From 3fd8276c37bae159d404f14d57f8e52d68c1cd43 Mon Sep 17 00:00:00 2001
From: Wentao Shang <wentaoshang@gmail.com>
Date: Mon, 6 Mar 2017 20:35:43 -0800
Subject: [PATCH] crypto/ccm: fix auth_data_len upperbound value

RFC3610 states that len_encoding is only valid for "0x0001 ... 0xFEFF"

   If 0 < l(a) < (2^16 - 2^8), then the length field is encoded as two
   octets which contain the value l(a) in most-significant-byte first
   order.
---
 sys/crypto/modes/ccm.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/sys/crypto/modes/ccm.c b/sys/crypto/modes/ccm.c
index 7f118ed6ac..6c7d1e7ba4 100644
--- a/sys/crypto/modes/ccm.c
+++ b/sys/crypto/modes/ccm.c
@@ -108,13 +108,17 @@ int ccm_compute_adata_mac(cipher_t* cipher, uint8_t* auth_data,
         /* 16 octet block size + max. 10 len encoding  */
         uint8_t auth_data_encoded[26], len_encoding = 0;
 
-        if ( auth_data_len < (((uint32_t) 2) << 16)) {       /* length (0x0001 ... 0xFEFF)  */
+        /* If 0 < l(a) < (2^16 - 2^8), then the length field is encoded as two
+         * octets. (RFC3610 page 2)
+         */
+        if (auth_data_len <= 0xFEFF) {
+            /* length (0x0001 ... 0xFEFF)  */
             len_encoding = 2;
 
             auth_data_encoded[1] = auth_data_len & 0xFF;
             auth_data_encoded[0] = (auth_data_len >> 8) & 0xFF;
         } else {
-            DEBUG("UNSUPPORTED Adata length\n");
+            DEBUG("UNSUPPORTED Adata length: %" PRIu32 "\n", auth_data_len);
             return -1;
         }
 
-- 
GitLab