RFC 3610 (rfc3610) - Page 1 of 26
Counter with CBC-MAC (CCM)
Alternative Format: Original Text Document
Network Working Group D. Whiting
Request for Comments: 3610 Hifn
Category: Informational R. Housley
Vigil Security
N. Ferguson
MacFergus
September 2003
Counter with CBC-MAC (CCM)
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Counter with CBC-MAC (CCM) is a generic authenticated encryption
block cipher mode. CCM is defined for use with 128-bit block
ciphers, such as the Advanced Encryption Standard (AES).
1. Introduction
Counter with CBC-MAC (CCM) is a generic authenticated encryption
block cipher mode. CCM is only defined for use with 128-bit block
ciphers, such as AES [AES]. The CCM design principles can easily be
applied to other block sizes, but these modes will require their own
specifications.
1.1. Conventions Used In This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [STDWORDS].
2. CCM Mode Specification
For the generic CCM mode there are two parameter choices. The first
choice is M, the size of the authentication field. The choice of the
value for M involves a trade-off between message expansion and the
probability that an attacker can undetectably modify a message.
Valid values are 4, 6, 8, 10, 12, 14, and 16 octets. The second
Whiting, et al. Informational