Fix ccm cipher suite

CMakeLists.txt

@@ -764,7 +764,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1048")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1049")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)

include/gmssl/tls.h

@@ -109,6 +109,7 @@ typedef enum {
 
 	TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256 = 0xc023,
 	TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256 = 0xc02b,
+	TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm = 0xc0ac,
 
 	TLS_cipher_empty_renegotiation_info_scsv = 0x00ff,
 } TLS_CIPHER_SUITE;

include/gmssl/version.h

@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1048"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1049"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);

src/tls.c

@@ -1154,7 +1154,7 @@ int tls_record_encrypt(int cipher_suite,
 		}
 		break;
 #ifdef ENABLE_AES_CCM
-	case TLS_cipher_aes_128_ccm_sha256:
+	case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm:
 		if (tls_ccm_encrypt(key, fixed_iv, seq_num, in,
 			in + 5, inlen - 5,
 			out + 5, outlen) != 1) {
@@ -1204,7 +1204,7 @@ int tls_record_decrypt(int cipher_suite, const HMAC_CTX *hmac_ctx,
 		}
 		break;
 #ifdef ENABLE_AES_CCM
-	case TLS_cipher_aes_128_ccm_sha256:
+	case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm:
 		if (tls_ccm_decrypt(key, fixed_iv, seq_num, in,
 			in + 5, inlen - 5,
 			out + 5, outlen) != 1) {

src/tls12.c

@@ -50,7 +50,7 @@ const int tls12_cipher_suites[] = {
 	TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256,
 	TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256,
 #ifdef ENABLE_AES_CCM
-	TLS_cipher_aes_128_ccm_sha256,
+	TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm_sha256,
 #endif
 #endif
 };
@@ -458,7 +458,7 @@ static int tls12_cipher_suite_get(int cipher_suite, const BLOCK_CIPHER **cipher,
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
 #ifdef ENABLE_AES_CCM
-	case TLS_cipher_aes_128_ccm_sha256:
+	case TLS_cipher_ecdhe_ecdsa_aes_128_ccm:
 #endif
 		*cipher = BLOCK_CIPHER_aes128();
 		*digest = DIGEST_sha256();
@@ -481,7 +481,7 @@ static int tls12_cipher_suite_match_cert_group(int cipher_suite, int cert_group)
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
 #ifdef ENABLE_AES_CCM
-	case TLS_cipher_aes_128_ccm_sha256:
+	case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm:
 #endif
 		return cert_group == TLS_curve_secp256r1;
 #endif
@@ -511,7 +511,7 @@ static int tls12_signature_scheme_match_cipher_suite(int sig_alg, int cipher_sui
 		case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
 		case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
 #ifdef ENABLE_AES_CCM
-		case TLS_cipher_aes_128_ccm_sha256:
+		case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm:
 #endif
 			return 1;
 		}
@@ -531,7 +531,7 @@ static int tls12_key_exchange_group_match_cipher_suite(int group, int cipher_sui
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
 #ifdef ENABLE_AES_CCM
-	case TLS_cipher_aes_128_ccm_sha256:
+	case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm:
 #endif
 		return group == TLS_curve_secp256r1;
 #endif
@@ -1566,7 +1566,7 @@ int tls_recv_server_certificate(TLS_CONNECT *conn)
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
 #ifdef ENABLE_AES_CCM
-	case TLS_cipher_aes_128_ccm_sha256:
+	case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm:
 #endif
 		server_sig_alg = TLS_sig_ecdsa_secp256r1_sha256;
 		break;
@@ -1773,7 +1773,7 @@ int tls_curve_match_cipher_suite(int named_curve, int cipher_suite)
 		case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
 		case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
 #ifdef ENABLE_AES_CCM
-		case TLS_cipher_aes_128_ccm_sha256:
+		case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm:
 #endif
 			break;
 		default:
@@ -1808,7 +1808,7 @@ int tls_signature_scheme_match_cipher_suite(int sig_alg, int cipher_suite)
 		case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256:
 		case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256:
 #ifdef ENABLE_AES_CCM
-		case TLS_cipher_aes_128_ccm_sha256:
+		case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm:
 #endif
 			break;
 		default:

src/tls_trace.c

@@ -82,6 +82,7 @@ const char *tls_cipher_suite_name(int cipher)
 	case TLS_cipher_aes_128_ccm_8_sha256: return "TLS_AES_128_CCM_8_SHA256";
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256: return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
 	case TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256: return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+	case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm: return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM";
 	case TLS_cipher_empty_renegotiation_info_scsv: return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
 	}
 	return NULL;
@@ -109,6 +110,8 @@ int tls_cipher_suite_from_name(const char *name)
 		return TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256;
 	} else if (!strcmp(name, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256")) {
 		return TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256;
+	} else if (!strcmp(name, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM")) {
+		return TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm;
 	}
 	error_print();
 	return 0;