def test_nonce_too_long(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
pt = b"encrypt me" * 6600
# pt can be no more than 65536 bytes when nonce is 13 bytes
nonce = os.urandom(13)
with pytest.raises(ValueError):
aesccm.encrypt(nonce, pt, None)
def test_nonce_too_long(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
pt = b"encrypt me" * 6600
# pt can be no more than 65536 bytes when nonce is 13 bytes
nonce = os.urandom(13)
with pytest.raises(ValueError):
aesccm.encrypt(nonce, pt, None)
def test_invalid_nonce_length(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
pt = b"hello"
nonce = os.urandom(14)
with pytest.raises(ValueError):
aesccm.encrypt(nonce, pt, None)
with pytest.raises(ValueError):
aesccm.encrypt(nonce[:6], pt, None)
def test_associated_data_none_equal_to_empty_bytestring(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
nonce = os.urandom(12)
ct1 = aesccm.encrypt(nonce, b"some_data", None)
ct2 = aesccm.encrypt(nonce, b"some_data", b"")
assert ct1 == ct2
pt1 = aesccm.decrypt(nonce, ct1, None)
pt2 = aesccm.decrypt(nonce, ct2, b"")
assert pt1 == pt2
def test_data_too_large(self):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
nonce = b"0" * 12
with pytest.raises(OverflowError):
aesccm.encrypt(nonce, FakeData(), b"")
with pytest.raises(OverflowError):
aesccm.encrypt(nonce, b"", FakeData())
def test_invalid_nonce_length(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
pt = b"hello"
nonce = os.urandom(14)
with pytest.raises(ValueError):
aesccm.encrypt(nonce, pt, None)
with pytest.raises(ValueError):
aesccm.encrypt(nonce[:6], pt, None)
def test_associated_data_none_equal_to_empty_bytestring(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
nonce = os.urandom(12)
ct1 = aesccm.encrypt(nonce, b"some_data", None)
ct2 = aesccm.encrypt(nonce, b"some_data", b"")
assert ct1 == ct2
pt1 = aesccm.decrypt(nonce, ct1, None)
pt2 = aesccm.decrypt(nonce, ct2, b"")
assert pt1 == pt2
def test_data_too_large(self):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
nonce = b"0" * 12
with pytest.raises(OverflowError):
aesccm.encrypt(nonce, FakeData(), b"")
with pytest.raises(OverflowError):
aesccm.encrypt(nonce, b"", FakeData())
def test_buffer_protocol(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
pt = b"encrypt me"
ad = b"additional"
nonce = os.urandom(12)
ct = aesccm.encrypt(nonce, pt, ad)
computed_pt = aesccm.decrypt(nonce, ct, ad)
assert computed_pt == pt
aesccm2 = AESCCM(bytearray(key))
ct2 = aesccm2.encrypt(bytearray(nonce), pt, ad)
assert ct2 == ct
computed_pt2 = aesccm2.decrypt(bytearray(nonce), ct2, ad)
assert computed_pt2 == pt
def test_buffer_protocol(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
pt = b"encrypt me"
ad = b"additional"
nonce = os.urandom(12)
ct = aesccm.encrypt(nonce, pt, ad)
computed_pt = aesccm.decrypt(nonce, ct, ad)
assert computed_pt == pt
aesccm2 = AESCCM(bytearray(key))
ct2 = aesccm2.encrypt(bytearray(nonce), pt, ad)
assert ct2 == ct
computed_pt2 = aesccm2.decrypt(bytearray(nonce), ct2, ad)
assert computed_pt2 == pt
def test_vectors(self, subtests, backend):
vectors = _load_all_params(
os.path.join("ciphers", "AES", "CCM"),
[
"DVPT128.rsp",
"DVPT192.rsp",
"DVPT256.rsp",
"VADT128.rsp",
"VADT192.rsp",
"VADT256.rsp",
"VNT128.rsp",
"VNT192.rsp",
"VNT256.rsp",
"VPT128.rsp",
"VPT192.rsp",
"VPT256.rsp",
],
load_nist_ccm_vectors,
)
for vector in vectors:
with subtests.test():
key = binascii.unhexlify(vector["key"])
nonce = binascii.unhexlify(vector["nonce"])
adata = binascii.unhexlify(vector["adata"])[: vector["alen"]]
ct = binascii.unhexlify(vector["ct"])
pt = binascii.unhexlify(vector["payload"])[: vector["plen"]]
aesccm = AESCCM(key, vector["tlen"])
if vector.get("fail"):
with pytest.raises(InvalidTag):
aesccm.decrypt(nonce, ct, adata)
else:
computed_pt = aesccm.decrypt(nonce, ct, adata)
assert computed_pt == pt
assert aesccm.encrypt(nonce, pt, adata) == ct
def aesccm_mode_encryption(bitlength, filename, key):
fd = open(filename, "r")
data = fd.read()
data = data.encode()
fd.close()
if not key:
print("****Generating key with key length:" + str(bitlength))
key = AESCCM.generate_key(bit_length=bitlength)
else:
fd = shelve.open(key)
key = fd["key"]
key = key[0]
key1 = AESCCM(key)
nonce = os.urandom(12)
print("***Encrypting your data***")
ct = key1.encrypt(nonce, data, None)
ls = [key, nonce]
print("***Saving your data to file:" + filename + "_encrypted.db***")
new_name = filename + "_encrypted"
db = shelve.open(new_name)
db["data"] = ct
db.close()
print("***saving you key and nonces to file:" + filename + "_keys.db")
key_file = filename + "_keys"
db = shelve.open(key_file)
db["key"] = ls
db.close()
def encryptMessage(message, sessionKey, nonce):
aesccm = AESCCM(sessionKey)
encMessage = aesccm.encrypt(nonce, message, None)
return encMessage
def _encrypt(self, key: bytes, iv: bytes, aad: bytes):
cipher = AESCCM(key, tag_length=8)
ciphertext = cipher.encrypt(nonce=iv,
data=self.plaintext,
associated_data=aad)
return ciphertext
def aes_ccm_encrypt(key: Key, nonce: Nonce, data: bytes, mic_len=32, associated_data: Optional[bytes] = None) -> Tuple[ bytes, MIC]: tag_len = mic_len // 8 aes_ccm = AESCCM(key.key_bytes, tag_len) raw = aes_ccm.encrypt(nonce.as_be_bytes(), data, associated_data) mic = MIC(raw[-tag_len:]) return raw[:-tag_len], mic
def test_aes_ccm_aead_api(backend, wycheproof):
key = binascii.unhexlify(wycheproof.testcase["key"])
iv = binascii.unhexlify(wycheproof.testcase["iv"])
aad = binascii.unhexlify(wycheproof.testcase["aad"])
msg = binascii.unhexlify(wycheproof.testcase["msg"])
ct = binascii.unhexlify(wycheproof.testcase["ct"])
tag = binascii.unhexlify(wycheproof.testcase["tag"])
if (wycheproof.invalid
and wycheproof.testcase["comment"] == "Invalid tag size"):
with pytest.raises(ValueError):
AESCCM(key, tag_length=wycheproof.testgroup["tagSize"] // 8)
return
aesccm = AESCCM(key, tag_length=wycheproof.testgroup["tagSize"] // 8)
if wycheproof.valid or wycheproof.acceptable:
computed_ct = aesccm.encrypt(iv, msg, aad)
assert computed_ct == ct + tag
computed_msg = aesccm.decrypt(iv, ct + tag, aad)
assert computed_msg == msg
elif not 7 <= len(iv) <= 13:
with pytest.raises(ValueError):
aesccm.decrypt(iv, ct + tag, aad)
else:
with pytest.raises(InvalidTag):
aesccm.decrypt(iv, ct + tag, aad)
def test_default_tag_length(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
nonce = os.urandom(12)
pt = b"hello"
ct = aesccm.encrypt(nonce, pt, None)
assert len(ct) == len(pt) + 16
def test_default_tag_length(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
nonce = os.urandom(12)
pt = b"hello"
ct = aesccm.encrypt(nonce, pt, None)
assert len(ct) == len(pt) + 16
def main():
if len(sys.argv) <= 4:
print("Need path to binary file and library name.")
print("Exiting...")
sys.exit()
filepath_aad = sys.argv[1] # authenticated associated data
filepath = sys.argv[2]
use_encryption = sys.argv[3]
libname = sys.argv[4]
if not os.path.isfile(filepath):
print("File {} does not exist. Exiting...".format(filepath))
sys.exit()
if not os.path.isfile(filepath_aad):
print("File {} does not exist. Exiting...".format(filepath_aad))
sys.exit()
with open(filepath, "rb") as f:
data = f.read()
with open(filepath_aad, "rb") as f:
data_aad = f.read()
if use_encryption == "1":
aesccm = AESCCM(key, tag_size)
# Put the nonce at the start of the file.
data_enc = nonce + aesccm.encrypt(nonce, data, data_aad)
with open(libname, "wb") as f:
f.write(data_enc)
else:
with open(libname, "wb") as f:
f.write(data)
def test_aes_ccm_aead_api(backend, wycheproof):
key = binascii.unhexlify(wycheproof.testcase["key"])
iv = binascii.unhexlify(wycheproof.testcase["iv"])
aad = binascii.unhexlify(wycheproof.testcase["aad"])
msg = binascii.unhexlify(wycheproof.testcase["msg"])
ct = binascii.unhexlify(wycheproof.testcase["ct"])
tag = binascii.unhexlify(wycheproof.testcase["tag"])
if (
wycheproof.invalid and
wycheproof.testcase["comment"] == "Invalid tag size"
):
with pytest.raises(ValueError):
AESCCM(key, tag_length=wycheproof.testgroup["tagSize"] // 8)
return
aesccm = AESCCM(key, tag_length=wycheproof.testgroup["tagSize"] // 8)
if wycheproof.valid or wycheproof.acceptable:
computed_ct = aesccm.encrypt(iv, msg, aad)
assert computed_ct == ct + tag
computed_msg = aesccm.decrypt(iv, ct + tag, aad)
assert computed_msg == msg
elif not 7 <= len(iv) <= 13:
with pytest.raises(ValueError):
aesccm.decrypt(iv, ct + tag, aad)
else:
with pytest.raises(InvalidTag):
aesccm.decrypt(iv, ct + tag, aad)
def encrypt(self,key,msg):
aesccm = AESCCM(key)
nonce = get_random_bytes(13)
ct = aesccm.encrypt(nonce, msg,None)
return (nonce,ct)
return msg
def test_roundtrip(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
pt = b"encrypt me"
ad = b"additional"
nonce = os.urandom(12)
ct = aesccm.encrypt(nonce, pt, ad)
computed_pt = aesccm.decrypt(nonce, ct, ad)
assert computed_pt == pt
def AES_CCM_ecnrypt(text):
data = bytes(text,'utf-8')
aad = bytes("Research",'utf-8')
key = AESCCM.generate_key(bit_length=128)
aesccm = AESCCM(key)
nonce = os.urandom(12)
ct = aesccm.encrypt(nonce, data, aad)
aesccm.decrypt(nonce, ct, aad)
return True
def test_roundtrip(self, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
pt = b"encrypt me"
ad = b"additional"
nonce = os.urandom(12)
ct = aesccm.encrypt(nonce, pt, ad)
computed_pt = aesccm.decrypt(nonce, ct, ad)
assert computed_pt == pt
def repo_thread(conn):
while True:
try:
# get data
data = recvall(conn)
if data:
s = data.decode("utf-8")
data = json.loads(s)
# first messages from the client
# This message is not secure
if "type" in data.keys() and (data["type"] == "otp_needed" or data["type"] == "requestId"):
print("MESSAGE REQUEST:", data["type"])
resp = message_execute(data)
if resp != None:
resp_json = json.dumps(resp)
conn.send(bytes(resp_json, 'utf-8'))
# deal with the message to save session key
elif 'from' not in data.keys():
print("MESSAGE REQUEST:", data["type"])
resp, serial = message_execute(data)
if resp != None:
resp_json = json.dumps(resp)
nonce = os.urandom(13)
aesccm = AESCCM(myAuction.clients_keys[int(serial)])
b = aesccm.encrypt(nonce, bytes(resp_json, 'utf-8'), None)
data_str = json.dumps({"nonce": base64.b64encode(nonce).decode(), "data" : base64.b64encode(b).decode()})
conn.send(bytes(data_str, 'utf-8'))
# deal with all the other messages with the structure : "{ from : id , data : encrypted_data , nonce : nonce used }"
else:
aesccm = AESCCM(myAuction.clients_keys[data['from']])
d = aesccm.decrypt(base64.b64decode(data['nonce']), base64.b64decode(data['data']), None)
j = json.loads(d.decode())
print("MESSAGE REQUEST:", j["type"])
resp = message_execute(j)
if resp != None:
resp_json = json.dumps(resp)
data_str = json.dumps({"message" : resp_json})
nonce = os.urandom(8)
b = aesccm.encrypt(nonce, bytes(data_str, 'utf-8'), None)
data_str = json.dumps({"nonce": base64.b64encode(nonce).decode(), "data" : base64.b64encode(b).decode()})
conn.send(bytes(data_str, 'utf-8'))
except SocketError:
pass
def test_java_bouncy_castle_ccm_matching():
K = codecs.decode("404142434445464748494a4b4c4d4e4f", "hex")
N = codecs.decode("10111213141516", "hex")
P = codecs.decode("68656c6c6f20776f726c642121", "hex")
C = codecs.decode("39264f148b54c456035de0a531c8344f46db12b388", "hex")
cipher = AESCCM(K, tag_length=8)
ciphertext = cipher.encrypt(N, P, None)
assert ciphertext == C
def _encrypt_ccm(secret_key, value, field_max_length=None):
aesccm = AESCCM(secret_key)
nonce = os.urandom(AES_CCM_NONCE_LENGTH)
ct = aesccm.encrypt(nonce, value.encode("utf-8"), None)
encrypted = base64.b64encode(nonce + ct)
if field_max_length:
msg = "Tried to encode a value too large for this field"
assert (len(encrypted) +
_RESERVED_FIELD_SPACE) <= field_max_length, msg
return encrypted
class CYBLE_AESCCM:
"""
To be used with cyble internal functions
"""
def __init__(self, key16):
self.aesccm = AESCCM(key16, tag_length=4)
def CyBle_AesCcmEncrypt(self, nonce13, plaintext):
"""
Acts like the cyble function
:param nonce13: bytes
:param plaintext: bytes (1..27)
:return: ciphertext (bytes)
"""
return self.aesccm.encrypt(nonce13, plaintext, bytes([1]))
def CyBle_AesCcmDecrypt(self, nonce13, ciphertext):
"""
Acts like the cyble function
:param nonce13: bytes
:param ciphertext: bytes (1..27)
:return: plaintext (bytes)
"""
return self.aesccm.decrypt(nonce13, ciphertext, bytes([1]))
def crypt(self, cosa):
"""
receives plaintext and returns the ciphertext
:param cosa: bytes/str
:return: bytes
"""
if isinstance(cosa, str):
cosa = bytes(cosa.encode('ascii'))
# an handful of random bytes
ahorb = bytes(secrets.token_bytes(13))
return ahorb + self.CyBle_AesCcmEncrypt(ahorb, cosa)
def decrypt(self, cosa):
"""
receives ciphertext and returns the plaintext
:param cosa: bytes
:return: bytes
"""
return self.CyBle_AesCcmDecrypt(bytes(cosa[:13]), bytes(cosa[13:]))
def test_vectors(self, vector, backend):
key = binascii.unhexlify(vector["key"])
nonce = binascii.unhexlify(vector["nonce"])
adata = binascii.unhexlify(vector["adata"])[:vector["alen"]]
ct = binascii.unhexlify(vector["ct"])
pt = binascii.unhexlify(vector["payload"])[:vector["plen"]]
aesccm = AESCCM(key, vector["tlen"])
if vector.get('fail'):
with pytest.raises(InvalidTag):
aesccm.decrypt(nonce, ct, adata)
else:
computed_pt = aesccm.decrypt(nonce, ct, adata)
assert computed_pt == pt
assert aesccm.encrypt(nonce, pt, adata) == ct
def test_vectors(self, vector, backend):
key = binascii.unhexlify(vector["key"])
nonce = binascii.unhexlify(vector["nonce"])
adata = binascii.unhexlify(vector["adata"])[:vector["alen"]]
ct = binascii.unhexlify(vector["ct"])
pt = binascii.unhexlify(vector["payload"])[:vector["plen"]]
aesccm = AESCCM(key, vector["tlen"])
if vector.get('fail'):
with pytest.raises(InvalidTag):
aesccm.decrypt(nonce, ct, adata)
else:
computed_pt = aesccm.decrypt(nonce, ct, adata)
assert computed_pt == pt
assert aesccm.encrypt(nonce, pt, adata) == ct
def Algo4(filename, key, nonce):
aad = "authenticated but unencrypted data"
aesccm = AESCCM(key)
source_filename = 'files/' + filename
target_filename = 'encrypted/' + filename
file = open(source_filename, 'rb')
target_file = open(target_filename, 'wb')
raw = ""
for line in file:
raw = raw + line
secret_data = aesccm.encrypt(nonce, raw, aad)
target_file.write(secret_data)
file.close()
target_file.close()
def configure(self):
my_private_key = self.generate_private_key()
self.my_pub_key_data = self.encode_pub_key(my_private_key.public_key())
self.bt_write(service_uuid, step1, True, "\x01\x00")
self.bt_write(service_uuid, step1plus, True, "\x01\x00")
self.bt_write(service_uuid, step1plus, False, CMD_GET_INFO)
while self.state != WR_DID_STATE:
if self.p.waitForNotifications(1.0):
# handleNotification() was called
continue
print "Waiting..."
# Perhaps do something else here
remote_key = self.decode_pub_key(self.remote_key_data)
e_share_key = self.create_e_share_key(remote_key, my_private_key)
print("eShareKey:", e_share_key.encode("hex"))
derived_key = HKDF(algorithm=hashes.SHA256(),
length=64,
salt=None,
info=b'mible-setup-info',
backend=default_backend()).derive(e_share_key)
print("HKDF result:", derived_key.encode("hex"))
token = derived_key[0:12]
bind_key = derived_key[12:28]
A = derived_key[28:44]
print("token:", token.encode("hex"))
print("bind_key:", bind_key.encode("hex"))
print("A:", A.encode("hex"))
aesccm = AESCCM(A)
nonce = bytearray([16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27])
did = "blt.3.129vl4ap05o01".encode()
aad = "devID".encode()
self.did_ct = aesccm.encrypt(nonce, did, aad)
print("AES did CT:", self.did_ct.encode("hex"))
self.bt_write(service_uuid, step1, False, CMD_WR_DID)
while self.state != FINISHED_STATE:
if self.p.waitForNotifications(1.0):
# handleNotification() was called
continue
print "Waiting..."
def Myencrypt(M, key):
# If the key length is too short, return with error
if (len(key) < 32):
return "Your key length is too short: " + str(len(key))
# Class object to perform AES encryption with CBC-MAC integrity checks
aesccm = AESCCM(key)
# Check if the Message is not a byte array.
if (not isinstance(M, bytes)):
data = M.encode('utf-8')
else:
data = M
# OS entropy pool IV
IV = os.urandom(13)
# Encrypt using the AES/CBC-MAC object
ct = aesccm.encrypt(IV, data, "None".encode('utf-8'))
return ct, IV
def encrypt_file(input_file_name : str, output_file_name : str, key : bytes) -> None:
input_file = open(input_file_name, "rb")
output_file = open(output_file_name, "wb")
# AES-CCM instance.
aesccm = AESCCM(key, tag_length=TAG_SIZE_BYTES)
# Nonce is starting with 1 for the first page.
nonce_value = 1
while True:
data_page = input_file.read(EFFECTIVE_PAGE_SIZE_BYTES)
if len(data_page) == 0:
break
# Convert nonce to machine representation.
nonce = nonce_value.to_bytes(NONCE_SIZE_BYTES, NONCE_BYTE_ORDER)
# Encrypt page.
aesccm_output = aesccm.encrypt(nonce, data_page, None)
encrypted_data = aesccm_output[0:len(data_page)]
tag = aesccm_output[len(data_page):]
# Verify sizes are as they are expected to be.
assert len(tag) == TAG_SIZE_BYTES
assert len(encrypted_data) + len(tag) == len(aesccm_output)
# Write tag and encrypted data (in reverse order compared to
# output of encryption function).
output_file.write(tag)
output_file.write(encrypted_data)
nonce_value += 1
input_file.close()
output_file.close()
return hex_.hex()
if __name__ == '__main__':
args = arguments()
print(args)
if args['generate_key'] and args['key_size']:
key = AESCCM.generate_key(bit_length=int(args['key_size']))
aesccm = AESCCM(key)
aad = b'authentic'
nouce = os.urandom(13)
for file_ in args['file']:
ct = None
with open(file_, 'rb') as data:
if args['operation'] == 'encrypt':
ct = aesccm.encrypt(nouce, data.read(), aad)
with open(file_, 'wb') as writer:
writer.write(ct)
print(hexdigest(key))
print(hexdigest(nouce))
else:
aesccm = AESCCM(str_2_hex(args['key']))
aad = b'authentic'
nouce = os.urandom(13)
for file_ in args['file']:
ct = None
with open(file_, 'rb') as data:
if args['operation'] == 'encrypt':
ct = aesccm.encrypt(nouce, data.read(), aad)
else:
nouce = str_2_hex(args['nouce'])
def Encrypt(key_ccm, nonce, data, aad):
aesccm = AESCCM(key_ccm, 8)
return aesccm.encrypt(nonce, data, aad)
def test_params_not_bytes(self, nonce, data, associated_data, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
with pytest.raises(TypeError):
aesccm.encrypt(nonce, data, associated_data)
# devices = scanner.scan(10.0)
#
# for dev in devices:
# print("Device %s (%s), RSSI=%d dB" % (dev.addr, dev.addrType, dev.rssi))
# for (adtype, desc, value) in dev.getScanData():
# print(" %s = %s" % (desc, value))
private_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
public_key = private_key.public_key()
shared_key = private_key.exchange(ec.ECDH(), public_key)
print(" shared key :", shared_key.hex())
derived_key = HKDF(algorithm=hashes.SHA256(),
length=64,
salt=None,
info=b'mible-setup-info',
backend=default_backend()).derive(shared_key)
print("derived key :", derived_key.hex())
token = derived_key[0:12]
bind_key = derived_key[12:28]
A = derived_key[28:44]
print(" token :", token.hex())
print(" bind_key :", bind_key.hex())
print(" A :", A.hex())
aesccm = AESCCM(A)
nonce = bytearray([16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27])
did = "blt.3.129vl4ap05o01".encode()
aad = "devID".encode()
did_ct = aesccm.encrypt(nonce, did, aad)
print(" AES did :", did_ct.hex())
from cryptography.hazmat.primitives.ciphers.aead import AESCCM from cryptography.hazmat.backends import default_backend import os # The sample code is extracted from the book Python Cryptography # The book can be downloaded from https://leanpub.com/cryptop # Online Crypto Playgroud https://8gwifi.org # Author Anish Nath backend = default_backend() nonce = os.urandom(13) message = "Hello 8gwifi.org" aaed = "Not Secret" # This AES key is 128 but long key = AESCCM.generate_key(256) aesccm = AESCCM(key) #AES-256 GCM Mode Encyption ct = aesccm.encrypt(nonce, message, aaed) print ct assert message, aesccm.decrypt(nonce, ct, aaed)
def test_params_not_bytes(self, nonce, data, associated_data, backend):
key = AESCCM.generate_key(128)
aesccm = AESCCM(key)
with pytest.raises(TypeError):
aesccm.encrypt(nonce, data, associated_data)
