Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove all code that supports AES-192 #112

Closed
briansmith opened this issue Feb 18, 2016 · 4 comments
Closed

Remove all code that supports AES-192 #112

briansmith opened this issue Feb 18, 2016 · 4 comments
Labels
enhancement good-first-bug performance static-analysis-and-type-safety test-coverage

Comments

@briansmith
Copy link
Owner

See

ring/crypto/aes/aes.c

Lines 549 to 551 in c882c2c

case 192:
aeskey->rounds = 12;
break;

and

ring/crypto/aes/aes.c

Lines 549 to 551 in c882c2c

case 192:
aeskey->rounds = 12;
break;

Also, I guess the assembly language code must have some bits that support 192-bit AES.

We don't need any of this since we don't (and don't plan to) expose AES-192.
Ms2ger added a commit to Ms2ger/ring that referenced this issue Mar 25, 2016
@Ms2ger
Remove code that supports AES-192.
81df96d 
Fixes briansmith#112.
@Ms2ger Ms2ger mentioned this issue Mar 25, 2016
Closed
@briansmith
Copy link
Owner Author

Done in fc99d30.

@lawliet89
Copy link
Contributor

@briansmith May I know the reasons behind not supporting AES-192? Just curious to know because I am working on a library to implement JSON Web Encryption in Rust and AES-192 is one of the algorithms in the standard.

@briansmith
Copy link
Owner Author

@lawliet89

Basically, it was removed:

  1. Because of lack of tests and review.
  2. Because nobody is using it in the real world.
  3. To discourage people from implementing it in higher-level things, because of (1) and (2)

Note that Chrome's WebCrypto API implementation also skips AES-192; see https://diafygi.github.io/webcrypto-examples/.

Regarding JOSE, I recommend that you don't try to implement everything in the spec. Checkboxes are pretty but it's better to have solid implementations of fewer primitives than to check all the boxes.

@lawliet89
Copy link
Contributor

Thanks for your detailed reply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement good-first-bug performance static-analysis-and-type-safety test-coverage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@briansmith @lawliet89