AES-CCM Functions

This section describes functions for authenticated encryption/decryption using the Counter with Cipher Block Chaining-Message Authentication Code (CCM) mode [NIST SP 800-38C] of the AES (Rijndael128) block cipher.

Table “Intel IPP AES-CCM Functions” lists Intel IPP AES-CCM functions:

Intel IPP AES-CCM Functions  
Function Base Name Operation
Rijndael128CCMEncryptMessage Encrypts an entire message and generates its authentication tag in the CCM mode.
Rijndael128CCMDecryptMessage Decrypts an entire message and generates its authentication tag in the CCM mode.
Rijndael128CCMGetSize Gets the size of the IppsRijndael128CCMState context.
Rijndael128CCMInit Initializes user-supplied memory as the IppsRijndael128CCMState context for future use.
Rijndael128CCMStart Starts the process of authenticated encryption/decryption for a new message.
Rijndael128CCMEncrypt Encrypts a data buffer in the CCM mode.
Rijndael128CCMDecrypt Decrypts a data buffer in the CCM mode.
Rijndael128CCMGetTag Generates the message authentication tag in the CCM mode.
Rijndael128CCMMessageLen Sets up the length of the message to be processed.
Rijndael128CCMTagLen Sets up the length of the required authentication tag.

The Intel IPP AES-CCM function set includes:

The AES-CCM incremental functions enable authenticated encryption/decryption of several messages using one key that the Rijndael128CCMInit function sets. The processing of each new message starts with a call to the Rijndael128CCMStart function. The application code for conducting a typical AES-CCM authenticated encryption should follow the sequence of operations as outlined below:


  1. Get the size required to configure the context IppsRijndael128CCMState by calling the function Rijndael128CCMGetSize.
  2. Call the system memory-allocation service function to allocate a buffer whose size is not less than the function Rijndael128CCMGetSize specifies.
  3. Initialize the context IppsRijndael128CCMState *pCtx by calling the function Rijndael128CCMInit with the allocated buffer and the respective AES key.
  4. Optionally call Rijndael128CCMMessageLen and/or Rijndael128CCMTagLen to set up message and tag parameters.
  5. Call Rijndael128CCMStart to start authenticated encryption of the first/next message.
  6. Keep calling Rijndael128CCMEncrypt until the entire message is processed.
  7. Request the authentication tag by calling Rijndael128CCMGetTag.
  8. Proceed to the next message, if any, that is, go to step 5.
  9. Call the system memory free service function to release the buffer allocated for the context IppsRijndael128CCMState, if needed.
Parent topic: Symmetric Cryptography Primitive Functions

Submit feedback on this help topic

Copyright © 2000 - 2011, Intel Corporation. All rights reserved.