crypto: Add AES_CCM crypto

Will be increase interoperability of future SSL application versions.

2 files changed, 80 insertions, 19 deletions

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 4442692537..e99c1bb38c 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -187,6 +187,7 @@
 # define HAVE_EVP_AES_CTR
 # define HAVE_AEAD
 # define HAVE_GCM
+# define HAVE_CCM
 # define HAVE_CMAC
 # if OPENSSL_VERSION_NUMBER < PACKED_OPENSSL_VERSION(1,0,1,'d')
 #  define HAVE_GCM_EVP_DECRYPT_BUG
@@ -716,6 +717,9 @@ static ERL_NIF_TERM atom_aes_cfb128;
 #ifdef HAVE_GCM
 static ERL_NIF_TERM atom_aes_gcm;
 #endif
+#ifdef HAVE_CCM
+static ERL_NIF_TERM atom_aes_ccm;
+#endif
 #ifdef HAVE_ECB_IVEC_BUG
 static ERL_NIF_TERM atom_aes_ecb;
 static ERL_NIF_TERM atom_des_ecb;
@@ -1159,6 +1163,9 @@ static int initialize(ErlNifEnv* env, ERL_NIF_TERM load_info)
 #ifdef HAVE_GCM
     atom_aes_gcm = enif_make_atom(env, "aes_gcm");
 #endif
+#ifdef HAVE_CCM
+    atom_aes_ccm = enif_make_atom(env, "aes_ccm");
+#endif
 #ifdef HAVE_ECB_IVEC_BUG
     atom_aes_ecb = enif_make_atom(env, "aes_ecb");
     atom_des_ecb = enif_make_atom(env, "des_ecb");
@@ -1321,7 +1328,7 @@ static ERL_NIF_TERM algo_hash[12];   /* increase when extending the list */
 static int algo_pubkey_cnt, algo_pubkey_fips_cnt;
 static ERL_NIF_TERM algo_pubkey[11]; /* increase when extending the list */
 static int algo_cipher_cnt, algo_cipher_fips_cnt;
-static ERL_NIF_TERM algo_cipher[24]; /* increase when extending the list */
+static ERL_NIF_TERM algo_cipher[25]; /* increase when extending the list */
 static int algo_mac_cnt, algo_mac_fips_cnt;
 static ERL_NIF_TERM algo_mac[3]; /* increase when extending the list */
 static int algo_curve_cnt, algo_curve_fips_cnt;
@@ -1397,6 +1404,9 @@ static void init_algorithms_types(ErlNifEnv* env)
 #if defined(HAVE_GCM)
     algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"aes_gcm");
 #endif
+#if defined(HAVE_CCM)
+    algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"aes_ccm");
+#endif
     // Non-validated algorithms follow
     algo_cipher_fips_cnt = algo_cipher_cnt;
 #ifdef HAVE_AES_IGE
@@ -2560,6 +2570,22 @@ static ERL_NIF_TERM aead_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
 
     } else
 #endif
+#if defined(HAVE_CCM)
+    if ((type == atom_aes_ccm)
+        && (7 <= iv.size && iv.size <= 13)
+        && (4 <= tag_len && tag_len <= 16)
+        && ((tag_len & 1) == 0)
+        ) {
+        ctx_ctrl_set_ivlen = EVP_CTRL_CCM_SET_IVLEN;
+        ctx_ctrl_get_tag = EVP_CTRL_CCM_GET_TAG;
+        if (key.size == 16)      cipher = EVP_aes_128_ccm();
+        else if (key.size == 24) cipher = EVP_aes_192_ccm();
+        else if (key.size == 32) cipher = EVP_aes_256_ccm();
+        else
+            enif_make_badarg(env);
+
+    } else
+#endif
         enif_make_badarg(env);
  
     ctx = EVP_CIPHER_CTX_new();
@@ -2571,6 +2597,13 @@ static ERL_NIF_TERM aead_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
             if (EVP_EncryptInit_ex(ctx, NULL, NULL, key.data, iv.data) != 1) goto out_err;
         } else
 #endif            
+#if defined(HAVE_CCM)
+    if (type == atom_aes_ccm) {
+        if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag_len, NULL) != 1) goto out_err;
+        if (EVP_EncryptInit_ex(ctx, NULL, NULL, key.data, iv.data) != 1) goto out_err;
+        if (EVP_EncryptUpdate(ctx, NULL, &len, NULL, in.size) != 1) goto out_err;
+    } else
+#endif
         goto out_err; 
 
     if (EVP_EncryptUpdate(ctx, NULL, &len, aad.data, aad.size) != 1) goto out_err;
@@ -2635,6 +2668,18 @@ static ERL_NIF_TERM aead_decrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
 
     } else
 #endif
+#if defined(HAVE_CCM)
+    if ((type == atom_aes_ccm)
+        && (iv.size > 0)) {
+        ctx_ctrl_set_ivlen = EVP_CTRL_CCM_SET_IVLEN;
+        if (key.size == 16)      cipher = EVP_aes_128_ccm();
+        else if (key.size == 24) cipher = EVP_aes_192_ccm();
+        else if (key.size == 32) cipher = EVP_aes_256_ccm();
+        else
+            enif_make_badarg(env);
+
+    } else
+#endif
         enif_make_badarg(env);
 
     outp = enif_make_new_binary(env, in.size, &out);
@@ -2643,8 +2688,20 @@ static ERL_NIF_TERM aead_decrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
     if (EVP_DecryptInit_ex(ctx, cipher, NULL, NULL, NULL) != 1) goto out_err;
     if (EVP_CIPHER_CTX_ctrl(ctx,  ctx_ctrl_set_ivlen, iv.size, NULL) != 1) goto out_err;
 
+#if defined(HAVE_CCM)
+    if (type == atom_aes_ccm) {
+        if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag.size, tag.data) != 1) goto out_err;
+    }
+#endif
+
     if (EVP_DecryptInit_ex(ctx, NULL, NULL, key.data, iv.data) != 1) goto out_err;
 
+#if defined(HAVE_CCM)
+    if (type == atom_aes_ccm) {
+        if (1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, in.size)) goto out_err;
+    }
+#endif
+
     if (EVP_DecryptUpdate(ctx, NULL, &len, aad.data, aad.size) != 1) goto out_err;
     if (EVP_DecryptUpdate(ctx, outp, &len, in.data, in.size) != 1) goto out_err;
 
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index cb281aac42..2f612b6121 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -262,7 +262,7 @@
                               | rc2_cbc .
 
 -type cbc_cipher()  :: des_cbc | des3_cbc | aes_cbc | blowfish_cbc .
--type aead_cipher() :: aes_gcm | chacha20_poly1305 .
+-type aead_cipher() :: aes_gcm | aes_ccm | chacha20_poly1305 .
 -type cfb_cipher()  :: aes_cfb128 | aes_cfb8 | blowfish_cfb64 | des3_cfb | des_cfb .
 
 -type block_cipher_without_iv() :: ecb_cipher() .
@@ -490,23 +490,23 @@ poly1305(Key, Data) ->
 -spec block_encrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) -> binary();
                    (Type::aead_cipher(),  Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata()}) ->
                            {binary(), binary()};
-                   (aes_gcm, Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata(), TagLength::1..16}) ->
+                   (aes_gcm | aes_ccm, Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata(), TagLength::1..16}) ->
                            {binary(), binary()}.
 
 block_encrypt(Type, Key, Ivec, PlainText) when Type =:= des_cbc;
-                                          Type =:= des_cfb;
-                                          Type =:= blowfish_cbc;
-                                          Type =:= blowfish_cfb64;
-                                          Type =:= blowfish_ofb64;
-                                          Type =:= aes_cbc128;
-                                          Type =:= aes_cfb8;
-                                          Type =:= aes_cfb128;
-                                          Type =:= aes_cbc256;
-					  Type =:= aes_cbc;
-                                          Type =:= rc2_cbc ->
+                                               Type =:= des_cfb;
+                                               Type =:= blowfish_cbc;
+                                               Type =:= blowfish_cfb64;
+                                               Type =:= blowfish_ofb64;
+                                               Type =:= aes_cbc128;
+                                               Type =:= aes_cfb8;
+                                               Type =:= aes_cfb128;
+                                               Type =:= aes_cbc256;
+                                               Type =:= aes_cbc;
+                                               Type =:= rc2_cbc ->
     block_crypt_nif(Type, Key, Ivec, PlainText, true);
 block_encrypt(Type, Key0, Ivec, PlainText) when Type =:= des3_cbc;
-                                           Type =:= des_ede3 ->
+                                                Type =:= des_ede3 ->
     Key = check_des3_key(Key0),
     block_crypt_nif(des_ede3_cbc, Key, Ivec, PlainText, true);
 block_encrypt(des3_cbf, Key0, Ivec, PlainText) -> % cfb misspelled
@@ -517,10 +517,12 @@ block_encrypt(des3_cfb, Key0, Ivec, PlainText) ->
     block_crypt_nif(des_ede3_cfb, Key, Ivec, PlainText, true);
 block_encrypt(aes_ige256, Key, Ivec, PlainText) ->
     notsup_to_error(aes_ige_crypt_nif(Key, Ivec, PlainText, true));
-block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText}) ->
-    aead_encrypt(Key, Ivec, AAD, PlainText);
-block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText, TagLength}) ->
-    aead_encrypt(Key, Ivec, AAD, PlainText, TagLength);
+block_encrypt(Type, Key, Ivec, {AAD, PlainText}) when Type =:= aes_gcm;
+                                                      Type =:= aes_ccm ->
+    aead_encrypt(Type, Key, Ivec, AAD, PlainText);
+block_encrypt(Type, Key, Ivec, {AAD, PlainText, TagLength}) when Type =:= aes_gcm;
+                                                                 Type =:= aes_ccm ->
+    aead_encrypt(Type, Key, Ivec, AAD, PlainText, TagLength);
 block_encrypt(chacha20_poly1305, Key, Ivec, {AAD, PlainText}) ->
     chacha20_poly1305_encrypt(Key, Ivec, AAD, PlainText).
 
@@ -551,7 +553,8 @@ block_decrypt(des3_cfb, Key0, Ivec, Data) ->
     block_crypt_nif(des_ede3_cfb, Key, Ivec, Data, false);
 block_decrypt(aes_ige256, Key, Ivec, Data) ->
     notsup_to_error(aes_ige_crypt_nif(Key, Ivec, Data, false));
-block_decrypt(Type, Key, Ivec, {AAD, Data, Tag}) when Type =:= aes_gcm ->
+block_decrypt(Type, Key, Ivec, {AAD, Data, Tag}) when Type =:= aes_gcm;
+                                                      Type =:= aes_ccm ->
     aead_decrypt(Type, Key, Ivec, AAD, Data, Tag);
 block_decrypt(chacha20_poly1305, Key, Ivec, {AAD, Data, Tag}) ->
     chacha20_poly1305_decrypt(Key, Ivec, AAD, Data, Tag).
@@ -1604,6 +1607,7 @@ check_des3_key(Key) ->
 %% AES - in Galois/Counter Mode (GCM)
 %%
 %% The default tag length is EVP_GCM_TLS_TAG_LEN(16),
+aead_encrypt(Type=aes_ccm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec, AAD, In, 12);
 aead_encrypt(Type=aes_gcm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec, AAD, In, 16).
 
 aead_encrypt(_Type, _Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub.