Is there any instance of NIST or other encryption standards using AES-CCM to encrypt/authenticate key data? I would like to use CCM over a keywrap function, but cannot find any precedent for this in cryptography standards.
If by design I guarantee that: (1) Nonce data will not be reused (2) The encrypting "transport" key will not be available to users for the encryption/decryption of non-key material
Are there any security vulnerabilities that make CCM a bad choice?