This section describes functions for authenticated encryption/decryption using the Counter with Cipher Block Chaining-Message Authentication Code (CCM) mode [NIST SP 800-38C] of the AES (Rijndael128) block cipher.
The AES-CCM
functions enable authenticated encryption/decryption of several messages using one key that the
AES_CCMInit function sets. Processing of each new message starts with a call to the
AES_CCMStart function. The application code for conducting a typical AES-CCM authenticated encryption should follow the sequence of operations as outlined below:
- Get the size required to configure the context
IppsAES_CCMState by calling the function
AES_CCMGetSize.
- Call the system memory-allocation service function to allocate a buffer whose size is not less than the function
AES_CCMGetSize specifies.
- Initialize the context
IppsAES_CCMState*pCtx by calling the function
AES_CCMInit with the allocated buffer and respective AES key.
- Optionally call
AES_CCMMessageLen and/or
AES_CCMTagLen to set up message and tag parameters.
- Call
AES_CCMStart to start authenticated encryption of the first/next message.
- Keep calling
AES_CCMEncrypt until the entire message is processed.
- Request the authentication tag by calling
AES_CCMGetTag.
- Proceed to the next message, if any, that is, go to step 5.
- Clean up secret data stored in the context.
- Call the system memory free service function to release the buffer allocated for the context
IppsAES_CCMState, if needed.