So a colleague of mine added a new AES-CCM cipher suite to TLS and I've been trying to figure out how to validate it. NIST 800-38C has test cases, but not only can I not get those inputs in to a TLS session, it also seems like OpenSSL has a special use of the AAD field that I have to take into consideration when calling the CCM functions in e_aes.c in my attempt to simulate a TLS session. And using the EVP interface doesn't exercise the CCM code in the same way as a TLS session does, so using the EVP test functions doesn't help either.
Is there an established way to test the TLS cipher suites short of testing OpenSSL against itself? Is there a straightforward way of using the inputs given in NIST 800-38C and verifying the expected ciphertext? Regards, Paul Muschick
