From 480a8bf076a4ecf52c3521d29a400f19e9421808 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C3=ABtan=20Harter?= Date: Mon, 20 Nov 2017 12:57:40 +0100 Subject: [PATCH] crypto/ccm: fix plaintext_len write plaintext_len should be written in MSB first order into bytes [16-L..15] both included and not ]16-L..15]. [RFC3610: 2.2 Authentication] --- sys/crypto/modes/ccm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/crypto/modes/ccm.c b/sys/crypto/modes/ccm.c index a3f5c080f3..3f5a428820 100644 --- a/sys/crypto/modes/ccm.c +++ b/sys/crypto/modes/ccm.c @@ -83,8 +83,8 @@ static int ccm_create_mac_iv(cipher_t *cipher, uint8_t auth_data_len, uint8_t M, /* copy nonce to B[1..15-L] */ memcpy(&X1[1], nonce, min(nonce_len, 15 - L)); - /* write plaintext_len to B[15..16-L] */ - for (uint8_t i = 15; i > 16 - L; --i) { + /* write plaintext_len to B[15..16-L] (reverse) */ + for (uint8_t i = 15; i > 16 - L - 1; --i) { X1[i] = plaintext_len & 0xff; plaintext_len >>= 8; }