1 files changed, 28 insertions, 26 deletions

diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 7d8f0479ee..960fe46c09 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -262,7 +262,7 @@
                               | rc2_cbc .
 
 -type cbc_cipher()  :: des_cbc | des3_cbc | aes_cbc | blowfish_cbc .
--type aead_cipher() :: aes_gcm | chacha20_poly1305 .
+-type aead_cipher() :: aes_gcm | aes_ccm | chacha20_poly1305 .
 -type cfb_cipher()  :: aes_cfb128 | aes_cfb8 | blowfish_cfb64 | des3_cfb | des_cfb .
 
 -type block_cipher_without_iv() :: ecb_cipher() .
@@ -493,23 +493,23 @@ poly1305(Key, Data) ->
 -spec block_encrypt(Type::block_cipher_with_iv(), Key::key()|des3_key(), Ivec::binary(), PlainText::iodata()) -> binary();
                    (Type::aead_cipher(),  Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata()}) ->
                            {binary(), binary()};
-                   (aes_gcm, Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata(), TagLength::1..16}) ->
+                   (aes_gcm | aes_ccm, Key::iodata(), Ivec::binary(), {AAD::binary(), PlainText::iodata(), TagLength::1..16}) ->
                            {binary(), binary()}.
 
 block_encrypt(Type, Key, Ivec, PlainText) when Type =:= des_cbc;
-                                          Type =:= des_cfb;
-                                          Type =:= blowfish_cbc;
-                                          Type =:= blowfish_cfb64;
-                                          Type =:= blowfish_ofb64;
-                                          Type =:= aes_cbc128;
-                                          Type =:= aes_cfb8;
-                                          Type =:= aes_cfb128;
-                                          Type =:= aes_cbc256;
-					  Type =:= aes_cbc;
-                                          Type =:= rc2_cbc ->
+                                               Type =:= des_cfb;
+                                               Type =:= blowfish_cbc;
+                                               Type =:= blowfish_cfb64;
+                                               Type =:= blowfish_ofb64;
+                                               Type =:= aes_cbc128;
+                                               Type =:= aes_cfb8;
+                                               Type =:= aes_cfb128;
+                                               Type =:= aes_cbc256;
+                                               Type =:= aes_cbc;
+                                               Type =:= rc2_cbc ->
     block_crypt_nif(Type, Key, Ivec, PlainText, true);
 block_encrypt(Type, Key0, Ivec, PlainText) when Type =:= des3_cbc;
-                                           Type =:= des_ede3 ->
+                                                Type =:= des_ede3 ->
     Key = check_des3_key(Key0),
     block_crypt_nif(des_ede3_cbc, Key, Ivec, PlainText, true);
 block_encrypt(des3_cbf, Key0, Ivec, PlainText) -> % cfb misspelled
@@ -520,10 +520,12 @@ block_encrypt(des3_cfb, Key0, Ivec, PlainText) ->
     block_crypt_nif(des_ede3_cfb, Key, Ivec, PlainText, true);
 block_encrypt(aes_ige256, Key, Ivec, PlainText) ->
     notsup_to_error(aes_ige_crypt_nif(Key, Ivec, PlainText, true));
-block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText}) ->
-    aes_gcm_encrypt(Key, Ivec, AAD, PlainText);
-block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText, TagLength}) ->
-    aes_gcm_encrypt(Key, Ivec, AAD, PlainText, TagLength);
+block_encrypt(Type, Key, Ivec, {AAD, PlainText}) when Type =:= aes_gcm;
+                                                      Type =:= aes_ccm ->
+    aead_encrypt(Type, Key, Ivec, AAD, PlainText);
+block_encrypt(Type, Key, Ivec, {AAD, PlainText, TagLength}) when Type =:= aes_gcm;
+                                                                 Type =:= aes_ccm ->
+    aead_encrypt(Type, Key, Ivec, AAD, PlainText, TagLength);
 block_encrypt(chacha20_poly1305, Key, Ivec, {AAD, PlainText}) ->
     chacha20_poly1305_encrypt(Key, Ivec, AAD, PlainText).
 
@@ -554,8 +556,9 @@ block_decrypt(des3_cfb, Key0, Ivec, Data) ->
     block_crypt_nif(des_ede3_cfb, Key, Ivec, Data, false);
 block_decrypt(aes_ige256, Key, Ivec, Data) ->
     notsup_to_error(aes_ige_crypt_nif(Key, Ivec, Data, false));
-block_decrypt(aes_gcm, Key, Ivec, {AAD, Data, Tag}) ->
-    aes_gcm_decrypt(Key, Ivec, AAD, Data, Tag);
+block_decrypt(Type, Key, Ivec, {AAD, Data, Tag}) when Type =:= aes_gcm;
+                                                      Type =:= aes_ccm ->
+    aead_decrypt(Type, Key, Ivec, AAD, Data, Tag);
 block_decrypt(chacha20_poly1305, Key, Ivec, {AAD, Data, Tag}) ->
     chacha20_poly1305_decrypt(Key, Ivec, AAD, Data, Tag).
 
@@ -580,10 +583,8 @@ next_iv(Type, Data) when is_binary(Data) ->
     IVecSize = case Type of
                    des_cbc  -> 8;
                    des3_cbc -> 8;
-                   blowfish_cbc -> 8;
                    aes_cbc  -> 16;
-                   aes_ige  -> 32; % For compatibility if someone has bug-adapted code
-                   aes_ige256 -> 32 % The name used in block_encrypt et al
+                   aes_ige  -> 32
                end,
     {_, IVec} = split_binary(Data, size(Data) - IVecSize),
     IVec;
@@ -1609,10 +1610,11 @@ check_des3_key(Key) ->
 %% AES - in Galois/Counter Mode (GCM)
 %%
 %% The default tag length is EVP_GCM_TLS_TAG_LEN(16),
-aes_gcm_encrypt(Key, Ivec, AAD, In) ->
-    aes_gcm_encrypt(Key, Ivec, AAD, In, 16).
-aes_gcm_encrypt(_Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub.
-aes_gcm_decrypt(_Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub.
+aead_encrypt(Type=aes_ccm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec, AAD, In, 12);
+aead_encrypt(Type=aes_gcm, Key, Ivec, AAD, In) -> aead_encrypt(Type, Key, Ivec, AAD, In, 16).
+
+aead_encrypt(_Type, _Key, _Ivec, _AAD, _In, _TagLength) -> ?nif_stub.
+aead_decrypt(_Type, _Key, _Ivec, _AAD, _In, _Tag) -> ?nif_stub.
 
 %%
 %% Chacha20/Ppoly1305