crypto/ccm: fix input_len check

Maximum input_len depends only on length_encoding and not auth_data_len. The current length_max value was also wrong. RFC3610 page 2 3. The message m, consisting of a string of l(m) octets where 0 <= l(m) < 2^(8L). The length restriction ensures that l(m) can be encoded in a field of L octets.

crypto/ccm: fix input_len check
89023b34 · Wentao Shang · Gaëtan Harter · 9020767c · 89023b34
Unverified Commit 89023b34 authored 8 years ago by Wentao Shang Committed by Gaëtan Harter 6 years ago
--- a/sys/crypto/modes/ccm.c
+++ b/sys/crypto/modes/ccm.c
@@ -144,9 +144,8 @@ int cipher_encrypt_ccm(cipher_t* cipher, uint8_t* auth_data, uint32_t auth_data_
        return CCM_ERR_INVALID_MAC_LENGTH;
    }

-    length_max = 2 << (8 * length_encoding);
-    if (length_encoding < 2 || length_encoding > 8 ||
-            input_len - auth_data_len > length_max) {
+    length_max = 1 << (8 * length_encoding);
+    if (length_encoding < 2 || length_encoding > 8 || input_len >= length_max) {
        return CCM_ERR_INVALID_LENGTH_ENCODING;
    }

@@ -206,9 +205,8 @@ int cipher_decrypt_ccm(cipher_t* cipher, uint8_t* auth_data,
        return CCM_ERR_INVALID_MAC_LENGTH;
    }

-    length_max = 2 << (8 * length_encoding);
-    if (length_encoding < 2 || length_encoding > 8 ||
-            input_len - auth_data_len > length_max) {
+    length_max = 1 << (8 * length_encoding);
+    if (length_encoding < 2 || length_encoding > 8 || input_len >= length_max) {
        return CCM_ERR_INVALID_LENGTH_ENCODING;
    }