CryptoCell AES-CCM APIs

AES_CCM key buffer definition.

Definition at line 122 of file crys_aesccm.h.

AES_CCM MAC buffer definition.

Definition at line 124 of file crys_aesccm.h.

The user's context structure - the argument type that is passed by the user to the AES CCM APIs

AES_CCM_STAR Nonce buffer defintion.

Definition at line 129 of file crys_aesccm.h.

AES_CCM_STAR source address buffer defintion.

Definition at line 127 of file crys_aesccm.h.

AES CCM key sizes.

Enumerator:

CRYS_AES_Key128BitSize	Key size 128 bits.
CRYS_AES_Key192BitSize	Key size 192 bits.
CRYS_AES_Key256BitSize	Key size 256 bits.
CRYS_AES_Key512BitSize	Key size 512 bits.
CRYS_AES_KeySizeNumOfOptions	Number of optional key sizes.
CRYS_AES_KeySizeLast	Reserved.

Definition at line 105 of file crys_aesccm.h.

AES CCM combines Counter mode encryption with CBC-MAC authentication. Input to CCM includes the following elements:

• Payload - text data that is both authenticated and encrypted.
• Associated data (Adata) - data that is authenticated but not encrypted, e.g., a header.
• Nonce - A unique value that is assigned to the payload and the associated data.

Returns:

CRYS_OK on success.

A non-zero value on failure as defined crys_aesccm_error.h.

Parameters:

[in]	EncrDecrMode	A flag specifying whether an AES Encrypt (SASI_AES_ENCRYPT) or Decrypt (SASI_AES_DECRYPT) operation should be performed.
[in]	CCM_Key	Pointer to AES-CCM key.
[in]	KeySizeId	Enumerator defining the key size (only 128 bit is valid).
[in]	N_ptr	Pointer to the Nonce.
[in]	SizeOfN	Nonce byte size. The valid values depend on the ccm mode: CCM: valid values = [7 .. 13]. CCM*: valid values = [13].
[in]	ADataIn_ptr	Pointer to the additional input data. The buffer must be contiguous.
[in]	ADataInSize	Byte size of the additional data.
[in]	TextDataIn_ptr	Pointer to the plain-text data for encryption or cipher-text data for decryption. The buffer must be contiguous.
[in]	TextDataInSize	Byte size of the full text data.
[out]	TextDataOut_ptr	Pointer to the output (cipher or plain text data according to encrypt-decrypt mode) data. The buffer must be contiguous.
[in]	SizeOfT	AES-CCM MAC (tag) byte size. The valid values depend on the ccm mode: CCM: valid values = [4, 6, 8, 10, 12, 14, 16]. CCM*: valid values = [0, 4, 8, 16].
[in,out]	Mac_Res	Pointer to the MAC result buffer.
[in]	ccmMode	Flag specifying whether AES-CCM or AES-CCM* should be performed.

This function initializes the AES CCM context.

It formats of the input data, calculates AES-MAC value for the formatted B0 block containing control information and CCM unique value (Nonce), and initializes the AES context structure including the initial CTR0 value.

Returns:

CRYS_OK on success.

A non-zero value on failure as defined crys_aesccm_error.h.

Parameters:

[in]	ContextID_ptr	Pointer to the AES context buffer that is allocated by the user and is used for the AES operation.
[in]	EncrDecrMode	Flag specifying whether Encrypt (SASI_AES_ENCRYPT) or Decrypt (SASI_AES_DECRYPT) operation should be performed.
[in]	CCM_Key	Pointer to the AES-CCM key.
[in]	KeySizeId	Enumerator defining the key size (only 128 bit is valid).
[in]	AdataSize	Full byte length of additional (associated) data. If set to zero, calling CRYS_AESCCM_BlockAdata on the same context would return an error.
[in]	TextSizeQ	Full length of plain text data.
[in]	N_ptr	Pointer to the Nonce.
[in]	SizeOfN	Nonce byte size. The valid values depend on the ccm mode: CCM: valid values = [7 .. 13]. CCM*: valid values = [13].
[in]	SizeOfT	AES-CCM MAC (tag) byte size. The valid values depend on the ccm mode: CCM: valid values = [4, 6, 8, 10, 12, 14, 16]. CCM*: valid values = [0, 4, 8, 16].
[in]	ccmMode	Flag specifying whether AES-CCM or AES-CCM* should be performed.

This function receives a CCM context and a block of additional data, and adds it to the AES MAC calculation. This API can be called only once per operation context. It should not be called in case AdataSize was set to zero in CC_AESCCM_Init.

Returns:

CRYS_OK on success.

A non-zero value on failure as defined crys_aesccm_error.h.

Parameters:

[in]	ContextID_ptr	Pointer to the context buffer.
[in]	DataIn_ptr	Pointer to the additional input data. The buffer must be contiguous.
[in]	DataInSize	Byte size of the additional data. Must match AdataSize parameter provided to CRYS_AESCCM_Init.

This function can be invoked for any block of Text data whose size is a multiple of 16 bytes, excluding the last block that must be processed by CRYS_AESCCM_Finish.

• If encrypting: Continues calculation of the intermediate AES_MAC value of the text data, while simultaneously encrypting the text data using AES_CTR, starting from CTR value = CTR0+1.
• If decrypting: Continues decryption of the text data, while calculating the intermediate AES_MAC value of decrypted data.

Returns:

CRYS_OK on success.

A non-zero value on failure as defined crys_aesccm_error.h.

Parameters:

[in]	ContextID_ptr	Pointer to the context buffer.
[in]	DataIn_ptr	Pointer to the additional input data. The buffer must be contiguous.
[in]	DataInSize	Byte size of the text data block. Must be a multiple of 16 bytes.
[out]	DataOut_ptr	Pointer to the output data. The size of the output buffer must be at least DataInSize. The buffer must be contiguous.

This function must be the last to be called on the text data. It can either be called on the entire text data (if transferred as one block), or on the last block of the text data, even if total size of text data is equal to 0. It performs the same operations as CRYS_AESCCM_BlockTextData, but additionally:

• If encrypting:
  • If the size of text data is not in multiples of 16 bytes, it pads the remaining bytes with zeros to a full 16-bytes block and processes the data using AES_MAC and AES_CTR algorithms.
  • Encrypts the AES_MAC result with AES_CTR using the CTR0 value saved in the context and places the SizeOfT bytes of MAC (tag) at the end.

• If decrypting:
  • Processes the text data, except for the last SizeOfT bytes (tag), using AES_CTR and then AES_MAC algorithms.
  • Encrypts the calculated MAC using AES_CTR based on the saved CTR0 value, and compares it with SizeOfT last bytes of input data (i.e. tag value).
  • The function saves the validation result (Valid/Invalid) in the context.
  • Returns (as the error code) the final CCM-MAC verification result.

Returns:

CRYS_OK on success.

A non-zero value on failure as defined crys_aesccm_error.h.

Parameters:

[in]	ContextID_ptr	Pointer to the context buffer.
[in]	DataIn_ptr	Pointer to the last input data. The buffer must be contiguous.
[in]	DataInSize	Byte size of the last text data block. Can be zero.
[in]	DataOut_ptr	Pointer to the output (cipher or plain text data) data. The buffer must be contiguous. If DataInSize = 0, output buffer is not required.
[in]	MacRes	MAC result buffer pointer.
[out]	SizeOfT	AES-CCM MAC byte size as defined in CRYS_AESCCM_Init.

This function receives the MAC source address, the frame counter and the MAC size and returns the required nonce for AES-CCM* as defined in ieee-802.15.4. This API should be called before CRYS_AESCCMStar and CRYS_AESCCMStar_Init, and the generated nonce should be provided to these functions.

Returns:

CRYS_OK on success.

A non-zero value on failure as defined crys_aesccm_error.h.

Parameters:

[in]	srcAddr	The MAC address in EUI-64 format.
[in]	FrameCounter	The MAC frame counter.
[in]	SizeOfT	AES-CCM* MAC (tag) byte size. Valid values = [0,4,8,16].
[out]	nonce	The required nonce for AES-CCM*.