[Feature Request] Support CFB mode for AES

aws / aws-lc-rs

aws-lc-rs is a cryptographic library using AWS-LC for its cryptographic operations. The library strives to be API-compatible with the popular Rust library named ring.

Other

311 stars 49 forks source link

[Feature Request] Support CFB mode for AES #575

Open mariusknaust opened 6 days ago

mariusknaust commented 6 days ago

Problem:

The TPM2 specification Part 1: Architecture 24.4 Symmetric Encrypt requires the use of an AES 128 bit key using CFB mode. Currently CFB mode is not exposed in aws-ls-rs which blocks us from using it for the particular use case.

Requirements:

Encryption using an AES 128 bit key with CFB mode
The IV vector needs to be configurable (in the use case it will be set to all zero)

skmcgrail commented 2 days ago

Hey @mariusknaust

Can you confirm what bit-mode of CFB you need? I tried looking in the TPM2 specification but did not see it explicitly state the bit-mode in use. Typically that implies CFB 128-bit mode, but just want to double check. AWS-LC supports 1, 8, and 128 bit-modes for CFB, but want to confirm what you need to make sure we are able to provide it.

Thanks

mariusknaust commented 1 day ago

Hi @skmcgrail,

thanks for picking this up. For the TPM2 use case we need to use AES for a 128 bit key in CFB mode with 128-bit shift (what would be EVP_aes_128_cfb128 in OpenSSL).