Constructs a mechanism parameter for AES encryption or decryption with "Counter with Cipher Block Chaining - Message Authentication Code", abbreviated CCM (see NIST SP 800-38C). More...

Inheritance diagram for MechParamCCM:

[legend]

Collaboration diagram for MechParamCCM:

[legend]

Public Member Functions
	MechParamCCM (int mech, const ByteArray &nonce, const ByteArray &ad, int datalen, int maclen=16, int nonce_gen_func=CXI_MECH_PARAM_NONCE_NO_GENERATE)

MechanismParameter	getEncoded (void)

Public Member Functions inherited from MechParam
	MechParam (int mech)
	Constructs a mechanism parameter with the given mechanism specifier. More...

MechanismParameter	getEncoded (void)

Detailed Description

Constructs a mechanism parameter for AES encryption or decryption with "Counter with Cipher Block Chaining - Message Authentication Code", abbreviated CCM (see NIST SP 800-38C).

The following example illustrates the usage of the MechParamCCM class:

Key key = ...;
ByteArray nonce = ByteArray("1234567890ABCD");
ByteArray ad = "My Little Secret";
ByteArray data = ...;
ByteArray iv;
ByteArray tag1 = ByteArray(16);
 
// encrypt data
MechParamCCM mechParam = MechParamCCM(CXI_MECH_MODE_ENCRYPT, nonce, ad, data.length());
 
ByteArray crypt = cxi->crypt(CXI_FLAG_CRYPT_INIT | CXI_FLAG_CRYPT_FINAL, key, mechParam.getEncoded(), data, iv, tag1);
 
// decrypt data
mechParam = MechParamCCM(CXI_MECH_MODE_DECRYPT, nonce, ad, data.length());
 
iv.clear;
ByteArray tag2 = ByteArray(16);
 
// authenticated decryption, tag is verified internally
ByteArray plain = cxi->crypt(CXI_FLAG_CRYPT_INIT | CXI_FLAG_CRYPT_FINAL, key, mechParam.getEncoded(), crypt, iv, tag2, tag1);
 
if (plain != data)
  throw Exception("<decrypt>", "decrypted data doesn't match original data");

Constructor & Destructor Documentation

◆ MechParamCCM()

MechParamCCM	(	int	mech,
		const ByteArray &	nonce,
		const ByteArray &	ad,
		int	datalen,
		int	maclen = `16`,
		int	nonce_gen_func = `CXI_MECH_PARAM_NONCE_NO_GENERATE`
	)

Constructs mechanism parameter for Galois Counter Mode (see NIST SP-800-38D).

Parameters

mech	XOR combination of mechanism specifier: crypt mode (see Mode Parameter) CXI_MECH_MODE_ENCRYPT CXI_MECH_MODE_DECRYPT
nonce_gen_func	nonce generation function: cxi_ccm_nonce_no_generate the host has to provide the nonce. cxi_ccm_nonce_generate the cryptoserver generates a random nonce with length of nonce. This nonce is returned by the final encryption call and must then be used as nonce for the decryption.

The chaining mode CXI_MECH_CHAIN_CCM is set as default and cannot be changed.
Parameters

nonce Nonce (7-13 bytes) for initial crypt call

ad additional authentication data.
On chunked operation additional authentication data should be given once on the first call and has to be absent on subsequent calls.
Parameters

datalen length total length of the data that will be passed to the crypt() call(s) later

maclen length of the MAC (range 4-16), has to be set for initial and final crypt call

Member Function Documentation

◆ getEncoded()

MechanismParameter getEncoded ( void )

Returns: Returns the encoded mechanism parameter.

nonce	Nonce (7-13 bytes) for initial crypt call
ad	additional authentication data.

datalen	length total length of the data that will be passed to the crypt() call(s) later
maclen	length of the MAC (range 4-16), has to be set for initial and final crypt call

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ MechParamCCM()

Member Function Documentation

◆ getEncoded()