nRF5 SDK v14.2.0
Data Structures | Macros | Typedefs | Enumerations | Functions

This file contains all of the enums and definitions that are used for the CRYS AESCCM APIs, as well as the APIs themselves. The API supports AES-CCM and AES-CCM* as defined in ieee-802.15.4. More...

Data Structures

struct  CRYS_AESCCM_UserContext_t


#define CRYS_AESCCM_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT)   CC_AESCCM_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT, CRYS_AESCCM_MODE_CCM)
#define CRYS_AESCCMStar_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT)   CC_AESCCM_Init(ContextID_ptr, EncrDecrMode, CCM_Key, KeySizeId, AdataSize, TextSizeQ, N_ptr, SizeOfN, SizeOfT, CRYS_AESCCM_MODE_STAR)
#define CRYS_AESCCM(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res)   CC_AESCCM(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res, CRYS_AESCCM_MODE_CCM)
#define CRYS_AESCCMStar(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res)   CC_AESCCM(EncrDecrMode, CCM_Key, KeySizeId, N_ptr, SizeOfN, ADataIn_ptr, ADataInSize, TextDataIn_ptr, TextDataInSize, TextDataOut_ptr, SizeOfT, Mac_Res, CRYS_AESCCM_MODE_STAR)


typedef uint8_t CRYS_AESCCM_Key_t [8 *sizeof(uint32_t)]
typedef uint8_t CRYS_AESCCM_Mac_Res_t [(4 *sizeof(uint32_t))]
typedef uint8_t CRYS_AESCCMStar_SourceAddress_t [8]
typedef uint8_t CRYS_AESCCMStar_Nonce_t [13]
typedef struct


enum  CRYS_AESCCM_KeySize_t {
  CRYS_AES_Key128BitSize = 0,
  CRYS_AES_Key192BitSize = 1,
  CRYS_AES_Key256BitSize = 2,
  CRYS_AES_Key512BitSize = 3,
  CRYS_AES_KeySizeLast = 0x7FFFFFFF


CRYSError_t CC_AESCCM_Init (CRYS_AESCCM_UserContext_t *ContextID_ptr, SaSiAesEncryptMode_t EncrDecrMode, CRYS_AESCCM_Key_t CCM_Key, CRYS_AESCCM_KeySize_t KeySizeId, uint32_t AdataSize, uint32_t TextSizeQ, uint8_t *N_ptr, uint8_t SizeOfN, uint8_t SizeOfT, uint32_t ccmMode)
 This function initializes the AES CCM context. More...
CRYSError_t CRYS_AESCCM_BlockAdata (CRYS_AESCCM_UserContext_t *ContextID_ptr, uint8_t *DataIn_ptr, uint32_t DataInSize)
 This function receives a CCM context and a block of additional data, and adds it to the AES MAC calculation. This API can be called only once per operation context. It should not be called in case AdataSize was set to zero in CRYS_AESCCM_Init. More...
CRYSError_t CRYS_AESCCM_BlockTextData (CRYS_AESCCM_UserContext_t *ContextID_ptr, uint8_t *DataIn_ptr, uint32_t DataInSize, uint8_t *DataOut_ptr)
 This function can be invoked for any block of Text data whose size is a multiple of 16 bytes, excluding the last block that must be processed by CRYS_AESCCM_Finish. More...
CRYSError_t CRYS_AESCCM_Finish (CRYS_AESCCM_UserContext_t *ContextID_ptr, uint8_t *DataIn_ptr, uint32_t DataInSize, uint8_t *DataOut_ptr, CRYS_AESCCM_Mac_Res_t MacRes, uint8_t *SizeOfT)
 This function must be the last to be called on the text data. It can either be called on the entire text data (if transferred as one block), or on the last block of the text data, even if total size of text data is equal to 0. It performs the same operations as CRYS_AESCCM_BlockTextData, but additionally: More...
CRYSError_t CC_AESCCM (SaSiAesEncryptMode_t EncrDecrMode, CRYS_AESCCM_Key_t CCM_Key, CRYS_AESCCM_KeySize_t KeySizeId, uint8_t *N_ptr, uint8_t SizeOfN, uint8_t *ADataIn_ptr, uint32_t ADataInSize, uint8_t *TextDataIn_ptr, uint32_t TextDataInSize, uint8_t *TextDataOut_ptr, uint8_t SizeOfT, CRYS_AESCCM_Mac_Res_t Mac_Res, uint32_t ccmMode)
 AES CCM combines Counter mode encryption with CBC-MAC authentication. Input to CCM includes the following elements: More...
CRYSError_t CRYS_AESCCMStar_NonceGenerate (CRYS_AESCCMStar_SourceAddress_t srcAddr, uint32_t FrameCounter, uint8_t SizeOfT, CRYS_AESCCMStar_Nonce_t nonce)
 This function receives the MAC source address, the frame counter and the MAC size and returns the required nonce for AES-CCM* as defined in ieee-802.15.4. This API should be called before CRYS_AESCCMStar and CRYS_AESCCMStar_Init, and the generated nonce should be provided to these functions. More...

Detailed Description

This file contains all of the enums and definitions that are used for the CRYS AESCCM APIs, as well as the APIs themselves. The API supports AES-CCM and AES-CCM* as defined in ieee-802.15.4.

Regarding the AES-CCM*, the API supports only AES-CCM* as defined in ieee-802.15.4-2011; With the instantiations as defined in B.3.2 and the nonce as defined in 7.3.2. in case of AES-CCM* the flow should be as follows:
  • AES-CCM* integrated
    • CRYS_AESCCMStar_NonceGenerate
  • AES-CCM* non-integrated
    • CRYS_AESCCMStar_NonceGenerate
    • CRYS_AESCCMStar_Init
    • CRYS_AESCCM_BlockAdata
    • CRYS_AESCCM_BlockTextData
    • CRYS_AESCCM_Finish

Function Documentation

CRYSError_t CC_AESCCM ( SaSiAesEncryptMode_t  EncrDecrMode,
CRYS_AESCCM_KeySize_t  KeySizeId,
uint8_t *  N_ptr,
uint8_t  SizeOfN,
uint8_t *  ADataIn_ptr,
uint32_t  ADataInSize,
uint8_t *  TextDataIn_ptr,
uint32_t  TextDataInSize,
uint8_t *  TextDataOut_ptr,
uint8_t  SizeOfT,
CRYS_AESCCM_Mac_Res_t  Mac_Res,
uint32_t  ccmMode 

AES CCM combines Counter mode encryption with CBC-MAC authentication. Input to CCM includes the following elements:

  • Payload - text data that is both authenticated and encrypted.
  • Associated data (Adata) - data that is authenticated but not encrypted, e.g., a header.
  • Nonce - A unique value that is assigned to the payload and the associated data.
CRYS_OK on success.
A non-zero value on failure as defined crys_aesccm_error.h.
[in]EncrDecrModeA flag specifying whether an AES Encrypt (SASI_AES_ENCRYPT) or Decrypt (SASI_AES_DECRYPT) operation should be performed.
[in]CCM_KeyPointer to AES-CCM key.
[in]KeySizeIdEnumerator defining the key size (only 128 bit is valid).
[in]N_ptrPointer to the Nonce.
[in]SizeOfNNonce byte size. The valid values depend on the ccm mode:
  • CCM: valid values = [7 .. 13].
  • CCM*: valid values = [13].
[in]ADataIn_ptrPointer to the additional input data. The buffer must be contiguous.
[in]ADataInSizeByte size of the additional data.
[in]TextDataIn_ptrPointer to the plain-text data for encryption or cipher-text data for decryption. The buffer must be contiguous.
[in]TextDataInSizeByte size of the full text data.
[out]TextDataOut_ptrPointer to the output (cipher or plain text data according to encrypt-decrypt mode) data. The buffer must be contiguous.
[in]SizeOfTAES-CCM MAC (tag) byte size. The valid values depend on the ccm mode:
  • CCM: valid values = [4, 6, 8, 10, 12, 14, 16].
  • CCM*: valid values = [0, 4, 8, 16].
[in,out]Mac_ResPointer to the MAC result buffer.
[in]ccmModeFlag specifying whether AES-CCM or AES-CCM* should be performed.
CRYSError_t CC_AESCCM_Init ( CRYS_AESCCM_UserContext_t ContextID_ptr,
SaSiAesEncryptMode_t  EncrDecrMode,
CRYS_AESCCM_KeySize_t  KeySizeId,
uint32_t  AdataSize,
uint32_t  TextSizeQ,
uint8_t *  N_ptr,
uint8_t  SizeOfN,
uint8_t  SizeOfT,
uint32_t  ccmMode 

This function initializes the AES CCM context.

It formats of the input data, calculates AES-MAC value for the formatted B0 block containing control information and CCM unique value (Nonce), and initializes the AES context structure including the initial CTR0 value.

CRYS_OK on success.
A non-zero value on failure as defined crys_aesccm_error.h.
[in]ContextID_ptrPointer to the AES context buffer that is allocated by the user and is used for the AES operation.
[in]EncrDecrModeFlag specifying whether Encrypt (SASI_AES_ENCRYPT) or Decrypt (SASI_AES_DECRYPT) operation should be performed.
[in]CCM_KeyPointer to the AES-CCM key.
[in]KeySizeIdEnumerator defining the key size (only 128 bit is valid).
[in]AdataSizeFull byte length of additional (associated) data. If set to zero, calling CRYS_AESCCM_BlockAdata on the same context would return an error.
[in]TextSizeQFull length of plain text data.
[in]N_ptrPointer to the Nonce.
[in]SizeOfNNonce byte size. The valid values depend on the ccm mode:
  • CCM: valid values = [7 .. 13].
  • CCM*: valid values = [13].
[in]SizeOfTAES-CCM MAC (tag) byte size. The valid values depend on the ccm mode:
  • CCM: valid values = [4, 6, 8, 10, 12, 14, 16].
  • CCM*: valid values = [0, 4, 8, 16].
[in]ccmModeFlag specifying whether AES-CCM or AES-CCM* should be performed.
CRYSError_t CRYS_AESCCM_BlockAdata ( CRYS_AESCCM_UserContext_t ContextID_ptr,
uint8_t *  DataIn_ptr,
uint32_t  DataInSize 

This function receives a CCM context and a block of additional data, and adds it to the AES MAC calculation. This API can be called only once per operation context. It should not be called in case AdataSize was set to zero in CRYS_AESCCM_Init.

CRYS_OK on success.
A non-zero value on failure as defined crys_aesccm_error.h.
[in]ContextID_ptrPointer to the context buffer.
[in]DataIn_ptrPointer to the additional input data. The buffer must be contiguous.
[in]DataInSizeByte size of the additional data. Must match AdataSize parameter provided to CRYS_AESCCM_Init.
CRYSError_t CRYS_AESCCM_BlockTextData ( CRYS_AESCCM_UserContext_t ContextID_ptr,
uint8_t *  DataIn_ptr,
uint32_t  DataInSize,
uint8_t *  DataOut_ptr 

This function can be invoked for any block of Text data whose size is a multiple of 16 bytes, excluding the last block that must be processed by CRYS_AESCCM_Finish.

  • If encrypting: Continues calculation of the intermediate AES_MAC value of the text data, while simultaneously encrypting the text data using AES_CTR, starting from CTR value = CTR0+1.
  • If decrypting: Continues decryption of the text data, while calculating the intermediate AES_MAC value of decrypted data.
CRYS_OK on success.
A non-zero value on failure as defined crys_aesccm_error.h.
[in]ContextID_ptrPointer to the context buffer.
[in]DataIn_ptrPointer to the additional input data. The buffer must be contiguous.
[in]DataInSizeByte size of the text data block. Must be a multiple of 16 bytes.
[out]DataOut_ptrPointer to the output data. The size of the output buffer must be at least DataInSize. The buffer must be contiguous.
CRYSError_t CRYS_AESCCM_Finish ( CRYS_AESCCM_UserContext_t ContextID_ptr,
uint8_t *  DataIn_ptr,
uint32_t  DataInSize,
uint8_t *  DataOut_ptr,
CRYS_AESCCM_Mac_Res_t  MacRes,
uint8_t *  SizeOfT 

This function must be the last to be called on the text data. It can either be called on the entire text data (if transferred as one block), or on the last block of the text data, even if total size of text data is equal to 0. It performs the same operations as CRYS_AESCCM_BlockTextData, but additionally:

  • If encrypting:
    • If the size of text data is not in multiples of 16 bytes, it pads the remaining bytes with zeros to a full 16-bytes block and processes the data using AES_MAC and AES_CTR algorithms.
    • Encrypts the AES_MAC result with AES_CTR using the CTR0 value saved in the context and places the SizeOfT bytes of MAC (tag) at the end.
  • If decrypting:
    • Processes the text data, except for the last SizeOfT bytes (tag), using AES_CTR and then AES_MAC algorithms.
    • Encrypts the calculated MAC using AES_CTR based on the saved CTR0 value, and compares it with SizeOfT last bytes of input data (i.e. tag value).
    • The function saves the validation result (Valid/Invalid) in the context.
    • Returns (as the error code) the final CCM-MAC verification result.
CRYS_OK on success.
A non-zero value on failure as defined crys_aesccm_error.h.
[in]ContextID_ptrPointer to the context buffer.
[in]DataIn_ptrPointer to the last input data. The buffer must be contiguous.
[in]DataInSizeByte size of the last text data block. Can be zero.
[in]DataOut_ptrPointer to the output (cipher or plain text data) data. The buffer must be contiguous. If DataInSize = 0, output buffer is not required.
[in]MacResMAC result buffer pointer.
[out]SizeOfTAES-CCM MAC byte size as defined in CRYS_AESCCM_Init.
CRYSError_t CRYS_AESCCMStar_NonceGenerate ( CRYS_AESCCMStar_SourceAddress_t  srcAddr,
uint32_t  FrameCounter,
uint8_t  SizeOfT,
CRYS_AESCCMStar_Nonce_t  nonce 

This function receives the MAC source address, the frame counter and the MAC size and returns the required nonce for AES-CCM* as defined in ieee-802.15.4. This API should be called before CRYS_AESCCMStar and CRYS_AESCCMStar_Init, and the generated nonce should be provided to these functions.

CRYS_OK on success.
A non-zero value on failure as defined crys_aesccm_error.h.
[in]srcAddrThe MAC address in EUI-64 format.
[in]FrameCounterThe MAC frame counter.
[in]SizeOfTAES-CCM* MAC (tag) byte size. Valid values = [0,4,8,16].
[out]nonceThe required nonce for AES-CCM*.

Documentation feedback | Developer Zone | Subscribe | Updated