Implement AES-CCM

[geedo0]

Issues:

Resolves: CryptoAlg-2085

Description of changes:

Describe AWS-LC’s current behavior and how your code changes that behavior. If there are no issues this pr is resolving, explain why this change is necessary.

This exposes the AES-CCM block cipher algorithm via the EVP_CIPHER API. Currently we only support a limited set of AES-CCM modes via the EVP_AEAD interface for the Bluetooth, Bluetooth-8, and Matter wireless protocols. This PR introduces support for all AES key sizes (128, 192, and 256) as well as the ability to configure arbitrary AES-CCM modes via the M and L parameters.

Call-outs:

• AES-CCM in OpenSSL has a number of idiosyncrasies. I chose to prefer the behavior of upstream OpenSSL rather than imposing "more consistent" behavior relative to our other AEAD algorithms like AES-GCM and ChaCha20-Poly1305. This approach will improve our OpenSSL compatibility rather than introduce issues in potential consumers in the future.
  • AES-CCM only works in one-shot mode. i.e. incremental updates are not allowed. This is documented in the wiki and inferred from the source
  • Tag validation happens in EVP_Decrypt_Update rather than EVP_Decrypt_Final. This is in-line with the OpenSSL wiki, OpenSSL source, and strongSwan consuming source.
  • The NULL-ness of the in and out parameters going into EVP_Cipher_Update is very important. The unit tests have been updated to ensure that non-NULL pointers are passed in regardless of whether or not the length is 0.
• We are introducing new to LC CCM operating modes and key sizes for AES-CCM that were not exposed via the EVP_AEAD mode. Please review that the cryptography for these are sound.

Testing:

How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?

• All the NIST CAVP test vectors have been imported from upstream OpenSSL and run into the EVP_CIPHER test suite.
• All the existing EVP_AEAD test vectors for Bluetooth, Bluetooth-8, and Matter have been run into the EVP_AEAD test vector runner.
• All the AES-CCM Wycheproof test vectors were generated using convert_wycheproof.go and run through the test runner developed for ChaCha20-Poly1305.
• All CI is passing aside from aws-lc-ci-ec2-test-framework which appears universal to all active PRs.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

Attention: 20 lines in your changes are missing coverage. Please review.

Comparison is base (7226be1) 76.84% compared to head (061ad4f) 76.82%.
Report is 24 commits behind head on main.

Files	Patch %	Lines
crypto/fipsmodule/cipher/e_aesccm.c	88.37%	20 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1373      +/-   ##
==========================================
- Coverage   76.84%   76.82%   -0.02%     
==========================================
  Files         424      424              
  Lines       71392    71500     +108     
==========================================
+ Hits        54859    54933      +74     
- Misses      16533    16567      +34     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.