tests: fix some AES-CCM tests

In TLS, the AES-CCM test is commented out because CCM is not supported by cryptography. But the combined_modes_ccm keyword is made to skip these tests. In IPsec, some IPv4 tests are located in the IPv6 section. Also add the same combination of test for the AES-CCM as the other modes. Also, there is some errors in the key material as the *MUST* implementation uses a 16 bytes key and a 3 bytes nonce. Fix those lengths. Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>

tests: fix some AES-CCM tests
In TLS, the AES-CCM test is commented out because CCM is not supported by cryptography. But the combined_modes_ccm keyword is made to skip these tests. In IPsec, some IPv4 tests are located in the IPv6 section. Also add the same combination of test for the AES-CCM as the other modes. Also, there is some errors in the key material as the *MUST* implementation uses a 16 bytes key and a 3 bytes nonce. Fix those lengths. Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com>
e430ef63 · Thomas Faivre · Guillaume Valadon · 99381c38 · e430ef63 · e430ef63
Commit e430ef63 authored 8 years ago by Thomas Faivre Committed by Guillaume Valadon 8 years ago
--- a/test/ipsec.uts
+++ b/test/ipsec.uts
@@ -1458,6 +1458,79 @@ try:
    assert(False)
 except IPSecIntegrityError, err:
    err
+
+#######################################
+= IPv4 / ESP - Transport - AES-CCM - NULL
+~ combined_modes_ccm
+
+p = IP(src='1.1.1.1', dst='2.2.2.2')
+p /= TCP(sport=45012, dport=80)
+p /= Raw('testdata')
+p = IP(str(p))
+p
+
+sa = SecurityAssociation(ESP, spi=0x222,
+                         crypt_algo='AES-CCM', crypt_key='16bytekey3bytenonce',
+                         auth_algo='NULL', auth_key=None)
+
+e = sa.encrypt(p)
+e
+
+assert(isinstance(e, IP))
+* after encryption packet should be encapsulated with the given ip tunnel header
+assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
+assert(e.chksum != p.chksum)
+assert(e.proto == socket.IPPROTO_ESP)
+assert(e.haslayer(ESP))
+assert(not e.haslayer(TCP))
+assert(e[ESP].spi == sa.spi)
+* after encryption the original packet payload should NOT be readable
+assert('testdata' not in e[ESP].data)
+
+d = sa.decrypt(e)
+d
+
+* after decryption original packet should be preserved
+assert(d == p)
+
+#######################################
+= IPv4 / ESP - Transport - AES-CCM - NULL - altered packet
+~ combined_modes_ccm
+
+p = IP(src='1.1.1.1', dst='2.2.2.2')
+p /= TCP(sport=45012, dport=80)
+p /= Raw('testdata')
+p = IP(str(p))
+p
+
+sa = SecurityAssociation(ESP, spi=0x222,
+                         crypt_algo='AES-CCM', crypt_key='16bytekey3bytenonce',
+                         auth_algo='NULL', auth_key=None)
+
+e = sa.encrypt(p)
+e
+
+assert(isinstance(e, IP))
+* after encryption packet should be encapsulated with the given ip tunnel header
+assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
+assert(e.chksum != p.chksum)
+assert(e.proto == socket.IPPROTO_ESP)
+assert(e.haslayer(ESP))
+assert(not e.haslayer(TCP))
+assert(e[ESP].spi == sa.spi)
+* after encryption the original packet payload should NOT be readable
+assert('testdata' not in e[ESP].data)
+
+* simulate the alteration of the packet before decryption
+e[ESP].seq += 1
+
+* integrity verification should fail
+try:
+    d = sa.decrypt(e)
+    assert(False)
+except IPSecIntegrityError, err:
+    err
+
 #######################################
 = IPv4 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96

@@ -1595,6 +1668,80 @@ assert('testdata' not in e[ESP].data)
 * simulate the alteration of the packet before decryption
 e[ESP].seq += 1

+* integrity verification should fail
+try:
+    d = sa.decrypt(e)
+    assert(False)
+except IPSecIntegrityError, err:
+    err
+
+#######################################
+= IPv4 / ESP - Tunnel - AES-CCM - NULL
+~ combined_modes_ccm
+
+p = IP(src='1.1.1.1', dst='2.2.2.2')
+p /= TCP(sport=45012, dport=80)
+p /= Raw('testdata')
+p = IP(str(p))
+p
+
+sa = SecurityAssociation(ESP, spi=0x222,
+                         crypt_algo='AES-CCM', crypt_key='16bytekey3bytenonce',
+                         auth_algo='NULL', auth_key=None,
+                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
+
+e = sa.encrypt(p)
+e
+
+assert(isinstance(e, IP))
+* after encryption packet should be encapsulated with the given ip tunnel header
+assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
+assert(e.chksum != p.chksum)
+assert(e.proto == socket.IPPROTO_ESP)
+assert(e.haslayer(ESP))
+assert(not e.haslayer(TCP))
+assert(e[ESP].spi == sa.spi)
+* after encryption the original packet payload should NOT be readable
+assert('testdata' not in e[ESP].data)
+
+d = sa.decrypt(e)
+d
+
+* after decryption original packet should be preserved
+assert(d == p)
+
+#######################################
+= IPv4 / ESP - Tunnel - AES-CCM - NULL
+~ combined_modes_ccm
+
+p = IP(src='1.1.1.1', dst='2.2.2.2')
+p /= TCP(sport=45012, dport=80)
+p /= Raw('testdata')
+p = IP(str(p))
+p
+
+sa = SecurityAssociation(ESP, spi=0x222,
+                         crypt_algo='AES-CCM', crypt_key='16bytekey3bytenonce',
+                         auth_algo='NULL', auth_key=None,
+                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
+
+e = sa.encrypt(p)
+e
+
+assert(isinstance(e, IP))
+* after encryption packet should be encapsulated with the given ip tunnel header
+assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
+assert(e.chksum != p.chksum)
+assert(e.proto == socket.IPPROTO_ESP)
+assert(e.haslayer(ESP))
+assert(not e.haslayer(TCP))
+assert(e[ESP].spi == sa.spi)
+* after encryption the original packet payload should NOT be readable
+assert('testdata' not in e[ESP].data)
+
+* simulate the alteration of the packet before decryption
+e[ESP].seq += 1
+
 * integrity verification should fail
 try:
    d = sa.decrypt(e)
@@ -2490,76 +2637,71 @@ d
 assert(d[TCP] == p[TCP])

 #######################################
-= IPv4 / ESP - Tunnel - AES-GCM - NULL
+= IPv6 / ESP - Transport - NULL - HMAC-SHA1-96

-p = IP(src='1.1.1.1', dst='2.2.2.2')
+p = IPv6(src='11::22', dst='22::11')
 p /= TCP(sport=45012, dport=80)
 p /= Raw('testdata')
-p = IP(str(p))
+p = IPv6(str(p))
 p

 sa = SecurityAssociation(ESP, spi=0x222,
-                         crypt_algo='AES-GCM', crypt_key='16bytekey+4bytenonce',
-                         auth_algo='NULL', auth_key=None,
-                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
+                         crypt_algo='NULL', crypt_key=None,
+                         auth_algo='HMAC-SHA1-96', auth_key='secret key')

 e = sa.encrypt(p)
 e

-assert(isinstance(e, IP))
-* after encryption packet should be encapsulated with the given ip tunnel header
-assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
-assert(e.chksum != p.chksum)
-assert(e.proto == socket.IPPROTO_ESP)
+assert(isinstance(e, IPv6))
+assert(e.src == '11::22' and e.dst == '22::11')
+assert(e.nh == socket.IPPROTO_ESP)
 assert(e.haslayer(ESP))
 assert(not e.haslayer(TCP))
 assert(e[ESP].spi == sa.spi)
-* after encryption the original packet payload should NOT be readable
-assert('testdata' not in e[ESP].data)
+assert('testdata' in e[ESP].data)

+* integrity verification should pass
 d = sa.decrypt(e)
-d

-* after decryption original packet should be preserved
-assert(d == p)
+* after decryption the original packet payload should be unaltered
+assert(d[TCP] == p[TCP])

 #######################################
-= IPv4 / ESP - Tunnel - AES-CCM - NULL
-~ combined_modes_ccm
+= IPv6 / ESP - Transport - NULL - HMAC-SHA1-96 - altered packet

-p = IP(src='1.1.1.1', dst='2.2.2.2')
+p = IPv6(src='11::22', dst='22::11')
 p /= TCP(sport=45012, dport=80)
 p /= Raw('testdata')
-p = IP(str(p))
+p = IPv6(str(p))
 p

 sa = SecurityAssociation(ESP, spi=0x222,
-                         crypt_algo='AES-CCM', crypt_key='16bytekey+4bytenonce',
-                         auth_algo='NULL', auth_key=None,
-                         tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'))
+                         crypt_algo='NULL', crypt_key=None,
+                         auth_algo='HMAC-SHA1-96', auth_key='secret key')

 e = sa.encrypt(p)
 e

-assert(isinstance(e, IP))
-* after encryption packet should be encapsulated with the given ip tunnel header
-assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22')
-assert(e.chksum != p.chksum)
-assert(e.proto == socket.IPPROTO_ESP)
+assert(isinstance(e, IPv6))
+assert(e.src == '11::22' and e.dst == '22::11')
+assert(e.nh == socket.IPPROTO_ESP)
 assert(e.haslayer(ESP))
 assert(not e.haslayer(TCP))
 assert(e[ESP].spi == sa.spi)
-* after encryption the original packet payload should NOT be readable
-assert('testdata' not in e[ESP].data)
+assert('testdata' in e[ESP].data)

-d = sa.decrypt(e)
-d
+* simulate the alteration of the packet before decryption
+e[ESP].data = e[ESP].data.replace('\x01', '\x21')

-* after decryption original packet should be preserved
-assert(d == p)
+* integrity verification should fail
+try:
+    d = sa.decrypt(e)
+    assert(False)
+except IPSecIntegrityError, err:
+    err

 #######################################
-= IPv6 / ESP - Transport - NULL - HMAC-SHA1-96
+= IPv6 / ESP - Transport - AES-CBC - HMAC-SHA1-96

 p = IPv6(src='11::22', dst='22::11')
 p /= TCP(sport=45012, dport=80)
@@ -2568,7 +2710,7 @@ p = IPv6(str(p))
 p

 sa = SecurityAssociation(ESP, spi=0x222,
-                         crypt_algo='NULL', crypt_key=None,
+                         crypt_algo='AES-CBC', crypt_key='sixteenbytes key',
                         auth_algo='HMAC-SHA1-96', auth_key='secret key')

 e = sa.encrypt(p)
@@ -2580,16 +2722,17 @@ assert(e.nh == socket.IPPROTO_ESP)
 assert(e.haslayer(ESP))
 assert(not e.haslayer(TCP))
 assert(e[ESP].spi == sa.spi)
-assert('testdata' in e[ESP].data)
+* after encryption the original packet payload should NOT be readable
+assert('testdata' not in e[ESP].data)

-* integrity verification should pass
 d = sa.decrypt(e)
+d

 * after decryption the original packet payload should be unaltered
 assert(d[TCP] == p[TCP])

 #######################################
-= IPv6 / ESP - Transport - NULL - HMAC-SHA1-96 - altered packet
+= IPv6 / ESP - Transport - AES-CBC - HMAC-SHA1-96 - altered packet

 p = IPv6(src='11::22', dst='22::11')
 p /= TCP(sport=45012, dport=80)
@@ -2598,7 +2741,7 @@ p = IPv6(str(p))
 p

 sa = SecurityAssociation(ESP, spi=0x222,
-                         crypt_algo='NULL', crypt_key=None,
+                         crypt_algo='AES-CBC', crypt_key='sixteenbytes key',
                         auth_algo='HMAC-SHA1-96', auth_key='secret key')

 e = sa.encrypt(p)
@@ -2610,10 +2753,11 @@ assert(e.nh == socket.IPPROTO_ESP)
 assert(e.haslayer(ESP))
 assert(not e.haslayer(TCP))
 assert(e[ESP].spi == sa.spi)
-assert('testdata' in e[ESP].data)
+* after encryption the original packet payload should NOT be readable
+assert('testdata' not in e[ESP].data)

 * simulate the alteration of the packet before decryption
-e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21')
+e[ESP].seq += 1

 * integrity verification should fail
 try:
@@ -2623,7 +2767,7 @@ except IPSecIntegrityError, err:
    err

 #######################################
-= IPv6 / ESP - Transport - AES-CBC - HMAC-SHA1-96
+= IPv6 / ESP - Transport - AES-GCM - NULL

 p = IPv6(src='11::22', dst='22::11')
 p /= TCP(sport=45012, dport=80)
@@ -2632,8 +2776,8 @@ p = IPv6(str(p))
 p

 sa = SecurityAssociation(ESP, spi=0x222,
-                         crypt_algo='AES-CBC', crypt_key='sixteenbytes key',
-                         auth_algo='HMAC-SHA1-96', auth_key='secret key')
+                         crypt_algo='AES-GCM', crypt_key='16bytekey+4bytenonce',
+                         auth_algo='NULL', auth_key=None)

 e = sa.encrypt(p)
 e
@@ -2650,11 +2794,11 @@ assert('testdata' not in e[ESP].data)
 d = sa.decrypt(e)
 d

-* after decryption the original packet payload should be unaltered
+* after decryption original packet should be preserved
 assert(d[TCP] == p[TCP])

 #######################################
-= IPv6 / ESP - Transport - AES-CBC - HMAC-SHA1-96 - altered packet
+= IPv6 / ESP - Transport - AES-GCM - NULL - altered packet

 p = IPv6(src='11::22', dst='22::11')
 p /= TCP(sport=45012, dport=80)
@@ -2663,8 +2807,8 @@ p = IPv6(str(p))
 p

 sa = SecurityAssociation(ESP, spi=0x222,
-                         crypt_algo='AES-CBC', crypt_key='sixteenbytes key',
-                         auth_algo='HMAC-SHA1-96', auth_key='secret key')
+                         crypt_algo='AES-GCM', crypt_key='16bytekey+4bytenonce',
+                         auth_algo='NULL', auth_key=None)

 e = sa.encrypt(p)
 e
@@ -2689,7 +2833,8 @@ except IPSecIntegrityError, err:
    err

 #######################################
-= IPv6 / ESP - Transport - AES-GCM - NULL
+= IPv6 / ESP - Transport - AES-CCM - NULL
+~ combined_modes_ccm

 p = IPv6(src='11::22', dst='22::11')
 p /= TCP(sport=45012, dport=80)
@@ -2698,7 +2843,7 @@ p = IPv6(str(p))
 p

 sa = SecurityAssociation(ESP, spi=0x222,
-                         crypt_algo='AES-GCM', crypt_key='16bytekey+4bytenonce',
+                         crypt_algo='AES-CCM', crypt_key='16bytekey3bytenonce',
                         auth_algo='NULL', auth_key=None)

 e = sa.encrypt(p)
@@ -2720,7 +2865,8 @@ d
 assert(d[TCP] == p[TCP])

 #######################################
-= IPv6 / ESP - Transport - AES-GCM - NULL - altered packet
+= IPv6 / ESP - Transport - AES-CCM - NULL - altered packet
+~ combined_modes_ccm

 p = IPv6(src='11::22', dst='22::11')
 p /= TCP(sport=45012, dport=80)
@@ -2729,7 +2875,7 @@ p = IPv6(str(p))
 p

 sa = SecurityAssociation(ESP, spi=0x222,
-                         crypt_algo='AES-GCM', crypt_key='16bytekey+4bytenonce',
+                         crypt_algo='AES-CCM', crypt_key='16bytekey3bytenonce',
                         auth_algo='NULL', auth_key=None)

 e = sa.encrypt(p)
@@ -3028,6 +3174,77 @@ try:
 except IPSecIntegrityError, err:
    err

+#######################################
+= IPv6 / ESP - Tunnel - AES-CCM - NULL
+~ combined_modes_ccm
+
+p = IPv6(src='11::22', dst='22::11')
+p /= TCP(sport=45012, dport=80)
+p /= Raw('testdata')
+p = IPv6(str(p))
+p
+
+sa = SecurityAssociation(ESP, spi=0x222,
+                         crypt_algo='AES-CCM', crypt_key='16bytekey3bytenonce',
+                         auth_algo='NULL', auth_key=None,
+                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
+
+e = sa.encrypt(p)
+e
+
+assert(isinstance(e, IPv6))
+assert(e.src == '11::22' and e.dst == '22::11')
+assert(e.nh == socket.IPPROTO_ESP)
+assert(e.haslayer(ESP))
+assert(not e.haslayer(TCP))
+assert(e[ESP].spi == sa.spi)
+* after encryption the original packet payload should NOT be readable
+assert('testdata' not in e[ESP].data)
+
+d = sa.decrypt(e)
+d
+
+* after decryption original packet should be preserved
+assert(d[TCP] == p[TCP])
+
+#######################################
+= IPv6 / ESP - Tunnel - AES-CCM - NULL - altered packet
+~ combined_modes_ccm
+
+p = IPv6(src='11::22', dst='22::11')
+p /= TCP(sport=45012, dport=80)
+p /= Raw('testdata')
+p = IPv6(str(p))
+p
+
+sa = SecurityAssociation(ESP, spi=0x222,
+                         crypt_algo='AES-CCM', crypt_key='16bytekey3bytenonce',
+                         auth_algo='NULL', auth_key=None,
+                         tunnel_header=IPv6(src='aa::bb', dst='bb::aa'))
+
+e = sa.encrypt(p)
+e
+
+assert(isinstance(e, IPv6))
+assert(e.src == '11::22' and e.dst == '22::11')
+assert(e.nh == socket.IPPROTO_ESP)
+assert(e.haslayer(ESP))
+assert(not e.haslayer(TCP))
+assert(e[ESP].spi == sa.spi)
+* after encryption the original packet payload should NOT be readable
+assert('testdata' not in e[ESP].data)
+
+* simulate the alteration of the packet before decryption
+e[ESP].seq += 1
+
+* integrity verification should fail
+try:
+    d = sa.decrypt(e)
+    assert(False)
+except IPSecIntegrityError, err:
+    err
+
+#######################################
 ###############################################################################
 + IPv6 / AH


--- a/test/tls.uts
+++ b/test/tls.uts
@@ -491,7 +491,6 @@ _all_aes_cbc_tests()

 + Test AES-GCM
 = Crypto - AES cipher in GCM mode, auth_encrypt() and auth_decrypt() checks
-~ combined_modes
 #https://tools.ietf.org/html/draft-mcgrew-gcm-test-01

 class _aes128gcm_test_1:
@@ -578,63 +577,63 @@ _all_aes_gcm_tests()


 #XXX CCM remains to be added to the cryptography library
-#+ Test AES-CCM
-#= Crypto - AES cipher in CCM mode, checks from IEEE P1619.1
-#~ combined_modes
-#
-#class _aes256ccm_test_1:
-#    k= b"\0"*32
-#    n= b"\0"*12
-#    p= b"\0"*16
-#    a= ""
-#    ct=(b"\xc1\x94\x40\x44\xc8\xe7\xaa\x95\xd2\xde\x95\x13\xc7\xf3\xdd\x8c" +
-#       b"\x4b\x0a\x3e\x5e\x51\xf1\x51\xeb\x0f\xfa\xe7\xc4\x3d\x01\x0f\xdb")
-#
-#class _aes256ccm_test_2:
-#    k=(b"\xfb\x76\x15\xb2\x3d\x80\x89\x1d\xd4\x70\x98\x0b\xc7\x95\x84\xc8" +
-#       b"\xb2\xfb\x64\xce\x60\x97\x87\x8d\x17\xfc\xe4\x5a\x49\xe8\x30\xb7")
-#    n= b"\xdb\xd1\xa3\x63\x60\x24\xb7\xb4\x02\xda\x7d\x6f"
-#    p= b"\xa9"
-#    a= b"\x36"
-#    ct=b"\x9d\x32\x61\xb1\xcf\x93\x14\x31\xe9\x9a\x32\x80\x67\x38\xec\xbd\x2a"
-#
-#class _aes256ccm_test_3:
-#    k=(b"\xfb\x76\x15\xb2\x3d\x80\x89\x1d\xd4\x70\x98\x0b\xc7\x95\x84\xc8" +
-#       b"\xb2\xfb\x64\xce\x60\x97\x8f\x4d\x17\xfc\xe4\x5a\x49\xe8\x30\xb7")
-#    n= b"\xdb\xd1\xa3\x63\x60\x24\xb7\xb4\x02\xda\x7d\x6f"
-#    p= b"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e"
-#    a= ""
-#    ct=(b"\xcc\x88\x12\x61\xc6\xa7\xfa\x72\xb9\x6a\x17\x39\x17\x6b\x27\x7f" +
-#       b"\x34\x72\xe1\x14\x5f\x2c\x0c\xbe\x14\x63\x49\x06\x2c\xf0\xe4\x23")
-#
-#class _aes256ccm_test_4:
-#    k=(b"\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" +
-#       b"\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f")
-#    n= b"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b"
-#    p=(b"\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" +
-#       b"\x30\x31\x32\x33\x34\x35\x36\x37")
-#    a=(b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" +
-#       b"\x10\x11\x12\x13")
-#    ct=(b"\x04\xf8\x83\xae\xb3\xbd\x07\x30\xea\xf5\x0b\xb6\xde\x4f\xa2\x21" +
-#       b"\x20\x34\xe4\xe4\x1b\x0e\x75\xe5\x9b\xba\x3f\x3a\x10\x7f\x32\x39" +
-#       b"\xbd\x63\x90\x29\x23\xf8\x03\x71")
-#
-#def _all_aes_ccm_tests():
-#    from scapy.layers.tls.crypto.cipher_aead import Cipher_AES_256_CCM
-#    res = True
-#    ciphers = []
-#    for t in [_aes256ccm_test_1, _aes256ccm_test_2,
-#              _aes256ccm_test_3, _aes256ccm_test_4]:
-#        c = Cipher_AES_256_CCM(key=t.k, salt=t.n[:4],
-#                               nonce_explicit_init=pkcs_os2ip(t.n[4:]))
-#        ne = t.n[-c.nonce_explicit_len:]
-#        tup = ne, t.p, t.ct[-c.tag_len:]
-#        tmp1 = c.auth_decrypt(t.a, ne + t.ct, add_length=False) == tup
-#        tmp2 = c.auth_encrypt(t.p, t.a) == (ne + t.ct)
-#        res = res and tmp1 and tmp2
-#    return res
-#
-#_all_aes_ccm_tests()
+ Test AES-CCM
+= Crypto - AES cipher in CCM mode, checks from IEEE P1619.1
+~ combined_modes_ccm
+
+class _aes256ccm_test_1:
+    k= b"\0"*32
+    n= b"\0"*12
+    p= b"\0"*16
+    a= ""
+    ct=(b"\xc1\x94\x40\x44\xc8\xe7\xaa\x95\xd2\xde\x95\x13\xc7\xf3\xdd\x8c" +
+       b"\x4b\x0a\x3e\x5e\x51\xf1\x51\xeb\x0f\xfa\xe7\xc4\x3d\x01\x0f\xdb")
+
+class _aes256ccm_test_2:
+    k=(b"\xfb\x76\x15\xb2\x3d\x80\x89\x1d\xd4\x70\x98\x0b\xc7\x95\x84\xc8" +
+       b"\xb2\xfb\x64\xce\x60\x97\x87\x8d\x17\xfc\xe4\x5a\x49\xe8\x30\xb7")
+    n= b"\xdb\xd1\xa3\x63\x60\x24\xb7\xb4\x02\xda\x7d\x6f"
+    p= b"\xa9"
+    a= b"\x36"
+    ct=b"\x9d\x32\x61\xb1\xcf\x93\x14\x31\xe9\x9a\x32\x80\x67\x38\xec\xbd\x2a"
+
+class _aes256ccm_test_3:
+    k=(b"\xfb\x76\x15\xb2\x3d\x80\x89\x1d\xd4\x70\x98\x0b\xc7\x95\x84\xc8" +
+       b"\xb2\xfb\x64\xce\x60\x97\x8f\x4d\x17\xfc\xe4\x5a\x49\xe8\x30\xb7")
+    n= b"\xdb\xd1\xa3\x63\x60\x24\xb7\xb4\x02\xda\x7d\x6f"
+    p= b"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e"
+    a= ""
+    ct=(b"\xcc\x88\x12\x61\xc6\xa7\xfa\x72\xb9\x6a\x17\x39\x17\x6b\x27\x7f" +
+       b"\x34\x72\xe1\x14\x5f\x2c\x0c\xbe\x14\x63\x49\x06\x2c\xf0\xe4\x23")
+
+class _aes256ccm_test_4:
+    k=(b"\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" +
+       b"\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f")
+    n= b"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b"
+    p=(b"\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" +
+       b"\x30\x31\x32\x33\x34\x35\x36\x37")
+    a=(b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" +
+       b"\x10\x11\x12\x13")
+    ct=(b"\x04\xf8\x83\xae\xb3\xbd\x07\x30\xea\xf5\x0b\xb6\xde\x4f\xa2\x21" +
+       b"\x20\x34\xe4\xe4\x1b\x0e\x75\xe5\x9b\xba\x3f\x3a\x10\x7f\x32\x39" +
+       b"\xbd\x63\x90\x29\x23\xf8\x03\x71")
+
+def _all_aes_ccm_tests():
+    from scapy.layers.tls.crypto.cipher_aead import Cipher_AES_256_CCM
+    res = True
+    ciphers = []
+    for t in [_aes256ccm_test_1, _aes256ccm_test_2,
+              _aes256ccm_test_3, _aes256ccm_test_4]:
+        c = Cipher_AES_256_CCM(key=t.k, salt=t.n[:4],
+                               nonce_explicit_init=pkcs_os2ip(t.n[4:]))
+        ne = t.n[-c.nonce_explicit_len:]
+        tup = ne, t.p, t.ct[-c.tag_len:]
+        tmp1 = c.auth_decrypt(t.a, ne + t.ct, add_length=False) == tup
+        tmp2 = c.auth_encrypt(t.p, t.a) == (ne + t.ct)
+        res = res and tmp1 and tmp2
+    return res
+
+_all_aes_ccm_tests()


 + Test camellia