RustCrypto
diff --git a/‎Cargo.lock‎
Lines changed: 132 additions & 2 deletions b/‎Cargo.lock‎
Lines changed: 132 additions & 2 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 8 additions & 4 deletions b/‎Cargo.toml‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎README.md‎
Lines changed: 6 additions & 0 deletions b/‎README.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/aead.rs‎
Lines changed: 15 additions & 0 deletions b/‎src/aead.rs‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎src/aead/aes.rs‎
Lines changed: 36 additions & 0 deletions b/‎src/aead/aes.rs‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎src/tls12/aead.rs‎
Lines changed: 3 additions & 0 deletions b/‎src/tls12/aead.rs‎
Lines changed: 3 additions & 0 deletions
@@ -18,10 +18,12 @@ resolver = "1" # Hack to enable the `custom` feature of `getrandom`
 # Ensure all dependencies + feats are mapped to crate features for correct usage
 # default features often have std breaking no_std and potentially other unwanted
 [dependencies]
+aes = { version = "0.8.4", default-features = false, optional = true }
 aead = { version = "0.5.2", default-features = false, optional = true }
 aes-gcm = { version = "0.10.3", default-features = false, features = [
     "aes",
 ], optional = true }
+ccm = { version = "0.5.0", optional = true, default-features = false }
 chacha20poly1305 = { version = "0.10.1", default-features = false, optional = true }
 crypto-common = { version = "0.1.6", default-features = false }
 der = { version = "0.7.9", default-features = false, optional = true }
@@ -84,7 +86,7 @@ std = [
     "ed25519-dalek?/std",
     "pkcs1?/std",
 ]
-alloc = ["webpki?/alloc", "ecdsa?/alloc", "signature?/alloc"]
+alloc = ["webpki?/alloc", "ecdsa?/alloc", "signature?/alloc", "ccm?/alloc"]
 zeroize = ["ed25519-dalek?/zeroize", "x25519-dalek?/zeroize"]
 
 nist = []
@@ -95,7 +97,7 @@ ed25519 = ["dep:ed25519-dalek"]
 
 verify = ["dep:webpki"]
 
-ecdsa = ["dep:ecdsa", "verify", "signature", "rand"]
+ecdsa = ["dep:ecdsa", "verify", "signature", "rand", "der"]
 ecdsa-p256 = ["p256", "p256/ecdsa", "ecdsa"]
 ecdsa-p384 = ["p384", "p384/ecdsa", "ecdsa"]
 ecdsa-p521 = ["p521", "p521/ecdsa", "ecdsa"]
@@ -118,9 +120,10 @@ rsa-pss = ["rsa"]
 rsa-full = ["rsa-pkcs1", "rsa-pss"]
 
 aead = ["dep:aead"]
-aes-gcm = ["dep:aes-gcm", "aead"]
+aes-gcm = ["aes", "dep:aes-gcm", "aead"]
+aes-ccm = ["aes", "dep:ccm", "aead"]
 chacha20poly1305 = ["dep:chacha20poly1305", "aead"]
-aead-full = ["aes-gcm", "chacha20poly1305"]
+aead-full = ["aes-gcm", "aes-ccm", "chacha20poly1305"]
 
 # TODO
 hash = []
@@ -146,3 +149,4 @@ pkcs8 = [
 
 signature = ["dep:signature"]
 rand = ["dep:rand_core", "signature?/rand_core"]
+aes = ["dep:aes"]
@@ -17,12 +17,18 @@ Note that RustCrypto performance is generally inferior than ring, but in exchang
 
 ## Supported Cipher Suites
 
+- TLS_ECDHE_ECDSA_WITH_AES_128_CCM
+- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+- TLS_ECDHE_ECDSA_WITH_AES_256_CCM
+- TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+- TLS13_AES_128_CCM_SHA256
+- TLS13_AES_128_CCM_8_SHA256
 - TLS13_AES_128_GCM_SHA256
 - TLS13_AES_256_GCM_SHA384
 - TLS13_CHACHA20_POLY1305_SHA256
 
@@ -12,6 +12,18 @@ pub struct Aes128Gcm;
 #[cfg(feature = "aes-gcm")]
 pub struct Aes256Gcm;
 
+#[cfg(feature = "aes-ccm")]
+pub struct Aes128Ccm;
+
+#[cfg(feature = "aes-ccm")]
+pub struct Aes256Ccm;
+
+#[cfg(feature = "aes-ccm")]
+pub struct Aes128Ccm8;
+
+#[cfg(feature = "aes-ccm")]
+pub struct Aes256Ccm8;
+
 pub(crate) struct EncryptBufferAdapter<'a>(pub(crate) &'a mut PrefixedPayload);
 
 impl AsRef<[u8]> for EncryptBufferAdapter<'_> {
@@ -60,3 +72,6 @@ impl Buffer for DecryptBufferAdapter<'_, '_> {
         self.0.truncate(len)
     }
 }
+
+#[cfg(feature = "aes")]
+pub mod aes;
@@ -0,0 +1,36 @@
+#[cfg(feature = "aes-ccm")]
+use aes::{Aes128, Aes256};
+#[cfg(feature = "aes-ccm")]
+use ccm::{
+    consts::{U12, U16, U8},
+    Ccm,
+};
+
+// The AEAD_AES_128_CCM authenticated encryption algorithm works as
+// specified in [CCM], using AES-128 as the block cipher, by providing
+// the key, nonce, associated data, and plaintext to that mode of
+// operation.  The formatting and counter generation function are as
+// specified in Appendix A of that reference, and the values of the
+// parameters identified in that appendix are as follows:
+//    the nonce length n is 12,
+//    the tag length t is 16, and
+//    the value of q is 3.
+#[cfg(feature = "aes-ccm")]
+pub type Aes128Ccm = Ccm<Aes128, U16, U12>;
+#[cfg(feature = "aes-ccm")]
+pub type Aes256Ccm = Ccm<Aes256, U16, U12>;
+
+// The AEAD_AES_128_CCM_8 authenticated encryption algorithm is
+// identical to the AEAD_AES_128_CCM algorithm (see Section 5.3 of
+// [RFC5116]), except that it uses 8 octets for authentication, instead
+// of the full 16 octets used by AEAD_AES_128_CCM.
+#[cfg(feature = "aes-ccm")]
+pub type Aes128Ccm8 = Ccm<Aes128, U8, U12>;
+#[cfg(feature = "aes-ccm")]
+pub type Aes256Ccm8 = Ccm<Aes256, U8, U12>;
+
+#[cfg(feature = "aes-gcm")]
+pub type Aes128Gcm = aes_gcm::Aes128Gcm;
+
+#[cfg(feature = "aes-gcm")]
+pub type Aes256Gcm = aes_gcm::Aes256Gcm;
@@ -3,3 +3,6 @@ pub mod chacha20;
 
 #[cfg(feature = "aes-gcm")]
 pub mod gcm;
+
+#[cfg(feature = "aes-ccm")]
+pub mod ccm;