riot-ci/RIOT
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto/ccm: fix auth_data_len upperbound value

Browse Source 
RFC3610 states that len_encoding is only valid for "0x0001 ... 0xFEFF"

   If 0 < l(a) < (2^16 - 2^8), then the length field is encoded as two
   octets which contain the value l(a) in most-significant-byte first
   order.
This commit is contained in:
Wentao Shang 2017-03-06 20:35:43 -08:00 committed by Gaëtan Harter
parent f0e785a430
commit 3fd8276c37
No known key found for this signature in database
GPG Key ID: 76DF6BCF1B1F883B
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/crypto/modes/ccm.c
View File

@ -108,13 +108,17 @@ int ccm_compute_adata_mac(cipher_t* cipher, uint8_t* auth_data,
/* 16 octet block size + max. 10 len encoding */ /* 16 octet block size + max. 10 len encoding */
uint8_t auth_data_encoded[26], len_encoding = 0; uint8_t auth_data_encoded[26], len_encoding = 0;
if ( auth_data_len < (((uint32_t) 2) << 16)) { /* length (0x0001 ... 0xFEFF) */ /* If 0 < l(a) < (2^16 - 2^8), then the length field is encoded as two
* octets. (RFC3610 page 2)
*/
if (auth_data_len <= 0xFEFF) {
/* length (0x0001 ... 0xFEFF) */
len_encoding = 2; len_encoding = 2;
auth_data_encoded[1] = auth_data_len & 0xFF; auth_data_encoded[1] = auth_data_len & 0xFF;
auth_data_encoded[0] = (auth_data_len >> 8) & 0xFF; auth_data_encoded[0] = (auth_data_len >> 8) & 0xFF;
} else { } else {
DEBUG("UNSUPPORTED Adata length\n"); DEBUG("UNSUPPORTED Adata length: %" PRIu32 "\n", auth_data_len);
return -1; return -1;
} }