5 files changed, 153 insertions, 0 deletions

diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index d1501d6f25..b91eac7e1b 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -73,6 +73,24 @@ static const cipher_entry_st algorithms[] = {
 	  .explicit_iv = 8,
 	  .cipher_iv = 12,
 	  .tagsize = 16},
+	{ .name = "AES-128-CCM",
+	  .id = GNUTLS_CIPHER_AES_128_CCM,
+	  .blocksize = 16,
+	  .keysize = 16,
+	  .type = CIPHER_AEAD,
+	  .implicit_iv = 4,
+	  .explicit_iv = 8,
+	  .cipher_iv = 12,
+	  .tagsize = 16},
+	{ .name = "AES-256-CCM",
+	  .id = GNUTLS_CIPHER_AES_256_CCM,
+	  .blocksize = 16,
+	  .keysize = 32,
+	  .type = CIPHER_AEAD,
+	  .implicit_iv = 4,
+	  .explicit_iv = 8,
+	  .cipher_iv = 12,
+	  .tagsize = 16},
 	{ .name = "ARCFOUR-128",
 	  .id = GNUTLS_CIPHER_ARCFOUR_128,
 	  .blocksize = 1,
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index f397dedc27..06504a7d6d 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -209,6 +209,20 @@ typedef struct {
 #define GNUTLS_DHE_DSS_AES_256_GCM_SHA384 {0x00,0xA3}
 #define GNUTLS_DH_ANON_AES_256_GCM_SHA384 {0x00,0xA7}
 
+/* CCM: RFC6655 */
+#define GNUTLS_RSA_AES_128_CCM_SHA256 { 0xC0, 0x9C }
+#define GNUTLS_RSA_AES_256_CCM_SHA256 { 0xC0, 0x9D }
+#define GNUTLS_DHE_RSA_AES_128_CCM_SHA256 {0xC0,0x9E}
+#define GNUTLS_DHE_RSA_AES_256_CCM_SHA256 {0xC0,0x9F}
+
+#define GNUTLS_ECDHE_ECDSA_AES_128_CCM_SHA256 {0xC0,0xAC}
+#define GNUTLS_ECDHE_ECDSA_AES_256_CCM_SHA256 {0xC0,0xAD}
+
+#define GNUTLS_PSK_AES_128_CCM_SHA256 { 0xC0, 0xA4 }
+#define GNUTLS_PSK_AES_256_CCM_SHA256 { 0xC0, 0xA5 }
+#define GNUTLS_DHE_PSK_AES_128_CCM_SHA256 {0xC0,0xA6}
+#define GNUTLS_DHE_PSK_AES_256_CCM_SHA256 {0xC0,0xA7}
+
 
 /* RFC 5487 */
 /* GCM-PSK */
@@ -373,6 +387,50 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
 		  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
 		  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
+/* CCM */
+	ENTRY(GNUTLS_RSA_AES_128_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_RSA,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+	ENTRY(GNUTLS_RSA_AES_256_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_RSA,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+	ENTRY(GNUTLS_DHE_RSA_AES_128_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_RSA,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+	ENTRY(GNUTLS_DHE_RSA_AES_256_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_RSA,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+
+	ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_ECDHE_ECDSA,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+	ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_ECDHE_ECDSA,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+
+	ENTRY(GNUTLS_PSK_AES_128_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_PSK,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+	ENTRY(GNUTLS_PSK_AES_256_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_PSK,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+	ENTRY(GNUTLS_DHE_PSK_AES_128_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_PSK,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+	ENTRY(GNUTLS_DHE_PSK_AES_256_CCM_SHA256,
+	      GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_PSK,
+	      GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+	      GNUTLS_DTLS1_2),
+
 	/* DHE_DSS */
 #ifdef ENABLE_DHE
 	ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index ce53a84ae3..0e4f78865f 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -210,6 +210,8 @@ static const int _cipher_priority_performance_default[] = {
 	GNUTLS_CIPHER_AES_256_GCM,
 	GNUTLS_CIPHER_CAMELLIA_128_GCM,
 	GNUTLS_CIPHER_CAMELLIA_256_GCM,
+	GNUTLS_CIPHER_AES_128_CCM,
+	GNUTLS_CIPHER_AES_256_CCM,
 	GNUTLS_CIPHER_AES_128_CBC,
 	GNUTLS_CIPHER_AES_256_CBC,
 	GNUTLS_CIPHER_CAMELLIA_128_CBC,
@@ -226,6 +228,8 @@ static const int _cipher_priority_normal_default[] = {
 	GNUTLS_CIPHER_AES_256_GCM,
 	GNUTLS_CIPHER_CAMELLIA_128_GCM,
 	GNUTLS_CIPHER_CAMELLIA_256_GCM,
+	GNUTLS_CIPHER_AES_128_CCM,
+	GNUTLS_CIPHER_AES_256_CCM,
 	GNUTLS_CIPHER_AES_128_CBC,
 	GNUTLS_CIPHER_AES_256_CBC,
 	GNUTLS_CIPHER_CAMELLIA_128_CBC,
@@ -238,6 +242,8 @@ static const int _cipher_priority_normal_default[] = {
 static const int cipher_priority_performance_fips[] = {
 	GNUTLS_CIPHER_AES_128_GCM,
 	GNUTLS_CIPHER_AES_256_GCM,
+	GNUTLS_CIPHER_AES_128_CCM,
+	GNUTLS_CIPHER_AES_256_CCM,
 	GNUTLS_CIPHER_AES_128_CBC,
 	GNUTLS_CIPHER_AES_256_CBC,
 	GNUTLS_CIPHER_3DES_CBC,
@@ -247,6 +253,8 @@ static const int cipher_priority_performance_fips[] = {
 static const int cipher_priority_normal_fips[] = {
 	GNUTLS_CIPHER_AES_128_GCM,
 	GNUTLS_CIPHER_AES_256_GCM,
+	GNUTLS_CIPHER_AES_128_CCM,
+	GNUTLS_CIPHER_AES_256_CCM,
 	GNUTLS_CIPHER_AES_128_CBC,
 	GNUTLS_CIPHER_AES_256_CBC,
 	GNUTLS_CIPHER_3DES_CBC,
@@ -271,8 +279,11 @@ static const int* cipher_priority_suiteb192 = _cipher_priority_suiteb192;
 static const int _cipher_priority_secure128[] = {
 	GNUTLS_CIPHER_AES_128_GCM,
 	GNUTLS_CIPHER_CAMELLIA_128_GCM,
+	GNUTLS_CIPHER_AES_128_CCM,
+
 	GNUTLS_CIPHER_AES_256_GCM,
 	GNUTLS_CIPHER_CAMELLIA_256_GCM,
+	GNUTLS_CIPHER_AES_256_CCM,
 
 	GNUTLS_CIPHER_AES_128_CBC,
 	GNUTLS_CIPHER_CAMELLIA_128_CBC,
@@ -286,6 +297,7 @@ static const int *cipher_priority_secure128 = _cipher_priority_secure128;
 static const int _cipher_priority_secure192[] = {
 	GNUTLS_CIPHER_AES_256_GCM,
 	GNUTLS_CIPHER_CAMELLIA_256_GCM,
+	GNUTLS_CIPHER_AES_256_CCM,
 	GNUTLS_CIPHER_AES_256_CBC,
 	GNUTLS_CIPHER_CAMELLIA_256_CBC,
 	0
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 0abb0534e3..77dedc8c76 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -90,6 +90,8 @@ extern "C" {
  * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
  * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
  * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
+ * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys.
  * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys.
  * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys.
  * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.
@@ -126,6 +128,8 @@ typedef enum gnutls_cipher_algorithm {
 	GNUTLS_CIPHER_CAMELLIA_256_GCM = 16,
 	GNUTLS_CIPHER_RC2_40_CBC = 17,
 	GNUTLS_CIPHER_DES_CBC = 18,
+	GNUTLS_CIPHER_AES_128_CCM = 19,
+	GNUTLS_CIPHER_AES_256_CCM = 20,
 
 	/* used only for PGP internals. Ignored in TLS/SSL
 	 */
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index f85e8cc271..d8d9626d68 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -36,6 +36,7 @@
 #include <nettle/nettle-meta.h>
 #include <nettle/cbc.h>
 #include <nettle/gcm.h>
+#include <nettle/ccm.h>
 #include <fips.h>
 
 struct nettle_cipher_ctx;
@@ -123,6 +124,38 @@ _cbc_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
 }
 
 static void
+_ccm_aes_encrypt(struct nettle_cipher_ctx *ctx,
+	      size_t nonce_size, const void *nonce,
+	      size_t auth_size, const void *auth,
+	      size_t tag_size,
+	      size_t length, uint8_t * dst,
+	      const uint8_t * src)
+{
+	ccm_encrypt_message((void*)ctx->ctx_ptr, ctx->cipher->encrypt_block,
+			    nonce_size, nonce,
+			    auth_size, auth,
+			    tag_size, length, dst, src);
+}
+
+static int
+_ccm_aes_decrypt(struct nettle_cipher_ctx *ctx,
+	      size_t nonce_size, const void *nonce,
+	      size_t auth_size, const void *auth,
+	      size_t tag_size,
+	      size_t length, uint8_t * dst,
+	      const uint8_t * src)
+{
+	int ret;
+	ret = ccm_decrypt_message((void*)ctx->ctx_ptr, ctx->cipher->encrypt_block,
+				    nonce_size, nonce,
+				    auth_size, auth,
+				    tag_size, length, dst, src);
+	if (ret == 0)
+		return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
+	return 0;
+}
+
+static void
 _gcm_aes128_encrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
                  const uint8_t * src)
 {
@@ -213,6 +246,34 @@ static const struct nettle_cipher_st builtin_ciphers[] = {
 	   .set_iv = (setiv_func)gcm_aes256_set_iv,
 	   .fips_allowed = 1
 	},
+	{  .algo = GNUTLS_CIPHER_AES_128_CCM,
+	   .block_size = AES_BLOCK_SIZE,
+	   .key_size = AES128_KEY_SIZE,
+	   .encrypt_block = (nettle_cipher_func*)aes128_encrypt,
+	   .decrypt_block = (nettle_cipher_func*)aes128_decrypt,
+
+	   .ctx_size = sizeof(struct aes128_ctx),
+	   .aead_encrypt = _ccm_aes_encrypt,
+	   .aead_decrypt = _ccm_aes_decrypt,
+	   .set_encrypt_key = (setkey_func)aes128_set_encrypt_key,
+	   .set_decrypt_key = (setkey_func)aes128_set_encrypt_key,
+
+	   .fips_allowed = 1
+	},
+	{  .algo = GNUTLS_CIPHER_AES_256_CCM,
+	   .block_size = AES_BLOCK_SIZE,
+	   .key_size = AES256_KEY_SIZE,
+	   .encrypt_block = (nettle_cipher_func*)aes256_encrypt,
+	   .decrypt_block = (nettle_cipher_func*)aes256_decrypt,
+
+	   .ctx_size = sizeof(struct aes256_ctx),
+	   .aead_encrypt = _ccm_aes_encrypt,
+	   .aead_decrypt = _ccm_aes_decrypt,
+	   .set_encrypt_key = (setkey_func)aes256_set_encrypt_key,
+	   .set_decrypt_key = (setkey_func)aes256_set_encrypt_key,
+
+	   .fips_allowed = 1
+	},
 	{  .algo = GNUTLS_CIPHER_CAMELLIA_128_GCM,
 	   .block_size = CAMELLIA_BLOCK_SIZE,
 	   .key_size = CAMELLIA128_KEY_SIZE,