CCM is one of the supported [AEAD algorithms][]. Applications which use this mode must adhere to certain restrictions when using the cipher API:

    • The authentication tag length must be specified during cipher creation by setting the authTagLength option and must be one of 4, 6, 8, 10, 12, 14 or 16 bytes.
    • The length of the initialization vector (nonce) N must be between 7 and 13 bytes (7 ≤ N ≤ 13).
    • The length of the plaintext is limited to 2 ** (8 * (15 - N)) bytes.
    • When decrypting, the authentication tag must be set via setAuthTag() before calling update(). Otherwise, decryption will fail and final() will throw an error in compliance with section 2.6 of [RFC 3610][].
    • Using stream methods such as write(data), end(data) or pipe() in CCM mode might fail as CCM cannot handle more than one chunk of data per instance.
    • When passing additional authenticated data (AAD), the length of the actual message in bytes must be passed to setAAD() via the plaintextLength option. Many crypto libraries include the authentication tag in the ciphertext, which means that they produce ciphertexts of the length plaintextLength + authTagLength. Node.js does not include the authentication tag, so the ciphertext length is always plaintextLength. This is not necessary if no AAD is used.
    • As CCM processes the whole message at once, update() can only be called once.
    • Even though calling update() is sufficient to encrypt/decrypt the message, applications must call final() to compute or verify the authentication tag.
    1. const crypto = require('crypto');
    3. const key = 'keykeykeykeykeykeykeykey';
    4. const nonce = crypto.randomBytes(12);
    6. const aad = Buffer.from('0123456789', 'hex');
    8. const cipher = crypto.createCipheriv('aes-192-ccm', key, nonce, {
    9.   authTagLength: 16
    10. });
    11. const plaintext = 'Hello world';
    12. cipher.setAAD(aad, {
    13.   plaintextLength: Buffer.byteLength(plaintext)
    14. });
    15. const ciphertext = cipher.update(plaintext, 'utf8');
    16. cipher.final();
    17. const tag = cipher.getAuthTag();
    19. // Now transmit { ciphertext, nonce, tag }.
    21. const decipher = crypto.createDecipheriv('aes-192-ccm', key, nonce, {
    22.   authTagLength: 16
    23. });
    24. decipher.setAuthTag(tag);
    25. decipher.setAAD(aad, {
    26.   plaintextLength: ciphertext.length
    27. });
    28. const receivedPlaintext = decipher.update(ciphertext, null, 'utf8');
    30. try {
    31.   decipher.final();
    32. } catch (err) {
    33.   console.error('Authentication failed!');
    34.   return;
    35. }
    37. console.log(receivedPlaintext);