mbedtls_ccm_star_auth_decrypt() function

The CCM context to use for decryption. This must be initialized and bound to a key.

The length of the input data in Bytes. For tag length = 0, input length is ignored.

The initialization vector (nonce). This must be a readable buffer of at least \p iv_len Bytes.

The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, or 13. The length L of the message length field is 15 - \p iv_len.

The additional data field. This must be a readable buffer of at least that \p ad_len Bytes.

The length of additional data in Bytes. This must be less than 2^16 - 2^8.

The buffer holding the input data. If \p length is greater than zero, \p input must be a readable buffer of at least that length.

The buffer holding the output data. If \p length is greater than zero, \p output must be a writable buffer of at least that length.

The buffer holding the authentication field. This must be a readable buffer of at least \p tag_len Bytes.

The length of the authentication field in Bytes. 0, 4, 6, 8, 10, 12, 14 or 16.

This function initializes the CCM context set in the \p ctx parameter and sets the encryption key.

This function initializes the specified CCM context, to make references valid, and prepare the context for mbedtls_ccm_setkey() or mbedtls_ccm_free().

This function releases and clears the specified CCM context and underlying cipher sub-context.

This function encrypts a buffer using CCM.

This function performs a CCM authenticated decryption of a buffer.

This function starts a CCM encryption or decryption operation. This function and mbedtls_ccm_set_lengths() must be called before calling mbedtls_ccm_update_ad() or mbedtls_ccm_update(). This function can be called before or after mbedtls_ccm_set_lengths().

This function declares the lengths of the message and additional data for a CCM encryption or decryption operation. This function and mbedtls_ccm_starts() must be called before calling mbedtls_ccm_update_ad() or mbedtls_ccm_update(). This function can be called before or after mbedtls_ccm_starts().

This function feeds an input buffer into an ongoing CCM encryption or decryption operation. You may call this function zero, one or more times to pass successive parts of the input: the plaintext to encrypt, or the ciphertext (not including the tag) to decrypt. After the last part of the input, call mbedtls_ccm_finish(). The lengths \p input_len of the data parts should eventually add up exactly to the plaintext length \c plaintext_len passed to mbedtls_ccm_set_lengths(). This function may produce output in one of the following ways: - Immediate output: the output length is always equal to the input length. - Buffered output: except for the last part of input data, the output consists of a whole number of 16-byte blocks. If the total input length so far (not including associated data) is 16 \* *B* + *A* with *A* < 16 then the total output length is 16 \* *B*. For the last part of input data, the output length is equal to the input length plus the number of bytes (*A*) buffered in the previous call to the function (if any). The function uses the plaintext length \c plaintext_len passed to mbedtls_ccm_set_lengths() to detect the last part of input data. In particular: - It is always correct to call this function with \p output_size >= \p input_len + 15. - If \p input_len is a multiple of 16 for all the calls to this function during an operation (not necessary for the last one) then it is correct to use \p output_size =\p input_len.

This function feeds an input buffer as associated data (authenticated but not encrypted data) in a CCM encryption or decryption operation. You may call this function zero, one or more times to pass successive parts of the additional data. The lengths \p ad_len of the data parts should eventually add up exactly to the total length of additional data \c total_ad_len passed to mbedtls_ccm_set_lengths(). You may not call this function after calling mbedtls_ccm_update().

This function finishes the CCM operation and generates the authentication tag. It wraps up the CCM stream, and generates the tag. The tag can have a maximum length of 16 Bytes.

This function encrypts a buffer using CCM*. \warning Passing \c 0 as \p tag_len means that the message is no longer authenticated.