1 (edited by SteffenL 2013-07-18 08:18:49)

Topic: AES ECB?

Hello,

I'm working on a project that uses an SSL/crypto library, and I would like to make it compatible with wolfSSL embedded SSL as well. It makes use of AES encryption in ECB mode.

I was expecting functions named AesEcbEncrypt and AesEcbDecrypt, so I'm not quite sure how to do this correctly with wolfSSL. I did see the functions AES_ECB_encrypt/AES_ECB_decrypt.

I use mostly default settings when compiling wolfSSL.

Thank you in advance! smile

Share

Re: AES ECB?

Hi Steffen,

wolfSSL doesn't currently support AES-ECB mode of operation.  We do support AES in CBC, CTR, GCM, and CCM modes though.  ECB (Electronic codebook) mode is not regarded as very secure.  If you take a look at the penguin image on the following Wikipedia page under the "ECB" section, you will see that it doesn't hide patterns very well:

https://en.wikipedia.org/wiki/Block_cip … _operation

Best Regards,
Chris

Re: AES ECB?

Thank you for the reply, Chris!

Unfortunately, I have to adapt to a 3rd party system and whatever it uses.

If it requires a lot of effort to support the ECB mode, then please don't worry about it. Sadly, I must give up on using wolfSSL this time.

Thanks, again. smile

Share

Re: AES ECB?

Calling AesEncryptDirect() and AesDecryptDirect() provide AES-ECB mode.

Re: AES ECB?

Thank you very much, John!

Since these functions are not compiled by default, is there anything I should consider before/while using them (except that ECB mode isn't secure enough)?

I've confirmed that they work fine, but I guess there's a different reason why they're not compiled by default?

Thank you! smile

Share

Re: AES ECB?

Most projects don't use them directly. We try to wrap optional code with preprocessor switches to make the build smaller for resource constrained embedded systems.

Re: AES ECB?

I see. Thanks. smile

You may know this already, but these functions and the ECB mode doesn't appear to be documented in the manual. smile

Share

Re: AES ECB?

You're welcome.

They intentionally undocumented. ECB mode isn't very secure and we encourage use of the other modes.

9 (edited by SteffenL 2013-07-23 11:10:34)

Re: AES ECB?

I see. Thanks.

I (as a user of the library) would actually very much appreciate the documentation regardless (with warnings if you prefer). If I have to use the ECB mode, then it's good to know that I *can* use wolfSSL after all, instead of looking elsewhere (wasting time and efforts).

When it's a matter of either using wolfSSL or ditching it completely for one of your competitors' library, don't you think everyone will benefit from this being documented? They've documented this, and I was close to ditch wolfSSL for my current project. smile

I think it would make your manual even more valuable if you had the documentation, warning/suggestion, etc. It allows it to teach its readers something important, if they happen to not know that ECB mode is insecure. I'm not suggesting that a whole page with details about this should be written.

What do you think? smile

Share