Context structure for CCM.
CCM is an AEAD mode that combines a block cipher in CTR mode with CBC-MAC using the same block cipher and the same key, to provide authenticated encryption:
- Any block cipher with 16-byte blocks can be used with CCM (technically, other block sizes are defined as well, but this is not implemented by these functions; shorter blocks also imply numerous security issues).
- The authentication tag length, and plaintext length, MUST be known when starting processing data. Plaintext and ciphertext can still be provided by chunks, but the total size must match the value provided upon initialisation.
- The nonce length is constrained between 7 and 13 bytes (inclusive). Furthermore, the plaintext length, when encoded, must fit over 15-nonceLen bytes; thus, if the nonce has length 13 bytes, then the plaintext length cannot exceed 65535 bytes.
- Additional authenticated data length is practically unlimited (formal limit is at 2^64 bytes).
- The authentication tag has length 4 to 16 bytes (even values only).
The CCM initialisation function receives as parameter an initialised block cipher implementation context, with the secret key already set. A pointer to that context will be kept within the CCM context structure. It is up to the caller to allocate and initialise that block cipher context.
