/* * Copyright (C) 2015 Southern Storm Software, Pty Ltd. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included * in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ /** \file crypto.dox \page crypto Cryptographic Library \section crypto_algorithms Supported Algorithms \li Block ciphers: AES128, AES192, AES256 \li Block cipher modes: CTR, CFB, CBC, OFB \li Stream ciphers: ChaCha \li Hash algorithms: SHA1, SHA256, SHA512, SHA3_256, SHA3_512, BLAKE2s, BLAKE2b \li Public key algorithms: Curve25519 \li Random number generation: \link RNGClass RNG\endlink, TransistorNoiseSource, RingOscillatorNoiseSource All cryptographic algorithms have been optimized for 8-bit Arduino platforms like the Uno. Memory usage is also reduced, particularly for SHA1, SHA256, and SHA512 which save 256, 192, and 512 bytes respectively over traditional implementations. For all algorithms, static sbox tables and the like are placed into program memory to further reduce data memory usage. ChaCha with 20 rounds and 256-bit keys is the recommended symmetric encryption algorithm because it is twice as fast as AES128, constant-time, and much more secure. AES128, AES192, and AES256 are provided for use in applications where compatibility with other systems is desirable. BLAKE2s and BLAKE2b are variations on the ChaCha stream cipher, designed for hashing, with 256-bit and 512-bit hash outputs respectively. They are intended as high performance replacements for SHA256 and SHA512 for when speed is critical but exact bit-compatibility of hash values is not. \section crypto_other Examples and other topics \li \ref crypto_rng "Generating random numbers" \section crypto_performance Performance All figures are for the Arduino Uno running at 16 MHz. Figures for the Ardunino Mega 2560 running at 16 MHz are similar:
AlgorithmEncryption / Hashing (per byte)Decryption (per byte)Key SetupState Size (bytes)
AES128 (ECB mode)36.90us66.48us160.00us208
AES192 (ECB mode)44.20us80.35us166.54us240
AES256 (ECB mode)51.50us94.22us227.97us272
ChaCha (20 rounds)14.87us14.88us43.74us130
ChaCha (12 rounds)10.38us10.38us43.74us130
ChaCha (8 rounds)8.13us8.14us43.74us130
SHA121.90us 93
SHA25643.85us 105
SHA512123.24us 209
SHA3_256121.69us 403
SHA3_512229.12us 403
BLAKE2s18.54us 169
BLAKE2b50.58us 337
Where a cipher supports more than one key size (such as ChaCha), the values are typically almost identical for 128-bit and 256-bit keys so only the maximum is shown above. Public key algorithms have the following results on an Arduino Uno:
AlgorithmOperationTimeComment
Curve25519\link Curve25519::eval() eval()\endlink3738 msRaw curve evaluation
Curve25519\link Curve25519::dh1() dh1()\endlink3740 msFirst half of Diffie-Hellman key agreement
Curve25519\link Curve25519::dh2() dh2()\endlink3738 msSecond half of Diffie-Hellman key agreement
*/