AESCCM driver header.
The Counter with CBC-MAC (CCM) mode of operation is a generic authenticated encryption block cipher mode. It can be used with any block cipher. AESCCM combines CBC-MAC with an AES block cipher in CTR mode of operation.
This combination of block cipher modes enables CCM to encrypt messages of any length and not only multiples of the block cipher block size.
CTR provides confidentiality. The defined application of CBC-MAC provides message integrity and authentication.
AESCCM has the following inputs and outputs:
Encryption | Decryption |
---|---|
Input | |
Shared AES key | Shared AES key |
Nonce | Nonce |
Cleartext | Ciphertext |
MAC | |
AAD (optional) | AAD (optional) |
Output | |
Ciphertext | Cleartext |
MAC |
The AES key is a shared secret between the two parties and has a length between 128, 192, or 256 bits.
The nonce is generated by the party performing the authenticated encryption operation. Within the scope of any authenticated encryption key, the nonce value must be unique. That is, the set of nonce values used with any given key must not contain any duplicate values. Using the same nonce for two different messages encrypted with the same key destroys the security properties.
The length of the nonce determines the maximum number of messages that may be encrypted and authenticated before you must regenerate the key. Reasonable session key rotation schemes will regenerate the key before reaching this limit. There is a trade-off between the nonce-length and the maximum length of the plaintext to encrypt and authenticate per nonce. This is because CTR concatenates the nonce and an internal counter into one 16-byte IV. The counter is incremented after generating an AES-block-sized pseudo-random bitstream. This bitstream is XOR'd with the plaintext. The counter would eventually roll over for a sufficiently long message. This is must not happen. Hence, the longer the nonce and the more messages you can send before needing to rotate the key, the shorter the lengths of invidual messages sent may be. The minimum and maximum nonce length defined by the CCM standard provide for both a reasonable number of messages before key rotation and a reasonable maximum message length. Check NIST SP 800-38C for details.
The optional additional authentication data (AAD) is authenticated but not encrypted. Thus, the AAD is not included in the AES-CCM output. It can be used to authenticate packet headers.
After the encryption operation, the ciphertext contains the encrypted data. The message authentication code (MAC) is also provided.
The AESCCM driver supports both classic CCM as defined by NIST SP 800-38C and the CCM* variant used in IEEE 802.15.4. CCM* allows for unauthenticated encryption using CCM by permitting a MAC length of 0. It also imposes the requirement that the MAC length be embedded in the nonce used for each message if the MAC length varies within the protocol using CCM*.
Before starting a CCM operation, the application must do the following:
The AESCCM_oneStepEncrypt and AESCCM_oneStepDecrypt functions do a CCM operation in a single call. They will always be the most highly optimized routines with the least overhead and the fastest runtime. However, they require all AAD and plaintext or ciphertext data to be available to the function at the start of the call. All devices support single call operations.
When performing a decryption operation with AESCCM_oneStepDecrypt(), the MAC is automatically verified.
After the CCM operation completes, the application should either start another operation or close the driver by calling AESCCM_close()
### Single call CCM encryption + authentication with plaintext CryptoKey in blocking return mode #
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <ti/drivers/cryptoutils/cryptokey/CryptoKey.h>
Go to the source code of this file.
Data Structures | |
struct | AESCCM_Config |
AESCCM Global configuration. More... | |
struct | AESCCM_Operation |
Struct containing the parameters required for encrypting/decrypting and authenticating/verifying a message. More... | |
struct | AESCCM_Params |
CCM Parameters. More... | |
Macros | |
#define | AESCCM_STATUS_RESERVED (-32) |
#define | AESCCM_STATUS_SUCCESS (0) |
Successful status code. More... | |
#define | AESCCM_STATUS_ERROR (-1) |
Generic error status code. More... | |
#define | AESCCM_STATUS_RESOURCE_UNAVAILABLE (-2) |
An error status code returned if the hardware or software resource is currently unavailable. More... | |
#define | AESCCM_STATUS_MAC_INVALID (-3) |
An error status code returned if the MAC provided by the application for a decryption operation does not match the one calculated during the operation. More... | |
#define | AESCCM_STATUS_CANCELED (-4) |
The ongoing operation was canceled. More... | |
Typedefs | |
typedef AESCCM_Config * | AESCCM_Handle |
A handle that is returned from an AESCCM_open() call. More... | |
typedef void(* | AESCCM_CallbackFxn) (AESCCM_Handle handle, int_fast16_t returnValue, AESCCM_Operation *operation, AESCCM_OperationType operationType) |
The definition of a callback function used by the AESCCM driver when used in AESCCM_RETURN_BEHAVIOR_CALLBACK. More... | |
Enumerations | |
enum | AESCCM_ReturnBehavior { AESCCM_RETURN_BEHAVIOR_CALLBACK = 1, AESCCM_RETURN_BEHAVIOR_BLOCKING = 2, AESCCM_RETURN_BEHAVIOR_POLLING = 4 } |
The way in which CCM function calls return after performing an encryption + authentication or decryption + verification operation. More... | |
enum | AESCCM_Mode { AESCCM_MODE_ENCRYPT = 1, AESCCM_MODE_DECRYPT = 2 } |
Enum for the direction of the CCM operation. More... | |
enum | AESCCM_OperationType { AESCCM_OPERATION_TYPE_ENCRYPT = 1, AESCCM_OPERATION_TYPE_DECRYPT = 2 } |
Enum for the operation types supported by the driver. More... | |
Functions | |
void | AESCCM_init (void) |
This function initializes the CCM module. More... | |
void | AESCCM_Params_init (AESCCM_Params *params) |
Function to initialize the AESCCM_Params struct to its defaults. More... | |
AESCCM_Handle | AESCCM_open (uint_least8_t index, const AESCCM_Params *params) |
This function opens a given CCM peripheral. More... | |
void | AESCCM_close (AESCCM_Handle handle) |
Function to close a CCM peripheral specified by the CCM handle. More... | |
void | AESCCM_Operation_init (AESCCM_Operation *operationStruct) |
Function to initialize an AESCCM_Operation struct to its defaults. More... | |
int_fast16_t | AESCCM_oneStepEncrypt (AESCCM_Handle handle, AESCCM_Operation *operationStruct) |
Function to perform an AESCCM encryption + authentication operation in one call. More... | |
int_fast16_t | AESCCM_oneStepDecrypt (AESCCM_Handle handle, AESCCM_Operation *operationStruct) |
Function to perform an AESCCM decryption + verification operation in one call. More... | |
int_fast16_t | AESCCM_cancelOperation (AESCCM_Handle handle) |
Cancels an ongoing AESCCM operation. More... | |
AESCCM_Handle | AESCCM_construct (AESCCM_Config *config, const AESCCM_Params *params) |
Constructs a new AESCCM object. More... | |
Variables | |
const AESCCM_Params | AESCCM_defaultParams |
Default AESCCM_Params structure. More... | |
#define AESCCM_STATUS_RESERVED (-32) |
Common AESCCM status code reservation offset. AESCCM driver implementations should offset status codes with AESCCM_STATUS_RESERVED growing negatively.
Example implementation specific status codes:
#define AESCCM_STATUS_SUCCESS (0) |
Successful status code.
Functions return AESCCM_STATUS_SUCCESS if the function was executed successfully.
#define AESCCM_STATUS_ERROR (-1) |
Generic error status code.
Functions return AESCCM_STATUS_ERROR if the function was not executed successfully and no more pertinent error code could be returned.
#define AESCCM_STATUS_RESOURCE_UNAVAILABLE (-2) |
An error status code returned if the hardware or software resource is currently unavailable.
AESCCM driver implementations may have hardware or software limitations on how many clients can simultaneously perform operations. This status code is returned if the mutual exclusion mechanism signals that an operation cannot currently be performed.
#define AESCCM_STATUS_MAC_INVALID (-3) |
An error status code returned if the MAC provided by the application for a decryption operation does not match the one calculated during the operation.
This code is returned by AESCCM_oneStepDecrypt() if the verification of the MAC fails.
#define AESCCM_STATUS_CANCELED (-4) |
The ongoing operation was canceled.
typedef AESCCM_Config* AESCCM_Handle |
A handle that is returned from an AESCCM_open() call.
typedef void(* AESCCM_CallbackFxn) (AESCCM_Handle handle, int_fast16_t returnValue, AESCCM_Operation *operation, AESCCM_OperationType operationType) |
The definition of a callback function used by the AESCCM driver when used in AESCCM_RETURN_BEHAVIOR_CALLBACK.
handle | Handle of the client that started the CCM operation. |
returnValue | The result of the CCM operation. May contain an error code. Informs the application of why the callback function was called. |
operation | A pointer to an operation struct. |
operationType | This parameter determines which operation the callback refers to. |
The way in which CCM function calls return after performing an encryption + authentication or decryption + verification operation.
Not all CCM operations exhibit the specified return behavor. Functions that do not require significant computation and cannot offload that computation to a background thread behave like regular functions. Which functions exhibit the specfied return behavior is not implementation dependent. Specifically, a software-backed implementation run on the same CPU as the application will emulate the return behavior while not actually offloading the computation to the background thread.
AESCCM functions exhibiting the specified return behavior have restrictions on the context from which they may be called.
Task | Hwi | Swi | |
---|---|---|---|
AESCCM_RETURN_BEHAVIOR_CALLBACK | X | X | X |
AESCCM_RETURN_BEHAVIOR_BLOCKING | X | ||
AESCCM_RETURN_BEHAVIOR_POLLING | X | X | X |
enum AESCCM_Mode |
enum AESCCM_OperationType |
void AESCCM_init | ( | void | ) |
This function initializes the CCM module.
void AESCCM_Params_init | ( | AESCCM_Params * | params | ) |
Function to initialize the AESCCM_Params struct to its defaults.
params | An pointer to AESCCM_Params structure for initialization |
Defaults values are: returnBehavior = AESCCM_RETURN_BEHAVIOR_BLOCKING callbackFxn = NULL timeout = SemaphoreP_WAIT_FOREVER custom = NULL
AESCCM_Handle AESCCM_open | ( | uint_least8_t | index, |
const AESCCM_Params * | params | ||
) |
This function opens a given CCM peripheral.
index | Logical peripheral number for the CCM indexed into the AESCCM_config table |
params | Pointer to an parameter block, if NULL it will use default values. |
void AESCCM_close | ( | AESCCM_Handle | handle | ) |
Function to close a CCM peripheral specified by the CCM handle.
handle | A CCM handle returned from AESCCM_open() |
void AESCCM_Operation_init | ( | AESCCM_Operation * | operationStruct | ) |
Function to initialize an AESCCM_Operation struct to its defaults.
operationStruct | A pointer to an AESCCM_Operation structure for initialization |
Defaults values are all zeros.
int_fast16_t AESCCM_oneStepEncrypt | ( | AESCCM_Handle | handle, |
AESCCM_Operation * | operationStruct | ||
) |
Function to perform an AESCCM encryption + authentication operation in one call.
[in] | handle | A CCM handle returned from AESCCM_open() |
[in] | operationStruct | A pointer to a struct containing the parameters required to perform the operation. |
AESCCM_STATUS_SUCCESS | The operation succeeded. |
AESCCM_STATUS_ERROR | The operation failed. |
AESCCM_STATUS_RESOURCE_UNAVAILABLE | The required hardware resource was not available. Try again later. |
AESCCM_STATUS_CANCELED | The operation was canceled. |
int_fast16_t AESCCM_oneStepDecrypt | ( | AESCCM_Handle | handle, |
AESCCM_Operation * | operationStruct | ||
) |
Function to perform an AESCCM decryption + verification operation in one call.
[in] | handle | A CCM handle returned from AESCCM_open() |
[in] | operationStruct | A pointer to a struct containing the parameters required to perform the operation. |
AESCCM_STATUS_SUCCESS | The operation succeeded. |
AESCCM_STATUS_ERROR | The operation failed. |
AESCCM_STATUS_RESOURCE_UNAVAILABLE | The required hardware resource was not available. Try again later. |
AESCCM_STATUS_CANCELED | The operation was canceled. |
AESCCM_STATUS_MAC_INVALID | The provided MAC did no match the recomputed one. |
int_fast16_t AESCCM_cancelOperation | ( | AESCCM_Handle | handle | ) |
Cancels an ongoing AESCCM operation.
Asynchronously cancels an AESCCM operation. Only available when using AESCCM_RETURN_BEHAVIOR_CALLBACK or AESCCM_RETURN_BEHAVIOR_BLOCKING. The operation will terminate as though an error occured. The return status code of the operation will be AESCCM_STATUS_CANCELED.
[in] | handle | Handle of the operation to cancel |
AESCCM_STATUS_SUCCESS | The operation was canceled. |
AESCCM_STATUS_ERROR | The operation was not canceled. |
AESCCM_Handle AESCCM_construct | ( | AESCCM_Config * | config, |
const AESCCM_Params * | params | ||
) |
Constructs a new AESCCM object.
Unlike AESCCM_open(), AESCCM_construct() does not require the hwAttrs and object to be allocated in a AESCCM_Config array that is indexed into. Instead, the AESCCM_Config, hwAttrs, and object can be allocated at any location. This allows for relatively simple run-time allocation of temporary driver instances on the stack or the heap. The drawback is that this makes it more difficult to write device-agnostic code. If you use an ifdef with DeviceFamily, you can choose the correct object and hwAttrs to allocate. That compilation unit will be tied to the device it was compiled for at this point. To change devices, recompilation of the application with a different DeviceFamily setting is necessary.
config | AESCCM_Config describing the location of the object and hwAttrs. |
params | AESCCM_Params to configure the driver instance. |
config
points to must be zeroed out prior to calling this function. Otherwise, unexpected behavior may ensue. const AESCCM_Params AESCCM_defaultParams |
Default AESCCM_Params structure.