AES implementations

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

Libraries

AES speed at 128, 192 and 256-bit key sizes.

Rijndael is free for any use public or private, commercial or non-commercial. The authors of Rijndael used to provide a homepage^[1] for the algorithm. Care should be taken when implementing AES in software. Like most encryption algorithms, Rijndael was designed on big-endian systems. For this reason, little-endian systems, which include the common PC, return correct test vector results only through swapping bytes of the input and output words.

The algorithm operates on plaintext blocks of 16 bytes. Encryption of shorter blocks is possible only by padding the source bytes, usually with null bytes. This can be accomplished via several methods, the simplest of which assumes that the final byte of the cipher identifies the number of null bytes of padding added.

Careful choice must be made in selecting the mode of operation of the cipher. The simplest mode encrypts and decrypts each 128-bit block separately. In this mode, called "electronic code book (ECB)", blocks that are identical will be encrypted identically, which is entirely insecure. This will make some of the plaintext structure visible in the ciphertext. Selecting other modes, such as empressing a sequential counter over the block prior to encryption (CTR mode) and removing it after decryption avoids this problem.

Current list of FIPS 197 validated cryptographic modules (hosted by NIST)
Current list of FIPS 140 validated cryptographic modules with validated AES implementations (hosted by NIST) - Most of these involve a commercial implementation of AES algorithms. Look for "FIPS-approved algorithms" entry in the "Level / Description" column followed by "AES" and then a specific certificate number.

C/ASM library

wolfSSL (previously CyaSSL)
GnuTLS
Network Security Services
OpenSSL
mbed TLS (previously PolarSSL)
axTLS
Microsoft CryptoAPI uses Cryptographic Service Providers to offer encryption implementations. The Microsoft AES Cryptographic Provider was introduced in Windows XP and can be used with any version of the Microsoft CryptoAPI. ^[2]
tiny-AES128-C Small portable AES128 in C (suitable for embedded systems)
AES-256 a byte-oriented portable AES-256 implementation in C
Solaris Cryptographic Framework offers multiple implementations, with kernel providers for hardware acceleration on x86 (using the Intel AES instruction set) and on SPARC (using the SPARC AES instruction set). It is available in Solaris and derivatives, as of Solaris 10.^[3]
OpenAES portable C cryptographic library

C++ library

Botan has implemented Rijndael since its very first release in 2001
Crypto++ A comprehensive C++ semi-public-domain implementation of encryption and hash algorithms. FIPS validated

C# /.NET

As of version 3.5 of the .NET Framework, the System.Security.Cryptography namespace contains both a fully managed implementation of AES and a managed wrapper around the CAPI AES implementation.
Bouncy Castle Crypto Library

Java

Java Cryptography Extension, integrated in the Java Runtime Environment since version 1.4.2
IAIK JCE
Bouncy Castle Crypto Library

Python

PyCrypto - The Python Cryptography Toolkit PyCrypto
keyczar - Cryptography Toolkit keyczar

JavaScript

SJCL library - contains JavaScript implementations of AES in CCM, CBC, OCB and GCM modes
AES-JS - portable JavaScript implementation of AES ECB and CTR modes
Forge - JavaScript implementations of AES in CBC, CTR, OFB, CFB, and GCM modes
asmCrypto - JavaScript implementation of popular cryptographic utilities with focus on performance. Supports CBC, CFB, CCM modes.
pidCrypt - open source JavaScript library. Only supports the CBC and CTR modes.

Applications

Archive and compression tools

File system

Encrypting File System in Windows 2000 and later Windows versions.^[4]

Disk encryption

DiskCryptor
BitLocker (part of "Enterprise" and "Ultimate" editions of Windows Vista and Windows 7 operating systems)
FileVault (part of the Mac OS X operating system, and also the included Disk Utility makes AES-encrypted drive images)
DoxBox
GBDE
Geli (software)
LUKS
TrueCrypt (discontinued)
CipherShed
Private Disk
VeraCrypt

Security for communications in Local Area Networks

IEEE 802.11i, an amendment to the original IEEE 802.11 standard specifying security mechanisms for wireless networks, uses AES-128 in CCM mode (CCMP).
The ITU-T G.hn standard, which provides a way to create a high-speed (up to 1 Gigabit/s) Local area network using existing home wiring (power lines, phone lines and coaxial cables), uses AES-128 for encryption.

Miscellaneous

DataLockerUses AES 256-bit CBC and XTS mode hardware encryption
GPG, GPL-licensed, includes AES, AES-192, and AES-256 as options.
IPsec
IronKey Uses AES 128-bit and 256-bit CBC-mode hardware encryption
KeePass Password Safe
LastPass^[5]
Linux kernel's Crypto API, now exposed to userspace
Pidgin (software), has a plugin that allows for AES Encryption
SocialDocs file encryption uses AES256 to provide a free-online file encryption tool.
TextSecure
XFire uses AES-128, AES-192 and AES 256 to encrypt usernames and passwords
Certain games and engines, such as the Rockstar Advanced Game Engine used in Grand Theft Auto IV, use AES to encrypt game assets in order to deter hacking in multiplayer.

Hardware

Intel and AMD processors include the AES instruction set.
On IBM zSeries mainframes, AES is implemented as the KM series of assembler opcodes when various Message Security Assist facilities are installed.
SPARC S3 core processors include the AES instruction set, which is used with SPARC T4 and SPARC T5 systems.

References

↑ Original homepage and archived copy
↑ "Microsoft AES Cryptographic Provider".
↑ "System Administration Guide: Security Services, Chapter 13 Solaris Cryptographic Framework (Overview)". Oracle. September 2010. Retrieved 2012-11-27.
↑ Encrypting File System in Windows XP and Windows Server 2003
↑ AES 256-bit encryption with routinely-increased PBKDF2 iterations

Block ciphers (security summary)

Common algorithms	AES (Implementations) Blowfish DES (Internal Mechanics, Triple DES) Serpent Twofish

Less common algorithms	Camellia CAST-128 IDEA RC2 RC5 SEED Skipjack TEA XTEA

Other algorithms	3-Way Akelarre Anubis ARIA BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES GOST Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Ladder-DES Libelle LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Q RC6 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon SMS4 Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES Xenon xmx XXTEA Zodiac

Design	Feistel network Key schedule Lai-Massey scheme Product cipher S-box P-box SPN Avalanche effect Block size Key size Key whitening (Whitening transformation)

Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM (Biclique attack, 3-Subset MITM attack) Linear (Piling-up lemma) Differential (Impossible Truncated Higher-order) Differential-linear Integral/Square Boomerang Mod n Related-key Slide Rotational Timing XSL Interpolation Partitioning Davies' Rebound Weak key Tau Chi-square Time/memory/data tradeoff

Standardization	AES process CRYPTREC NESSIE

Utilization	Initialization vector Mode of operation Padding

Cryptography

History of cryptography Cryptanalysis Cryptography portal Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography