search

kokke / tiny-AES-c

Small portable AES128/192/256 in C
The Unlicense
4.28k stars 1.3k forks source link

Is there any plan to support CCM mode? #168

Open cy18 opened 4 years ago

kokke commented 4 years ago

Hi @cy18 and thanks for your interest :)

No plans currently, unfortunately. Furthermore, for an AEAD algorithm I think I would prefer GCM and I do have plans to support GCM some day.

For a comparison between CCM and GCM, see this link : https://crypto.stackexchange.com/a/19446/51068

cy18 commented 4 years ago

Thank you for your work on tiny-AES-c. @kokke

Here's another comparison about CCM and GCM https://crypto.stackexchange.com/questions/24095/aes-gcm-vs-other-encryption-modes-in-embedded-environment-for-network-traffic

I think CCM is a better than GCM on MCU applications. This is because CCM only need AES Cipher, and fewer ROM and RAM are needed. When speed is the concern, use -O3 instead of -Os could increase the speed massively. Futher more, CCM could take more advantage of hardware AES. This could be useful when communicating between one MCU with hardware AES and another without.

I have forked tiny-AES-c to added support for CCM, and it is quite simple. I'm willing to submit a PR but I found it's hard to keep the style and API uniform.

kokke commented 4 years ago

Hi @cy18

Here's another comparison about CCM and GCM https://crypto.stackexchange.com/questions/24095/aes-gcm-vs-other-encryption-modes-in-embedded-environment-for-network-traffic

Thanks for the link. The discussion sheds light on some nuances I hadn't considered regarding data-dependency.

I think CCM is a better than GCM on MCU applications. This is because CCM only need AES Cipher, and fewer ROM and RAM are needed. When speed is the concern, use -O3 instead of -Os could increase the speed massively. Futher more, CCM could take more advantage of hardware AES. This could be useful when communicating between one MCU with hardware AES and another without.

The main design goal of this library is not performance but a small resource footprint (RAM/ROM), so I don't have much opinion performance-wise, as long as the performance is usable/acceptable.

I have forked tiny-AES-c to added support for CCM, and it is quite simple. I'm willing to submit a PR but I found it's hard to keep the style and API uniform.

I checked out your github repos, but couldn't find mention of CCM mode - am I missing something? :S

If you're willing to make a PR, I think we can work out something w.r.t. style and API conformity. The API is not frozen, so if it needs some refactoring to make CCM a fit, I think we can make it happen.

I'm always interested in gaining a new feature/mode-of-operation ;)

cy18 commented 4 years ago

I have not pushed it yet. I'll do some clean up and push it tomorrow.

kokke commented 4 years ago

Just for reference, #169 is related to this issue