diff --git a/sys/crypto/modes/ccm.c b/sys/crypto/modes/ccm.c index 3f5a428820..322a568fd3 100644 --- a/sys/crypto/modes/ccm.c +++ b/sys/crypto/modes/ccm.c @@ -43,6 +43,12 @@ static int ccm_compute_cbc_mac(cipher_t *cipher, const uint8_t iv[16], block_size = cipher_get_block_size(cipher); memmove(mac, iv, 16); offset = 0; + + /* no input message */ + if(length == 0) { + return 0; + } + do { uint8_t block_size_input = (length - offset > block_size) ? block_size : length - offset; diff --git a/sys/include/crypto/modes/ccm.h b/sys/include/crypto/modes/ccm.h index 4c81593ae7..9900b8407e 100644 --- a/sys/include/crypto/modes/ccm.h +++ b/sys/include/crypto/modes/ccm.h @@ -57,10 +57,12 @@ extern "C" { * @param nonce_len Length of the nonce in octets * (maximum: 15-length_encoding) * @param input pointer to input data to encrypt - * @param input_len length of the input data, max 2^32 + * @param input_len length of the input data, [0, 2^32] * @param output pointer to allocated memory for encrypted data. It * has to be of size data_len + mac_length. - * @return Length of encrypted data on a successful encryption + * + * @return Length of encrypted data on a successful encryption, + * can be 0 if input_len=0 (no plaintext) * @return A negative error code if something went wrong */ int cipher_encrypt_ccm(cipher_t *cipher, @@ -85,11 +87,12 @@ int cipher_encrypt_ccm(cipher_t *cipher, * @param nonce_len Length of the nonce in octets * (maximum: 15-length_encoding) * @param input pointer to input data to decrypt - * @param input_len length of the input data, max 2^32 + * @param input_len length of the input data, [0, 2^32] * @param output pointer to allocated memory for decrypted data. It * has to be of size data_len - mac_length. * - * @return Length of the decrypted data on a successful decryption + * @return Length of the decrypted data on a successful decryption, + * can be 0 if only auth_data and MAC is present. * @return A negative error code if something went wrong */ int cipher_decrypt_ccm(cipher_t *cipher,