What is maximum length of plain text in AES-GCM and AES-CCM?

mingele · September 25, 2019, 4:11pm

Hello,

I am using mbed TLS on silicon lab microcontroller. I want to use AES-GCM and AES-CCM mode of encryption.

I have created unit tests for AES-GCM , AES-CCM modes and it seems like some time AES-GCM gets fail to encrypt data more than ~200 Bytes.

But sometimes it encrypts the data successfully with some specific plain text length e.g 256 Bytes.

1- Why AES-GCM is not consistent with plain Text length in above-mentioned ranges?

2- Does the encryption/decryption really depends upon the Text length?

3- Can you please clarify what maximum length of plain Text for AES-GCM and AES-CCM mbed TLS supports?

roneld01 · September 26, 2019, 7:28am

Hi @mingele
200 bytes should not cause an encryption error. There is probably some other issue that cause the error you received. What was the error?

As you can see from the code, the total length cannot exceed 2^39 - 256 bits, ie 2^36 - 2^5 bytes, but this is much more than 200 bytes.

Where does the debugger return the error?

Regards,
Mbed TLS Support
Ron

Topic		Replies	Views
Mbedtls_gcm_auth_decrypt vs (mbedtls_gcm_starts + mbedtls_gcm_update) Crypto and SSL questions	1	1112	December 20, 2019
AES CCM Crypto with PSA and different tag length Mbed OS mbed_tls , mbed_os	0	437	March 17, 2020
AES-CCM tag calculation issue Crypto and SSL questions	3	2193	July 2, 2021
Hardware CCM decryption failure STM32H7 Platform specific questions mbed_client , mbed_tls , stm32h7	1	609	May 31, 2023
Example for using mbed-tls for partial file encryption? Need help with my attempted sample code Mbed TLS	0	820	June 4, 2023