Crypto¶
RIOT provides a collection of block cipher ciphers, different operation modes and cryptographic hash algorithms.
Ciphers¶
Riot supports the following block ciphers:
- AES-128
- NULL
You can use them directly by adding “crypto” to your USEMODULE-List. While you can use the ciphers functions directly, you should resort to the generic API for block ciphers whenever possible.
Additionally you need to set a CFLAG for each cipher you want to use in your Makefile:
- AES-128: CFLAGS += -DCRYPTO_AES Setting the CFLAGS initializes a sufficient large buffer size of the cipher_context_t, used by the ciphers for en-/de-cryption operations.
Example:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | #include "crypto/ciphers.h"
cipher_t cipher;
uint8_t key[AES_KEY_SIZE] = {0},
plain_text[AES_BLOCK_SIZE] = {0},
cipher_text[AES_BLOCK_SIZE] = {0};
if (cipher_init(&cipher, CIPHER_AES_128, key, AES_KEY_SIZE) < 0)
printf("Cipher init failed!\n");
if (cipher_encrypt(&cipher, plain_text, cipher_text) < 0)
printf("Cipher encryption failed!\n");
else
od_hex_dump(cipher_text, AES_BLOCK_SIZE, 0);
|
Some aspects of the AES implementation can be fine tuned by pseudo-modules:
- crypto_aes_precalculated: Use pre-calculated T-tables. This improved speed at the expense of increased program size. The default is to calculate most tables on the fly.
- crypto_aes_unroll: enable manually-unrolled loops. The default is to not have them unrolled.
If you need to encrypt data of arbitrary size take a look at the different operation modes like: CBC, CTR or CCM.
Additional examples can be found in the test suite.