Header file for the NanoCrypto AES-CCM API.
More...
Go to the source code of this file.
|
| MOC_EXTERN MSTATUS | AESCCM_cipher (MOC_SYM(hwAccelDescr hwAccelCtx) BulkCtx ctx, ubyte *nonce, ubyte4 nlen, ubyte *aData, ubyte4 aDataLength, ubyte *data, ubyte4 dataLength, ubyte4 verifyLen, sbyte4 encrypt) |
| | Encyrpt or decrypt data using AES in CCM mode. More...
|
| |
| MOC_EXTERN MSTATUS | AESCCM_clone (MOC_SYM(hwAccelDescr hwAccelCtx) BulkCtx pCtx, BulkCtx *ppNewCtx) |
| | Clone an AES-CCM context. More...
|
| |
| MOC_EXTERN BulkCtx | AESCCM_createCtx (MOC_SYM(hwAccelDescr hwAccelCtx) ubyte *key, sbyte4 keylen, sbyte4 encrypt) |
| | Create a new AES-CCM context for use in AESCCM_cipher. More...
|
| |
| MOC_EXTERN MSTATUS | AESCCM_decrypt (MOC_SYM(hwAccelDescr hwAccelCtx) ubyte M, ubyte L, ubyte *keyMaterial, sbyte4 keyLength, const ubyte *nonce, ubyte *encData, ubyte4 eDataLength, const ubyte *authData, ubyte4 aDataLength, const ubyte U[]) |
| | Decrypt and authenticate a data buffer using AES-CCM. More...
|
| |
| MOC_EXTERN MSTATUS | AESCCM_deleteCtx (MOC_SYM(hwAccelDescr hwAccelCtx) BulkCtx *ctx) |
| | Delete an AES-CCM context created with AESCCM_createCtx. More...
|
| |
| MOC_EXTERN MSTATUS | AESCCM_encrypt (MOC_SYM(hwAccelDescr hwAccelCtx) ubyte M, ubyte L, ubyte *keyMaterial, sbyte4 keyLength, const ubyte *nonce, ubyte *encData, ubyte4 eDataLength, const ubyte *authData, ubyte4 aDataLength, ubyte U[]) |
| | Encrypt and protect a data buffer using AES-CCM, as defined in RFC 3610. More...
|
| |
Header file for the NanoCrypto AES-CCM API.
◆ AESCCM_cipher()
| MOC_EXTERN MSTATUS AESCCM_cipher |
( |
MOC_SYM(hwAccelDescr hwAccelCtx) BulkCtx |
ctx, |
|
|
ubyte * |
nonce, |
|
|
ubyte4 |
nlen, |
|
|
ubyte * |
aData, |
|
|
ubyte4 |
aDataLength, |
|
|
ubyte * |
data, |
|
|
ubyte4 |
dataLength, |
|
|
ubyte4 |
verifyLen, |
|
|
sbyte4 |
encrypt |
|
) |
| |
There are no flag dependencies to enable this function.
- Parameters
-
| hwAccelCtx | If a hardware acceleration flag is defined, this macro expands to an additional parameter, "hwAccelDescr
hwAccelCtx". Otherwise, this macro resolves to nothing. |
| ctx | AES-CCM context to use for this operation. |
| nonce | Nonce data to use for this operation. |
| nlen | Length in bytes of the nonce data. |
| aData | Data input for authentication but not cipher processing. |
| aDataLength | Length in bytes of the authentication data. |
| data | Data to be encrypted or decrypted. |
| dataLength | Length in bytes of the data to be processed. |
| verifyLen | Length in bytes of the verification tag. |
| encrypt | TRUE to encrypt, FALSE to decrypt. |
aes_ccm.h
◆ AESCCM_clone()
| MOC_EXTERN MSTATUS AESCCM_clone |
( |
MOC_SYM(hwAccelDescr hwAccelCtx) BulkCtx |
pCtx, |
|
|
BulkCtx * |
ppNewCtx |
|
) |
| |
- Parameters
-
| pCtx | Pointer to an instantiated BulkCtx. |
| ppNewCtx | Double pointer to the BulkCtx to be created and populated with the data from the source context. |
- Returns
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.
aes_ccm.h
◆ AESCCM_createCtx()
| MOC_EXTERN BulkCtx AESCCM_createCtx |
( |
MOC_SYM(hwAccelDescr hwAccelCtx) ubyte * |
key, |
|
|
sbyte4 |
keylen, |
|
|
sbyte4 |
encrypt |
|
) |
| |
There are no flag dependencies to enable this function.
- Parameters
-
| hwAccelCtx | If a hardware acceleration flag is defined, this macro expands to an additional parameter, "hwAccelDescr
hwAccelCtx". Otherwise, this macro resolves to nothing. |
| key | The AES key material to instantiate the context with. |
| keylen | Length in bytes of the AES key material, must be 16, 24, or 32 bytes long. |
| encrypt | Unused. |
- Returns
- Pointer to the newly created context on success, NULL on error.
aes_ccm.h
◆ AESCCM_decrypt()
| MOC_EXTERN MSTATUS AESCCM_decrypt |
( |
MOC_SYM(hwAccelDescr hwAccelCtx) ubyte |
M, |
|
|
ubyte |
L, |
|
|
ubyte * |
keyMaterial, |
|
|
sbyte4 |
keyLength, |
|
|
const ubyte * |
nonce, |
|
|
ubyte * |
encData, |
|
|
ubyte4 |
eDataLength, |
|
|
const ubyte * |
authData, |
|
|
ubyte4 |
aDataLength, |
|
|
const ubyte |
U[] |
|
) |
| |
This function uses AES in CCM mode (as defined in RFC 3610) to decrypt and authenticate the submitted data.
| FIPS Approved |
|
| Suite B Algorithm |
|
| Flowchart | AES-CCM |
- Note
- For details about CCM Mode and related function parameters, see the CCM Mode Overview description in the aes_ccm.dxd documentation.
There are no flag dependencies to enable this function.
- Parameters
-
| hwAccelCtx | If a hardware acceleration flag is defined, this macro expands to an additional parameter, "hwAccelDescr
hwAccelCtx". Otherwise, this macro resolves to nothing. |
| M | Number of octets in the MAC specified in U. |
| L | Number of octets in the length field — the internal counter. |
| keyMaterial | Key material. |
| keyLength | Length of key material (keyMaterial). |
| nonce | Unique nonce, of length 15-L octets. |
| eData | Data to decrypt an authenticate. Specify NULL if no data to decrypt. |
| eDataLength | Length in octets of data to decrypt (encData). |
| aData | Data to input to MAC generation, but not for decryption. Specify NULL if there is no authentication-only data. To perform authentication, this funciton generates the MAC from the submitted data. |
| aDataLength | Length of authentication data (authData). |
| U | Pointer to the MAC, of M octets, of the data to decrypt. |
- Returns
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.
aes_ccm.h
◆ AESCCM_deleteCtx()
| MOC_EXTERN MSTATUS AESCCM_deleteCtx |
( |
MOC_SYM(hwAccelDescr hwAccelCtx) BulkCtx * |
ctx | ) |
|
There are no flag dependencies to enable this function.
- Parameters
-
| hwAccelCtx | If a hardware acceleration flag is defined, this macro expands to an additional parameter, "hwAccelDescr
hwAccelCtx". Otherwise, this macro resolves to nothing. |
| ctx | The AES-CCM context to delete. |
- Returns
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.
aes_ccm.h
◆ AESCCM_encrypt()
| MOC_EXTERN MSTATUS AESCCM_encrypt |
( |
MOC_SYM(hwAccelDescr hwAccelCtx) ubyte |
M, |
|
|
ubyte |
L, |
|
|
ubyte * |
keyMaterial, |
|
|
sbyte4 |
keyLength, |
|
|
const ubyte * |
nonce, |
|
|
ubyte * |
encData, |
|
|
ubyte4 |
eDataLength, |
|
|
const ubyte * |
authData, |
|
|
ubyte4 |
aDataLength, |
|
|
ubyte |
U[] |
|
) |
| |
This function encrypts a data buffer using AES-CCM. It also supports authentication for the submitted data by producing a MAC a message authentication code (generated using the AES cipher as defined in RFC 3610).
| FIPS Approved |
|
| Suite B Algorithm |
|
| Flowchart | AES-CCM |
Among the inputs accepted by this function, you can distinguish between two different types of data:
encData parameter: data is encrypted and used as an input to the MAC.authData parameter: data is not encrypted, but it is used as an input to the MAC.
If you want only a MAC, specify NULL for encData parameter. If you have no data for authentication, specify NULL for authData.
- Note
- For details about the nonce, the
L parameter, and the internal counter, see the CCM Mode Overview description in the aes_ccm.dxd documentation.
There are no flag dependencies to enable this function.
aes_ccm.h
- Parameters
-
| hwAccelCtx | If a hardware acceleration flag is defined, this macro expands to an additional parameter, "hwAccelDescr
hwAccelCtx". Otherwise, this macro resolves to nothing. But... what does the user specify? In the 5.3.1 docs, we just said that this was "Reserved
for future use." Ditto this for all aes_ccm.{c,h} functions. |
| M | Number of the most significant octets in the authentication field — the MAC to return in U. The maximum size is 16 octets. The larger the MAC, the stronger the authentication, and the harder it will be for somebody to modify the message without detection. However, if the size of the message itself is quite small, adding the overhead of 16 octets of MAC is hard to justify, and you should specify a smaller MAC. And again, how do you choose? For most applications, RFC 3610 recommends an M value of at least 8. Valid values for M are 4, 6, 8, 10, 12, 14, and 16 octets. |
| L | Number of octets in the length field — the internal counter. This counter shares a 128-bit (16-octet) space with the nonce. Therefore, the larger the value of L, the smaller the length of the nonce. Conformant with RFC 3610, the NanoCrypto AES-CCM API allows integer L values from 2 to 8 (inclusive). Which L value to use depends on your application. For example, RFC 4309, Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP), requires an L value of 4. This value is chosen because it allows for a counter that is large enough to encrypt an IPv6 Jumbogram. |
| keyMaterial | Key material. |
| keyLength | Length of key material (keyMaterial). |
| nonce | Unique nonce, of length 15-L octets. |
- Warning
- This value must be unique for each message encrypted under the same key. Failure to use unique nonce values can destroy confidentiality.
- Parameters
-
| eData | Data to encrypt and include as input for the MAC. Specify NULL if no data to encrypt. |
| eDataLength | Length in octets of data to encrypt (encData). |
| aData | Data to input to MAC generation, but not for encryption. Specify NULL if there is no authentication-only data. |
| aDataLength | Length of authentication data (authData). |
| U | On return, pointer to generated MAC, which is M octets long. |
- Returns
OK (0) if successful; otherwise a negative number error code definition from merrors.h. To retrieve a string containing an English text error identifier corresponding to the function's returned error status, use the DISPLAY_ERROR macro.
aes_ccm.h
