Fix error in CCM when L=8

GH #1631
author: Jack Lloyd <[email protected]> 2018-07-18 18:25:33 -0400
committer: Jack Lloyd <[email protected]> 2018-07-18 18:33:48 -0400
commit: cc2ccf2979c93d2c693eacbe5c94094685ff063a (patch)
tree: 0af8c8401f38d821a9d71146dd7e9ba541376ab5
parent: 7b3ba5dff5f62fc6152e9758daf3cc8f7323e7ed (diff)
3 files changed, 131 insertions, 6 deletions
diff --git a/src/lib/modes/aead/ccm/ccm.cpp b/src/lib/modes/aead/ccm/ccm.cpp
index 410bd6910..b5a68a72e 100644
--- a/src/lib/modes/aead/ccm/ccm.cpp
+++ b/src/lib/modes/aead/ccm/ccm.cpp
@@ -1,6 +1,6 @@
 /*
 * CCM Mode Encryption
-* (C) 2013 Jack Lloyd
+* (C) 2013,2018 Jack Lloyd
 * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
@@ -113,16 +113,17 @@ size_t CCM_Mode::process(uint8_t buf[], size_t sz)
    return 0; // no output until finished
    }
 
-void CCM_Mode::encode_length(size_t len, uint8_t out[])
+void CCM_Mode::encode_length(uint64_t len, uint8_t out[])
    {
    const size_t len_bytes = L();
 
-   BOTAN_ASSERT(len_bytes < sizeof(size_t), "Length field fits");
+   BOTAN_ASSERT_NOMSG(len_bytes >= 1 && len_bytes <= 8);
 
    for(size_t i = 0; i != len_bytes; ++i)
-      out[len_bytes-1-i] = get_byte(sizeof(size_t)-1-i, len);
+      out[len_bytes-1-i] = get_byte(sizeof(uint64_t)-1-i, len);
 
-   BOTAN_ASSERT((len >> (len_bytes*8)) == 0, "Message length fits in field");
+   if(len_bytes < 8 && (len >> (len_bytes*8)) > 0)
+      throw Encoding_Error("CCM message length too long to encode in L field");
    }
 
 void CCM_Mode::inc(secure_vector<uint8_t>& C)
diff --git a/src/lib/modes/aead/ccm/ccm.h b/src/lib/modes/aead/ccm/ccm.h
index 4d4fe73e2..b819ac76e 100644
--- a/src/lib/modes/aead/ccm/ccm.h
+++ b/src/lib/modes/aead/ccm/ccm.h
@@ -48,7 +48,7 @@ class BOTAN_PUBLIC_API(2,0) CCM_Mode : public AEAD_Mode
 
       const BlockCipher& cipher() const { return *m_cipher; }
 
-      void encode_length(size_t len, uint8_t out[]);
+      void encode_length(uint64_t len, uint8_t out[]);
 
       void inc(secure_vector<uint8_t>& C);
 
diff --git a/src/tests/data/aead/ccm.vec b/src/tests/data/aead/ccm.vec
index 23a74aec2..83aca12a2 100644
--- a/src/tests/data/aead/ccm.vec
+++ b/src/tests/data/aead/ccm.vec
@@ -48,3 +48,127 @@ Nonce = 0EC3AC452B547B9062AAC8FA
 In = B6F345204526439DAF84998F380DCFB4B4167C959C04FF65
 AD = 2F1821AA57E5278FFD33C17D46615B77363149DBC98470413F6543A6B749F2CA
 Out = 9575E16F35DA3C88A19C26A7B762044F4D7BBBAFEFF05D754829E2A7752FA3A14890972884B511D8
+
+[AES-128/CCM(4,8)]
+# SP 800-38C Example 1
+Key = 404142434445464748494a4b4c4d4e4f
+Nonce = 10111213141516
+AD = 0001020304050607
+In = 20212223
+Out = 7162015b4dac255d
+
+[AES-128/CCM(6,7)]
+# SP 800-38C Example 2
+Key = 404142434445464748494a4b4c4d4e4f
+Nonce = 1011121314151617
+AD = 000102030405060708090a0b0c0d0e0f
+In = 202122232425262728292a2b2c2d2e2f
+Out = d2a1f0e051ea5f62081a7792073d593d1fc64fbfaccd
+
+[AES-128/CCM(8,3)]
+# SP 800-38C Example 3
+Key = 404142434445464748494a4b4c4d4e4f
+Nonce = 101112131415161718191a1b
+AD = 000102030405060708090a0b0c0d0e0f10111213
+In = 202122232425262728292a2b2c2d2e2f3031323334353637
+Out = e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5484392fbc1b09951
+
+# From CVMC CAVS data Tue Mar 15 08:09:25 2011
+
+[AES-128/CCM(16,8)]
+Key = c0425ed20cd28fda67a2bcc0ab342a49
+Nonce = 37667f334dce90
+AD = 0b3e8d9785c74c8f41ea257d4d87495ffbbb335542b12e0d62bb177ec7a164d9
+In = 4f065a23eeca6b18d118e1de4d7e5ca1a7c0e556d786d407
+Out = 768fccdf4898bca099e33c3d40565497dec22dd6e33dcf4384d71be8565c21a455db45816da8158c
+
+[AES-128/CCM(16,7)]
+
+Key = 0b6256bd328a4cda2510d527c0f73ed4
+Nonce = 21fd9011d6d9484a
+AD = 66ff35c4f86ad7755b149e14e299034763023e7384f4af8c35277d2c7e1a7de2
+In = 78a292662b8e05abc2d44fbefd0840795e7493028015d9f2
+Out = 5a0be834c57b59d47a4590d8d19a1206d3c06e937a9b57f74034d9fdb43c3f48932aa72177b23bf6
+
+[AES-128/CCM(16,6)]
+
+Key = afdccc84f257cb768b7ad735edbd1990
+Nonce = b7776aa998f4d1189b
+AD = 9f9ac464de508b98e789243fdb32db458538f8a291ed93ddf8aeaacfbfc371aa
+In = 56d0942490e546798f30d3c60ad4e3e110fc04f5b1c1fa83
+Out = 96f124c74fd737819008ddef440320f4a3733d0062c83c893e259aecf12ba08f2a2e966a3341d6d4
+
+[AES-128/CCM(16,5)]
+
+Key = 6ccb68d3838d4ddf660b9cd904cad40f
+Nonce = c4fb7519a19f13d9d1fc
+AD = 092e64fef08b5655a86cdb8de63ffaa7772e8730844e9016141af8bad2216246
+In = 5ea35c082e2b190e9d98e6b2daad8672f587b4f2968072fc
+Out = cda5fe3d15d00150b99120c7f206b88a4c2c4a39ca9143425603ab284a73a38cc916f8b653c92ab4
+
+[AES-128/CCM(16,4)]
+
+Key = e6ab9e70a4fb51b01c2e262233e64c0d
+Nonce = 74e689eb5af9441dd690a6
+AD = 42f6518ee0fbe42f28e13b4bb2eb60517b37c9744394d9143393a879c3e107c7
+In = ba15916733550d7aa82b2f6b117cd3f54c83ddc16cd0288a
+Out = dcc151443288f35d39ed8fae6f0ce1d1eb656f4f7fd65c0b16f322ce85d7c54e71ac560fd4da9651
+
+[AES-128/CCM(16,3)]
+Key = 005e8f4d8e0cbf4e1ceeb5d87a275848
+Nonce = 0ec3ac452b547b9062aac8fa
+AD = 2f1821aa57e5278ffd33c17d46615b77363149dbc98470413f6543a6b749f2ca
+In = b6f345204526439daf84998f380dcfb4b4167c959c04ff65
+Out = 9575e16f35da3c88a19c26a7b762044f4d7bbbafeff05d754829e2a7752fa3a14890972884b511d8
+
+[AES-128/CCM(16,2)]
+Key = ac87fef3b76e725d66d905625a387e82
+Nonce = 61bf06b9fa5a450d094f3ddcb5
+AD = 0245484bcd987787fe97fda6c8ffb6e7058d7b8f7064f27514afaac4048767fd
+In = 959403e0771c21a416bd03f3898390e90d0a0899f69f9552
+Out = cabf8aa613d5357aa3e70173d43f1f202b628a61d18e8b572eb66bb8213a515aa61e5f0945cd57f4
+
+[AES-128/CCM(4,2)]
+
+Key = 43b1a6bc8d0d22d6d1ca95c18593cca5
+Nonce = 9882578e750b9682c6ca7f8f86
+AD = 2084f3861c9ad0ccee7c63a7e05aece5db8b34bd8724cc06b4ca99a7f9c4914f
+In = a2b381c7d1545c408fe29817a21dc435a154c87256346b05
+Out = cc69ed76985e0ed4c8365a72775e5a19bfccc71aeb116c85a8c74677
+
+[AES-128/CCM(6,2)]
+
+Key = 44e89189b815b4649c4e9b38c4275a5a
+Nonce = 374c83e94384061ac01963f88d
+AD = cd149d17dba7ec50000b8c5390d114697fafb61025301f4e3eaa9f4535718a08
+In = 8db6ae1eb959963931d1c5224f29ef50019d2b0db7f5f76f
+Out = df952dce0f843374d33da94c969eff07b7bc2418ca9ee01e32bc2ffa8600
+
+[AES-128/CCM(8,2)]
+Key = 368f35a1f80eaaacd6bb136609389727
+Nonce = 842a8445847502ea77363a16b6
+AD = 34396dfcfa6f742aea7040976bd596497a7a6fa4fb85ee8e4ca394d02095b7bf
+In = 1cccd55825316a94c5979e049310d1d717cdfb7624289dac
+Out = 1a58094f0e8c6035a5584bfa8d1009c5f78fd2ca487ff222f6d1d897d6051618
+
+[AES-128/CCM(10,2)]
+
+Key = 996a09a652fa6c82eae8be7886d7e75e
+Nonce = a8b3eb68f205a46d8f632c3367
+AD = c71620d0477c8137b77ec5c72ced4df3a1e987fd9af6b5b10853f0526d876cd5
+In = 84cdd7380f47524b86168ed95386faa402831f22045183d0
+Out = a7fbf9dd1b099ed3acf6bcbd0b6f7cae57bee99f9d084f826d86e69c07f053d1a607
+
+[AES-128/CCM(12,2)]
+Key = 3ee186594f110fb788a8bf8aa8be5d4a
+Nonce = 44f705d52acf27b7f17196aa9b
+AD = 2c16724296ff85e079627be3053ea95adf35722c21886baba343bd6c79b5cb57
+In = d71864877f2578db092daba2d6a1f9f4698a9c356c7830a1
+Out = b4dd74e7a0cc51aea45dfb401a41d5822c96901a83247ea0d6965f5aa6e31302a9cc2b36
+
+[AES-128/CCM(14,2)]
+Key = 7b2d52a5186d912cf6b83ace7740ceda
+Nonce = f47be3a2b019d1beededf5b80c
+AD = 76cf3522aff97a44b4edd0eef3b81e3ab3cd1ccc93a767a133afd508315f05ed
+In = ea384b081f60bb450808e0c20dc2914ae14a320612c3e1e8
+Out = 79070f33114a980dfd48215051e224dfd01471ac293242afddb36e37da1ee8a88a77d7f12cc6
author	Jack Lloyd <[email protected]>	2018-07-18 18:25:33 -0400
committer	Jack Lloyd <[email protected]>	2018-07-18 18:33:48 -0400
commit	cc2ccf2979c93d2c693eacbe5c94094685ff063a (patch)
tree	0af8c8401f38d821a9d71146dd7e9ba541376ab5
parent	7b3ba5dff5f62fc6152e9758daf3cc8f7323e7ed (diff)