AES with a block size of 32 bytes (256 bits)

[CristhianMotoche]

Hello,

I need to write some code written in C# to Haskell. The C# code uses a Rijndael and sets the block size to 32 bytes (256 bits):

var symmetricKey = new RijndaelManaged()
symmetricKey.BlockSize = 256;
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.PKCS7;

I can't use AES because its BlockCipher instances set the blockSize to 16 bytes.

Can you add an instance of AES that uses a blockSize of 32? or should I create my own type for this and then a BlockCipher instance of it? or should I write the C code that handles 32 bytes of block size?

Thanks in advance for any help.

[vincenthz]

Hi @CristhianMotoche, you would have to find out what this blocksize of 32 is doing first, because from a point of view of AES (or Rijndael), the block size is a constant of 16 bytes that is not changeable. Maybe the C# library is automatically doing something like CMC or EME when the block size is above the cipher defined value.

[ldub]

Hey @vincenthz, I've come across the same issue. I'm integrating with a third party that requires values to be encrypted with a 256 bit block size.

While the AES specification itself does specify a 128 bit block size, the original Rijndael algorithm did allow for both key and block sizes to be chosen independently from the set of { 128, 160, 192, 224, 256 } bits.

https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf

You can see that BouncyCastle allows one to set the block size when creating a RijndaelEngine: https://people.eecs.berkeley.edu/~jonah/bc/org/bouncycastle/crypto/engines/RijndaelEngine.html#RijndaelEngine(int)

.NETs standard library also allows one to set the block size: https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rijndaelmanaged?#fields

We are using cryptonite at my work and really need this functionality. Would you consider adding Rijndael to cryptonite since there is a legitimate real-life need for this?

[chessai]

Disclaimer: I work with @ldub.

@vincenthz Like he said, it would be really helpful to us to add this functionality. Is it possible you could reconsider if we put up a PR?

[vincenthz]

thanks for the links @ldub. I wasn't aware there was those block-length extensions in the original rijndael paper, and I think this is the first time I actually read it (enlightening !) compared to reading the AES standard.

@chessai: I don't have a problem of rijndael being added in parallel to AES, as there is indeed a legitimate case for it.