Skip to content


Version History
Date Description
Jan 16, 2021 Updated
Dec 27, 2020 Updated
Dec 26, 2020 Created

So today (Dec 26, 2020) I’m trying to write some crypto functions to encrypt/decrypt network packets. Then I realize my knowledge about network security is just too shallow. Although I know AES, SHA etc to some extent, I’m not really sure how to build them.


Some basic concepts:



SSH has a similar process as SSL/TLS. See Understanding the SSH Encryption and Connection Process.

So TLS (or DTLS for UDP) has an extra handshake protocol after a TCP or UDP port is open. This handshake process uses asymmetric-keys (public/private) keys to exchange info (e.g., choose TLS info, send pub key etc). They will reach a consensus on which TLS version to use, which cipher suite to use, which session key, or encryption key to use. Finally they will start sending traffic using symmetric encryption (e.g., AES). In addition, they will use secure hashing (e.g., SHA3) to ensure the integrity of the packets.

As I know it, it two variables controlling its variations: 1) key size, 128-bit, 192-bit, 256-bit => AES128, AES192, AES256 2) mode of chaining, for data that is larger than standard AES 128-bit block size. The modes can be CTR, CBC and so on. This is more advanced.

AES is a block cipher. AES operates on 128-bit data block, and produces 128-bit encrypted data. Larger data (packets) needs to specify the mode of chaining.



mode of operation describes how to repeatedly apply a cipher’s single-block operation to securely transform amounts of data larger than a block


Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size. Both the input (plaintext) and output (ciphertext) are the same length; the output cannot be shorter than the input – this follows logically from the pigeonhole principle and the fact that the cipher must be reversible – and it is undesirable for the output to be longer than the input.

SHA-3 has several variations, depending the hash size, it can be SHA3-224, SHA3-256, SHA3-384, and SHA3-512.

Case Studies

As usual, let us look at some real world use cases and codes.


Both of them have implemented a set of cryptographic functions, collectively called libcrypto. But.. these libraries have deep roots in their projects, thus using a lot project-specific macros etc, so I think they are not that easy to read. There are a lot simpler POC code out there.


  1. Opencore SHA-3
  2. Opencore AES
  3. SpninalCrypto
    • So I personally use this in my research project. It is clean.


  • CPU has extended instructions to accelerate AES and its friends: AES inst set

Last update: January 16, 2021