nisse@lysator.liu.se (Niels Möller) writes:
Maybe throw an error for non-16/24/32 key sizes? I'm not sure how useful it is to support that.
Not terribly useful, I guess, but since it's well defined by the serpent spec, I think it should be supported.
Which spec? According to wikipedia
https://secure.wikimedia.org/wikipedia/en/wiki/Serpent_%28cipher%29
this is the official serpent homepage:
http://www.cl.cam.ac.uk/~rja14/serpent.html
and the link for "algorithm specification" is
http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf
which says that
The user key length is variable, but for the purposes of this submission we fix it at 128, 192 or 256 bits
That is a bit vague, either it is variable or it isn't.
The Serpent-0 specification says
The user key can be of any length between 64 and 256 bits.[5]
[5] We define key lengths to be multiples of 32 bits for ease of implementation, and ...
Thus in any case, it seems, the key size is not completely variable and always a multiple of 32 bits (which resolves the key alignment issue).
My impression is that Serpent is a bit confusingly specified, and it is unclear which specification is actually the right one. The test vector confusion reinforced my impression here.
/Simon