Skip to main content

5.3. AEAD_AES_128_CCM

5.3. AEAD_AES_128_CCM

The AEAD_AES_128_CCM authenticated encryption algorithm works as specified in [CCM], using AES-128 as the block cipher, by providing the key, nonce, associated data, and plaintext to that mode of operation. The formatting and counter generation function are as specified in Appendix A of that reference, and the values of the parameters identified in that appendix are as follows:

  • the nonce length n is 12,

  • the tag length t is 16, and

  • the value of q is 3.

An authentication tag with a length of 16 octets (128 bits) is used. The AEAD_AES_128_CCM ciphertext is formed by appending the authentication tag provided as an output to the CCM encryption operation to the ciphertext that is output by that operation. Test cases are provided in [CCM]. The input and output lengths are as follows:

  • K_LEN is 16 octets,

  • P_MAX is 2^24 - 1 octets,

  • A_MAX is 2^64 - 1 octets,

  • N_MIN and N_MAX are both 12 octets, and

  • C_MAX is 2^24 + 15 octets.

An AEAD_AES_128_CCM ciphertext is exactly 16 octets longer than its corresponding plaintext.

A security analysis of AES CCM is available in [J02].

Last updated on