Topic: Nonce size limit for AES-CCM
It appears that the maximum nonce size for AES-CCM is 13. Why is this limit in place? Can it be increased to at least 16?
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfCrypt → Nonce size limit for AES-CCM
It appears that the maximum nonce size for AES-CCM is 13. Why is this limit in place? Can it be increased to at least 16?
Hi stroebeljc,
The AES CCM IV range 7-13 bytes is defined in the NIST 800-38C
https://nvlpubs.nist.gov/nistpubs/Legac … 00-38c.pdf
The AES CCM algorithm appears that it could handle up to 16-bytes, but it would break compatibility with the specification. I believe the intent of limiting the IV is to reduce the maximum number of bytes that can be encrypted before having to re-key.
Thanks,
David Garske, wolfSSL
Hello @stroebeljc
From https://tools.ietf.org/html/rfc3610#section-2
Valid values of L range between 2 octets and 8 octets
(the value L=1 is reserved).
A nonce N of 15-L octets
So the nonce length must be between 7 and 13 octets (21 and 39 bits).
Hence in wolfssl/wolfcrypt/aes.h:
CCM_NONCE_MIN_SZ = 7,
CCM_NONCE_MAX_SZ = 13,
Awesome, thanks!
It's interesting that the methods wc_AesCcmEncrypt and wc_AesCcmDecrypt use hard coded values rather than the enumerations for the nonce size checking.
Regards,
John
wolfSSL - Embedded SSL Library → wolfCrypt → Nonce size limit for AES-CCM
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.016 seconds (88% PHP - 12% DB) with 12 queries