DaGenix
AES-CCM mode
The CCM mode of AES encryption, a AEAD algorithm that is for example mandated in the OSCOAP) protocol, seems not to be implemented in rust-crypto.
Please consider adding it and providing a AeadEncryptor / AeadDecryptor implementation for it.
Three years later, I went looking for this, and found nothing anywhere in the Rust ecosystem. After reading the RFC, I think I know some reasons why:
- AES-CCM is not compatible with "streaming APIs", because the length of the message must be known in advance.
- The calculation of the authentication tag is completely serial.
- The RFC is highly parameterized, making a generic single code path which covers all the cases complex.
As a result, I am now implementing decryption of AES-CCM myself for a small project -- a barely-working minimalist version, which is definitely not worth contributing. My experience and reading of the RFC suggests that the Aead traits defined by rust-crypto would be an awkward fit, to say the least.
To anyone coming here from the future, I would point to Intel's TinyCrypt implementation of AES-CCM (which has been ported to Rust here). Its main limitation is a maximum message length of 64 KiB (2^16 bytes).
For many common applications like wireless protocol packet encrypion, I imagine it will suffice. For the one or two people like myself with more esoteric compatibility problems, ~we will just have to write it from scratch.~ EDIT: See @newpavlov's comment below.
