CCM support.

author Dr. Stephen Henson <steve@openssl.org>

Fri, 31 Jul 2015 15:54:35 +0000 (16:54 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 14 Aug 2015 05:56:11 +0000 (06:56 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 31 Jul 2015 15:54:35 +0000 (16:54 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 14 Aug 2015 05:56:11 +0000 (06:56 +0100)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c

index f8365a2d973691221ae181a530424d3a22492d7e..b02cf6eef207d069320cadfad440c20b46fb56c4 100644 (file)
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -110,6 +110,7 @@ typedef struct {
      int tag_set;                /* Set if tag is valid */
      int len_set;                /* Set if message length set */
      int L, M;                   /* L and M parameters from RFC3610 */
      int tag_set;                /* Set if tag is valid */
      int len_set;                /* Set if message length set */
      int L, M;                   /* L and M parameters from RFC3610 */
+    int tls_aad_len;            /* TLS AAD length */
      CCM128_CONTEXT ccm;
      ccm128_f str;
  } EVP_AES_CCM_CTX;
      CCM128_CONTEXT ccm;
      ccm128_f str;
  } EVP_AES_CCM_CTX;
@@ -1853,6 +1854,34 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
          cctx->M = 12;
          cctx->tag_set = 0;
          cctx->len_set = 0;
          cctx->M = 12;
          cctx->tag_set = 0;
          cctx->len_set = 0;
+        cctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(c->buf, ptr, arg);
+        cctx->tls_aad_len = arg;
+        {
+            uint16_t len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
+            /* Correct length for explicit IV */
+            len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!c->encrypt)
+                len -= cctx->M;
+            c->buf[arg - 2] = len >> 8;
+            c->buf[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return cctx->M;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        /* Sanity check length */
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+        /* Just copy to first part of IV */
+        memcpy(c->iv, ptr, arg);
          return 1;
  
      case EVP_CTRL_AEAD_SET_IVLEN:
          return 1;
  
      case EVP_CTRL_AEAD_SET_IVLEN:
@@ -1945,14 +1974,66 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
      return 1;
  }
  
      return 1;
  }
  
+static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+        return -1;
+    /* If encrypting set explicit IV from sequence number (start of AAD) */
+    if (ctx->encrypt)
+        memcpy(out, ctx->buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Get rest of IV from explicit IV */
+    memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Correct length value */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
+            return -1;
+    /* Use saved AAD */
+    CRYPTO_ccm128_aad(ccm, ctx->buf, cctx->tls_aad_len);
+    /* Fix buffer to point to payload */
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    if (ctx->encrypt) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                                                    cctx->str) :
+            CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+            return -1;
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    } else {
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+                    return len;
+            }
+        }
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
  static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                            const unsigned char *in, size_t len)
  {
      EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
      CCM128_CONTEXT *ccm = &cctx->ccm;
      /* If not set up, return error */
  static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                            const unsigned char *in, size_t len)
  {
      EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
      CCM128_CONTEXT *ccm = &cctx->ccm;
      /* If not set up, return error */
-    if (!cctx->iv_set && !cctx->key_set)
+    if (!cctx->key_set)
+        return -1;
+
+    if (cctx->tls_aad_len >= 0)
+        return aes_ccm_tls_cipher(ctx, out, in, len);
+
+    if (!cctx->iv_set)
          return -1;
          return -1;
+
      if (!ctx->encrypt && !cctx->tag_set)
          return -1;
      if (!out) {
      if (!ctx->encrypt && !cctx->tag_set)
          return -1;
      if (!out) {
@@ -2007,9 +2088,12 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
  
  # define aes_ccm_cleanup NULL
  
  
  # define aes_ccm_cleanup NULL
  
-BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, CUSTOM_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, CUSTOM_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
  
  typedef struct {
      union {
  
  typedef struct {
      union {
diff --git a/include/openssl/evp.h b/include/openssl/evp.h

index dff81b0811f43aec7cceab1345a87d2d36ceec16..ddefbf6436d649eb676175d0ef10c36129236ab3 100644 (file)
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -399,14 +399,16 @@ struct evp_cipher_st {
  # define         EVP_CTRL_AEAD_SET_IVLEN         0x9
  # define         EVP_CTRL_AEAD_GET_TAG           0x10
  # define         EVP_CTRL_AEAD_SET_TAG           0x11
  # define         EVP_CTRL_AEAD_SET_IVLEN         0x9
  # define         EVP_CTRL_AEAD_GET_TAG           0x10
  # define         EVP_CTRL_AEAD_SET_TAG           0x11
+# define         EVP_CTRL_AEAD_SET_IV_FIXED      0x12
  # define         EVP_CTRL_GCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
  # define         EVP_CTRL_GCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
  # define         EVP_CTRL_GCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
  # define         EVP_CTRL_GCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
  # define         EVP_CTRL_GCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
  # define         EVP_CTRL_GCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
-# define         EVP_CTRL_GCM_SET_IV_FIXED       0x12
+# define         EVP_CTRL_GCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
  # define         EVP_CTRL_GCM_IV_GEN             0x13
  # define         EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
  # define         EVP_CTRL_CCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
  # define         EVP_CTRL_CCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
  # define         EVP_CTRL_GCM_IV_GEN             0x13
  # define         EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
  # define         EVP_CTRL_CCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
  # define         EVP_CTRL_CCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
+# define         EVP_CTRL_CCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
  # define         EVP_CTRL_CCM_SET_L              0x14
  # define         EVP_CTRL_CCM_SET_MSGLEN         0x15
  /*
  # define         EVP_CTRL_CCM_SET_L              0x14
  # define         EVP_CTRL_CCM_SET_MSGLEN         0x15
  /*
@@ -443,6 +445,12 @@ typedef struct {
  /* Length of tag for TLS */
  # define EVP_GCM_TLS_TAG_LEN                             16
  
  /* Length of tag for TLS */
  # define EVP_GCM_TLS_TAG_LEN                             16
  
+/* CCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_CCM_TLS_FIXED_IV_LEN                        4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_CCM_TLS_EXPLICIT_IV_LEN                     8
+
  typedef struct evp_cipher_info_st {
      const EVP_CIPHER *cipher;
      unsigned char iv[EVP_MAX_IV_LENGTH];
  typedef struct evp_cipher_info_st {
      const EVP_CIPHER *cipher;
      unsigned char iv[EVP_MAX_IV_LENGTH];
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h

index 28c2fb98669a11ca4138b2630f64f0ac111acf3e..d2512b8551c77dc093cb438fd871f479a9b8eefe 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -245,6 +245,7 @@ extern "C" {
  # define SSL_TXT_AES256          "AES256"
  # define SSL_TXT_AES             "AES"
  # define SSL_TXT_AES_GCM         "AESGCM"
  # define SSL_TXT_AES256          "AES256"
  # define SSL_TXT_AES             "AES"
  # define SSL_TXT_AES_GCM         "AESGCM"
+# define SSL_TXT_AES_CCM         "AESCCM"
  # define SSL_TXT_CAMELLIA128     "CAMELLIA128"
  # define SSL_TXT_CAMELLIA256     "CAMELLIA256"
  # define SSL_TXT_CAMELLIA        "CAMELLIA"
  # define SSL_TXT_CAMELLIA128     "CAMELLIA128"
  # define SSL_TXT_CAMELLIA256     "CAMELLIA256"
  # define SSL_TXT_CAMELLIA        "CAMELLIA"
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c

index 3da4f116bb03ab2789f06db0cdc79f2cf4a97eed..74796bed6fb8921ada9dec652d74e260922191c5 100644 (file)
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -1120,6 +1120,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
          /* Need explicit part of IV for GCM mode */
          else if (mode == EVP_CIPH_GCM_MODE)
              eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
          /* Need explicit part of IV for GCM mode */
          else if (mode == EVP_CIPH_GCM_MODE)
              eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        else if (mode == EVP_CIPH_CCM_MODE)
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
          else
              eivlen = 0;
      } else
          else
              eivlen = 0;
      } else
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c

index 8a9e30302da9c6dd2e3dee74187faa8938c85690..5b286630ac9511e2b880001e339aaef34f86418b 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -799,6 +799,8 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          /* Need explicit part of IV for GCM mode */
          else if (mode == EVP_CIPH_GCM_MODE)
              eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
          /* Need explicit part of IV for GCM mode */
          else if (mode == EVP_CIPH_GCM_MODE)
              eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        else if (mode == EVP_CIPH_CCM_MODE)
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
          else
              eivlen = 0;
      } else
          else
              eivlen = 0;
      } else
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c

index 1865f242413cc68c7c1906a72880f95953597167..1fa17103260e9a0c31d22a742a633cb8986ccbfb 100644 (file)
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -764,10 +764,16 @@ int tls1_enc(SSL *s, int send)
              ? (i < 0)
              : (i == 0))
              return -1;          /* AEAD can fail to verify MAC */
              ? (i < 0)
              : (i == 0))
              return -1;          /* AEAD can fail to verify MAC */
-        if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
-            rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-            rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-            rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        if (send == 0) {
+            if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
+                rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {
+                rec->data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                rec->input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                rec->length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            }
          }
  
          ret = 1;
          }
  
          ret = 1;
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c

index ba9fc48a8d3f1e2fd939ec433e93996b425fc629..f4827fd7872b65a556b8316b31665ff3b9fb5ec5 100644 (file)
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -91,6 +91,8 @@ int SSL_library_init(void)
      EVP_add_cipher(EVP_aes_256_cbc());
      EVP_add_cipher(EVP_aes_128_gcm());
      EVP_add_cipher(EVP_aes_256_gcm());
      EVP_add_cipher(EVP_aes_256_cbc());
      EVP_add_cipher(EVP_aes_128_gcm());
      EVP_add_cipher(EVP_aes_256_gcm());
+    EVP_add_cipher(EVP_aes_128_ccm());
+    EVP_add_cipher(EVP_aes_256_ccm());
      EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
      EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
      EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
      EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
      EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
      EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index 08a95f958b5cd75e5bca5e011ae87230296efb7d..7f2970b317e26bfb2347eab633fb695ad17b86b1 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -164,7 +164,9 @@
  #define SSL_ENC_SEED_IDX        11
  #define SSL_ENC_AES128GCM_IDX   12
  #define SSL_ENC_AES256GCM_IDX   13
  #define SSL_ENC_SEED_IDX        11
  #define SSL_ENC_AES128GCM_IDX   12
  #define SSL_ENC_AES256GCM_IDX   13
-#define SSL_ENC_NUM_IDX         14
+#define SSL_ENC_AES128CCM_IDX   14
+#define SSL_ENC_AES256CCM_IDX   15
+#define SSL_ENC_NUM_IDX         16
  
  /* NB: make sure indices in these tables match values above */
  
  
  /* NB: make sure indices in these tables match values above */
  
@@ -188,7 +190,9 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
      {SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */
      {SSL_SEED, NID_seed_cbc},   /* SSL_ENC_SEED_IDX 11 */
      {SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */
      {SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */
      {SSL_SEED, NID_seed_cbc},   /* SSL_ENC_SEED_IDX 11 */
      {SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */
-    {SSL_AES256GCM, NID_aes_256_gcm} /* SSL_ENC_AES256GCM_IDX 13 */
+    {SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */
+    {SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */
+    {SSL_AES256CCM, NID_aes_256_ccm} /* SSL_ENC_AES256CCM_IDX 15 */
  };
  
  static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
  };
  
  static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
@@ -355,13 +359,15 @@ static const SSL_CIPHER cipher_aliases[] = {
      {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0,
-     0},
-    {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0,
-     0},
+    {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM, 0,
+     0, 0, 0, 0, 0},
+    {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM, 0,
+     0, 0, 0, 0, 0},
      {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
       0, 0},
      {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
       0, 0},
+    {0, SSL_TXT_AES_CCM, 0, 0, 0, SSL_AES128CCM | SSL_AES256CCM, 0, 0, 0, 0,
+     0, 0},
      {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0,
      {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
      {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0,
@@ -1709,6 +1715,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
      case SSL_AES256GCM:
          enc = "AESGCM(256)";
          break;
      case SSL_AES256GCM:
          enc = "AESGCM(256)";
          break;
+    case SSL_AES128CCM:
+        enc = "AESCCM(128)";
+        break;
+    case SSL_AES256CCM:
+        enc = "AESCCM(256)";
+        break;
      case SSL_CAMELLIA128:
          enc = "Camellia(128)";
          break;
      case SSL_CAMELLIA128:
          enc = "Camellia(128)";
          break;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 63b547a8f979a9e29de347ab6e8472ae4f64962e..b30a635e79da897d4e451beca101b169be221616 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -359,8 +359,10 @@
  # define SSL_SEED                0x00000800L
  # define SSL_AES128GCM           0x00001000L
  # define SSL_AES256GCM           0x00002000L
  # define SSL_SEED                0x00000800L
  # define SSL_AES128GCM           0x00001000L
  # define SSL_AES256GCM           0x00002000L
+# define SSL_AES128CCM           0x00004000L
+# define SSL_AES256CCM           0x00008000L
  
  
-# define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
+# define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM)
  # define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
  
  /* Bits for algorithm_mac (symmetric authentication) */
  # define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
  
  /* Bits for algorithm_mac (symmetric authentication) */
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c

index 9942bb433f4e5356b6aaa1b9de4276d8f2fc282a..87de2fe6c51add96bbf17c25b808a12e1bb1c291 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -422,9 +422,11 @@ int tls1_change_cipher_state(SSL *s, int which)
      j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
                       cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
      /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
      j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
                       cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
      /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
-    /* If GCM mode only part of IV comes from PRF */
+    /* If GCM/CCM mode only part of IV comes from PRF */
      if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
          k = EVP_GCM_TLS_FIXED_IV_LEN;
      if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
          k = EVP_GCM_TLS_FIXED_IV_LEN;
+    else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+        k = EVP_CCM_TLS_FIXED_IV_LEN;
      else
          k = EVP_CIPHER_iv_length(c);
      if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
      else
          k = EVP_CIPHER_iv_length(c);
      if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
@@ -506,6 +508,16 @@ int tls1_change_cipher_state(SSL *s, int which)
              SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
              goto err2;
          }
              SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
              goto err2;
          }
+    } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
+        int taglen = 16;
+        if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, k, iv)
+            || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
      } else {
          if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
              SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
      } else {
          if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
              SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 31 Jul 2015 15:54:35 +0000 (16:54 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 14 Aug 2015 05:56:11 +0000 (06:56 +0100)
crypto/evp/e_aes.c		patch \| blob \| history
include/openssl/evp.h		patch \| blob \| history
include/openssl/ssl.h		patch \| blob \| history
ssl/record/rec_layer_d1.c		patch \| blob \| history
ssl/record/rec_layer_s3.c		patch \| blob \| history
ssl/record/ssl3_record.c		patch \| blob \| history
ssl/ssl_algs.c		patch \| blob \| history
ssl/ssl_ciph.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history
ssl/t1_enc.c		patch \| blob \| history