aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/relnotes/1_11_10.rst5
-rw-r--r--src/lib/modes/aead/ccm/ccm.cpp2
-rw-r--r--src/tests/data/aead/ccm.vec7
3 files changed, 13 insertions, 1 deletions
diff --git a/doc/relnotes/1_11_10.rst b/doc/relnotes/1_11_10.rst
index 14ff7a3c8..3e5c6d55d 100644
--- a/doc/relnotes/1_11_10.rst
+++ b/doc/relnotes/1_11_10.rst
@@ -1,6 +1,11 @@
Version 1.11.10, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+* Fixed a bug in CCM mode which caused it to produce incorrect tags
+ when used with a value of L other than 2. This affected CCM TLS
+ ciphersuites, which use L=3. Thanks to Manuel Pégourié-Gonnard for
+ the anaylsis and patch. Bugzilla 270.
+
* The Miller-Rabin primality test function now takes a parameter
allowing the user to directly specify the maximum false negative
probability they are willing to accept.
diff --git a/src/lib/modes/aead/ccm/ccm.cpp b/src/lib/modes/aead/ccm/ccm.cpp
index 50fc38738..7fd92e149 100644
--- a/src/lib/modes/aead/ccm/ccm.cpp
+++ b/src/lib/modes/aead/ccm/ccm.cpp
@@ -118,7 +118,7 @@ void CCM_Mode::encode_length(size_t len, byte out[])
BOTAN_ASSERT(len_bytes < sizeof(size_t), "Length field fits");
for(size_t i = 0; i != len_bytes; ++i)
- out[i] = get_byte(sizeof(size_t)-i, len);
+ out[len_bytes-1-i] = get_byte(sizeof(size_t)-1-i, len);
BOTAN_ASSERT((len >> (len_bytes*8)) == 0, "Message length fits in field");
}
diff --git a/src/tests/data/aead/ccm.vec b/src/tests/data/aead/ccm.vec
index fcea4ea26..23a74aec2 100644
--- a/src/tests/data/aead/ccm.vec
+++ b/src/tests/data/aead/ccm.vec
@@ -41,3 +41,10 @@ In = B506A6BA900C1147C806775324B36EB376AA01D4C3EEF6F5
AD = 6A59AACADD416E465264C15E1A1E9BFA084687492710F9BDA832E2571E468224
Out = 14B14FE5B317411392861638EC383AE40BA95FEFE34255DC2EC067887114BC370281DE6F00836CE4
+[AES-128/CCM(16,3)]
+# NIST CAVS 11.0, "CCM-VNT" information, AES Keylen: 128, Count = 50
+Key = 005E8F4D8E0CBF4E1CEEB5D87A275848
+Nonce = 0EC3AC452B547B9062AAC8FA
+In = B6F345204526439DAF84998F380DCFB4B4167C959C04FF65
+AD = 2F1821AA57E5278FFD33C17D46615B77363149DBC98470413F6543A6B749F2CA
+Out = 9575E16F35DA3C88A19C26A7B762044F4D7BBBAFEFF05D754829E2A7752FA3A14890972884B511D8