//*----------------------------------------------------------------------------
// Licensed materials - Property of IBM                                      
//
// (C) Copyright IBM Corp.  2007
// This code was donated to the OpenSSL project under the terms of the 
// OpenSSL license.
//
//---------------------------------------------------------------------------*/
#ifndef HEADER_AES_CCM_H
#define HEADER_AES_CCM_H

/** @brief
    Perform an AES CCM Encrypt operation, 
    provide the iv (Nonce),aad, data and key, output buffer and taglength
    @param pcb an ICC library context
    @param iv The Nonce, can be 32-128 bits long, < 64 is not recommended
    @param ivlen the length of the IV
    @param key an aes key
    @param keylen the length of the AES key in bytes
    @param aad Additional Authentication data, hashed, but not encrypted
    @param aadlen the length of the aad
    @param data the data buffer to encrypt
    @param datalen the length of the data buffer
    @param out the output buffer
    @param outlen a place to store the returned output length
    - which WILL be rounded up to a 16 byte boundary +16 bytes
    @param taglen the desired length of the auth tag
    @return 1 if O.K., 0 otherwise
*/ 
int AES_CCM_Encrypt(unsigned char *iv,unsigned int ivlen,
		    unsigned char *key,unsigned int keylen,
		    unsigned char *aad, unsigned long long aadlen,
		    unsigned char *data,unsigned long datalen,
		    unsigned char *out, unsigned long *outlen,
		    unsigned int taglen);

/** @brief
    Perform an AES CCM Decrypt operation, 
    provide the iv (Nonce),aad, data and key, output buffer and taglength
    @param pcb an ICC library context
    @param iv The Nonce, can be 32-128 bits long, < 64 is not recommended
    @param ivlen the length of the IV
    @param key an aes key
    @param keylen the length of the AES key
    @param aad Additional Authentication data, hashed, but not encrypted
    @param aadlen the length of the aad
    @param data the data buffer to encrypt
    @param datalen the length of the data buffer
    @param out the output buffer
    @param outlen a place to store the returned output length
    @param taglen the length of the auth tag
    @return 1 if O.K., 0 otherwise
    @note This (by spec) returns no data on failure. However as
    we'd have to allocate an internal buffer, which would still be
    accessable to the caller within the same process, we simple
    erase any partial data in the output buffer on failure instead.
    - So , be aware that the output buffer WILL be overwritten,
    no matter what.
    @note the fact that this isn't allowed to return any data if the
    tag match fails is the reason why there can't be the usual 
    Init/Update/Update/Final API.
*/ 
int AES_CCM_Decrypt(unsigned char *iv,unsigned int ivlen,
		    unsigned char *key,unsigned int keylen,
		    unsigned char *aad, unsigned long aadlen,
		    unsigned char *data,unsigned long datalen,
		    unsigned char *out, unsigned long *outlen,
		    unsigned int taglen);

#endif