Explain me this please:
I encrypted 1 byte plain text by AES-CCM with 8 byte MAC. Result is 9 byte long.
I thought that AES is a 16 byte block cipher, so the result must be 24 bytes long, but it isn't.
It is definitely not a bug in my code, because examples in RFC 3610 are very similar to my case (31 byte data + 8 byte MAC results in 39 byte output).
CCM is an authenticated mode that combines CTR mode for encryption and a CBC-MAC for authentication. Since encryption is done using the streaming mode CTR, the ciphertext will be exactly as long as the plaintext.
The nonce (Initialization Vector) must be unique for CCM mode, otherwise it is possible to lose confidentiality on all messages that use the same nonce with the same key. In order encrypt something, you will either need to use a globally known message counter as the nonce or generate a random nonce and hope that you haven't generated it before (very slim chance for 128-bit block ciphers). A good nonce size would be 96-bit, but may vary depending on how long a message you want to encrypt. The nonce would be longer if you want to encrypt shorter messages.
The nonce is not supposed to be secret, so you can prepend it to the ciphertext. The full length of the ciphertext would be:
nonceLength + plaintextLength + tagLength