Am Mittwoch, 7. Juni 2017, 15:57:31 CEST schrieb Che-Min Hsieh: Hi Che, > Rfc4309 test vectors in testmgr.h have gone through major changes from > linux3 to linux4. In linux 4.4, linux4.9, there are vectors as such I think you and the kernel implement crypto properly. It is just the formatting that you do not get right. See crypto/ccm.c: static struct aead_request *crypto_rfc4309_crypt(struct aead_request *req) { ... scatterwalk_map_and_copy(iv + 16, req->src, 0, req->assoclen - 8, 0); ... The key is how to understand the input data format. RFC4309 CCM is no cipher implementation, but rather a special formatting of the CCM input data. In your code, change the following line > // Add the AAD > EVP_EncryptUpdate(cryptCtx, 0, &outl, A, sizeof(A)); to EVP_EncryptUpdate(cryptCtx, 0, &outl, A, sizeof(A) - 8); and you will see consistent results. Ciao Stephan