### Overview
AES CCM (Counter with CBC-MAC) and AES CTR (Counter) are both modes of operation for the AES (Advanced Encryption Standard) algorithm, but they serve different purposes and have different characteristics. Here's a breakdown of how they differ:

### AES CTR (Counter Mode)
- Encryption Only: AES CTR mode provides encryption but does not provide any integrity verification or authentication. It simply encrypts data.
- Counter as Nonce: It uses a counter value that is incremented for each block of plaintext. The counter, along with a nonce (number used once), is used to generate the block cipher input.
- Parallelizable: Encryption and decryption processes are parallelizable because each block is encrypted independently of the others.
- Efficiency: It can operate efficiently on large streams of data and is suitable for environments where only confidentiality is required.

### AES CCM (Counter with CBC-MAC)
- Encryption and Authentication: AES CCM mode provides both encryption and data authentication. It combines CTR mode for encryption with CBC-MAC (Cipher Block Chaining Message Authentication Code) for authentication.
- Non-Parallelizable Authentication: The authentication step (CBC-MAC) is not parallelizable because it processes each block of data sequentially, depending on the output of the previous block.
- Nonce and Additional Data: It uses a nonce (which must not be repeated with the same key) and can incorporate additional authenticated data (AAD) into the authentication process without encrypting it, providing data integrity and authenticity for both the encrypted payload and additional plaintext data.
- Overhead: CCM mode has some overhead due to the authentication tag, which must be sent along with the ciphertext to verify the integrity and authenticity of the data at the receiver's end.
- Use Cases: It is widely used in applications where both data integrity and confidentiality are important, such as in wireless communication standards like IEEE 802.11i (Wi-Fi) and 802.15.4 (used in Thread and Zigbee).

### Summary
The primary difference between AES CTR and AES CCM is that CTR provides only confidentiality, whereas CCM provides confidentiality, integrity, and authenticity. This makes CCM a more comprehensive solution for security, but it introduces more computational overhead and complexity compared to CTR. These characteristics determine their suitability for different applications based on security requirements.

In [2]:
import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers.aead import AESCCM

def encrypt_message(message, key, nonce):
    # Ensure the key and nonce lengths are suitable for AES-CCM
    aesccm = AESCCM(key)
    ciphertext = aesccm.encrypt(nonce, message.encode(), None)
    return ciphertext

def decrypt_message(ciphertext, key, nonce):
    try:
        aesccm = AESCCM(key)
        plaintext = aesccm.decrypt(nonce, ciphertext, None)
        return plaintext.decode()
    except Exception as e:
        print("Decryption failed:", e)
        return None

# Key and nonce (IV for CCM mode) generation
key = os.urandom(32)  # AES-256 requires a 32-byte key
nonce = os.urandom(13)  # CCM mode recommends a 13-byte nonce for 802.15.4

# Create a plaintext message
message = "This is a secret message. Don't let anyone see it."

# Encryption
ciphertext = encrypt_message(message, key, nonce)
print("Encrypted message:", ciphertext)

# Decryption
decrypted_message = decrypt_message(ciphertext, key, nonce)
print("Decrypted message:", decrypted_message)


Encrypted message: b'\xf1\xe3\x1a\xb9@\xe2\x12Pw\x99\x9aX\r\x120\xe3>\x97\x03Q\xec\xa5\xba.\xc2\x9f\x80\x19]\xa5]\xe3,\\\xb9q\x9d\xc3\x89\xae_\xc0{\x1f&:\x02\xc3\xc7\x82\xa4\x01\x19\xff\xce\xa7\x139\xd8\xbbe\xd2\xa3\xec\xf6V'
Decrypted message: This is a secret message. Don't let anyone see it.


In [1]:
import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers.aead import AESCCM

def hex_to_bytes(hex_string):
    # Converts a hex string into bytes, removing spaces
    return bytes.fromhex(hex_string.replace(" ", ""))

def encrypt_message(message, key, nonce):
    # Ensure the key and nonce lengths are suitable for AES-CCM
    aesccm = AESCCM(key)
    ciphertext = aesccm.encrypt(nonce, message.encode(), None)
    return ciphertext

def decrypt_message(ciphertext, key, nonce):
    try:
        aesccm = AESCCM(key)
        plaintext = aesccm.decrypt(nonce, ciphertext, None)
        return plaintext.decode()
    except Exception as e:
        print("Decryption failed:", e)
        return None

# Key and nonce (IV for CCM mode) input as hex strings
key_hex = "a3 8e 24 ff a3 8e 24 ff a3 8e 24 ff a3 8e 24 ff"  # Example 32-byte key
nonce_hex = "ff ee dd cc bb aa 99 88 77 66 55 44 33"  # Example 13-byte nonce

# Convert hex strings to bytes
key = hex_to_bytes(key_hex)
nonce = hex_to_bytes(nonce_hex)

# Create a plaintext message
message = "This is a secret message. Don't let anyone see it."

# Encryption
ciphertext = encrypt_message(message, key, nonce)
print("Encrypted message:", ciphertext)

# Decryption
decrypted_message = decrypt_message(ciphertext, key, nonce)
print("Decrypted message:", decrypted_message)


Encrypted message: b'<\x90\xb7<\x935>l\x99\xc8H\x8d\x0b\xedv\x00\x14&j\x98\xfa^!t\xce\xa0\x15\x99?#K\xa6\xf5M\xa1\xa5%\xcdm\x96h\xfd\xab\xd9E\xe1\xb0N\xd8Y>K\xe6\x13\xde\xf6\x93 fg\x8b\xbd\x1c\xc4\x01c'
Decrypted message: This is a secret message. Don't let anyone see it.
