows to encrypt each block with different keys). However there was indeed a typo in the masked key schedule functions: the first input key was loaded twice, instead of loading each key once. The issue is now fixed thanks to your comment.
Thanks a lot for pointing this out!
In the ARM Cortex masked implementation the header file implies that there are two keys given as arguments for the keyschedulers,
aes128_keyschedule_ffsandaes128_keyschedule_sfs, but in the assembly code, the same functions are only documented to take one key. It seems the header file is incorrect here as it does not seem like a second key is ever used in the code.Thank you otherwise for having thorough comments and well documented code :)