From f0e785a43071bb45a7c50c5da0bf7d8e76c9c074 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C3=ABtan=20Harter?= Date: Wed, 22 Nov 2017 14:31:38 +0100 Subject: [PATCH 1/3] crypto/ccm: check ccm_compute_adata_mac return value Return value was ignored but function could fail --- sys/crypto/modes/ccm.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/crypto/modes/ccm.c b/sys/crypto/modes/ccm.c index 657c76b47e..7f118ed6ac 100644 --- a/sys/crypto/modes/ccm.c +++ b/sys/crypto/modes/ccm.c @@ -167,7 +167,10 @@ int cipher_encrypt_ccm(cipher_t* cipher, uint8_t* auth_data, uint32_t auth_data_ } /* MAC calulation (T) with additional data and plaintext */ - ccm_compute_adata_mac(cipher, auth_data, auth_data_len, mac_iv); + len = ccm_compute_adata_mac(cipher, auth_data, auth_data_len, mac_iv); + if (len < 0) { + return len; + } len = ccm_compute_cbc_mac(cipher, mac_iv, input, input_len, mac); if (len < 0) { return len; @@ -245,7 +248,10 @@ int cipher_decrypt_ccm(cipher_t* cipher, uint8_t* auth_data, } /* MAC calulation (T) with additional data and plaintext */ - ccm_compute_adata_mac(cipher, auth_data, auth_data_len, mac_iv); + len = ccm_compute_adata_mac(cipher, auth_data, auth_data_len, mac_iv); + if (len < 0) { + return len; + } len = ccm_compute_cbc_mac(cipher, mac_iv, plain, plain_len, mac); if (len < 0) { return len; From 3fd8276c37bae159d404f14d57f8e52d68c1cd43 Mon Sep 17 00:00:00 2001 From: Wentao Shang Date: Mon, 6 Mar 2017 20:35:43 -0800 Subject: [PATCH 2/3] crypto/ccm: fix auth_data_len upperbound value RFC3610 states that len_encoding is only valid for "0x0001 ... 0xFEFF" If 0 < l(a) < (2^16 - 2^8), then the length field is encoded as two octets which contain the value l(a) in most-significant-byte first order. --- sys/crypto/modes/ccm.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sys/crypto/modes/ccm.c b/sys/crypto/modes/ccm.c index 7f118ed6ac..6c7d1e7ba4 100644 --- a/sys/crypto/modes/ccm.c +++ b/sys/crypto/modes/ccm.c @@ -108,13 +108,17 @@ int ccm_compute_adata_mac(cipher_t* cipher, uint8_t* auth_data, /* 16 octet block size + max. 10 len encoding */ uint8_t auth_data_encoded[26], len_encoding = 0; - if ( auth_data_len < (((uint32_t) 2) << 16)) { /* length (0x0001 ... 0xFEFF) */ + /* If 0 < l(a) < (2^16 - 2^8), then the length field is encoded as two + * octets. (RFC3610 page 2) + */ + if (auth_data_len <= 0xFEFF) { + /* length (0x0001 ... 0xFEFF) */ len_encoding = 2; auth_data_encoded[1] = auth_data_len & 0xFF; auth_data_encoded[0] = (auth_data_len >> 8) & 0xFF; } else { - DEBUG("UNSUPPORTED Adata length\n"); + DEBUG("UNSUPPORTED Adata length: %" PRIu32 "\n", auth_data_len); return -1; } From 147390c2093b0b010e9b53fbb984362148f26f7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C3=ABtan=20Harter?= Date: Wed, 22 Nov 2017 14:44:19 +0100 Subject: [PATCH 3/3] tests/ccm: add test for auth_data_len upper value Maximal supported value is 0xFEFF. --- tests/unittests/tests-crypto/tests-crypto-modes-ccm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/unittests/tests-crypto/tests-crypto-modes-ccm.c b/tests/unittests/tests-crypto/tests-crypto-modes-ccm.c index 1fe20e7972..c9151d9ef5 100644 --- a/tests/unittests/tests-crypto/tests-crypto-modes-ccm.c +++ b/tests/unittests/tests-crypto/tests-crypto-modes-ccm.c @@ -246,6 +246,10 @@ static void test_crypto_modes_ccm_check_len(void) ret = _test_ccm_len(cipher_decrypt_ccm, 8, einput, 16, 0); TEST_ASSERT_MESSAGE(ret > 0, "Decryption : failed with valid input_len"); + + /* ccm library does not support auth_data_len > 0xFEFF */ + ret = _test_ccm_len(cipher_encrypt_ccm, 2, NULL, 0, 0xFEFF + 1); + TEST_ASSERT_EQUAL_INT(-1, ret); }