diff options
-rw-r--r-- | doc/relnotes/1_11_10.rst | 5 | ||||
-rw-r--r-- | src/lib/modes/aead/ccm/ccm.cpp | 2 | ||||
-rw-r--r-- | src/tests/data/aead/ccm.vec | 7 |
3 files changed, 13 insertions, 1 deletions
diff --git a/doc/relnotes/1_11_10.rst b/doc/relnotes/1_11_10.rst index 14ff7a3c8..3e5c6d55d 100644 --- a/doc/relnotes/1_11_10.rst +++ b/doc/relnotes/1_11_10.rst @@ -1,6 +1,11 @@ Version 1.11.10, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* Fixed a bug in CCM mode which caused it to produce incorrect tags + when used with a value of L other than 2. This affected CCM TLS + ciphersuites, which use L=3. Thanks to Manuel Pégourié-Gonnard for + the anaylsis and patch. Bugzilla 270. + * The Miller-Rabin primality test function now takes a parameter allowing the user to directly specify the maximum false negative probability they are willing to accept. diff --git a/src/lib/modes/aead/ccm/ccm.cpp b/src/lib/modes/aead/ccm/ccm.cpp index 50fc38738..7fd92e149 100644 --- a/src/lib/modes/aead/ccm/ccm.cpp +++ b/src/lib/modes/aead/ccm/ccm.cpp @@ -118,7 +118,7 @@ void CCM_Mode::encode_length(size_t len, byte out[]) BOTAN_ASSERT(len_bytes < sizeof(size_t), "Length field fits"); for(size_t i = 0; i != len_bytes; ++i) - out[i] = get_byte(sizeof(size_t)-i, len); + out[len_bytes-1-i] = get_byte(sizeof(size_t)-1-i, len); BOTAN_ASSERT((len >> (len_bytes*8)) == 0, "Message length fits in field"); } diff --git a/src/tests/data/aead/ccm.vec b/src/tests/data/aead/ccm.vec index fcea4ea26..23a74aec2 100644 --- a/src/tests/data/aead/ccm.vec +++ b/src/tests/data/aead/ccm.vec @@ -41,3 +41,10 @@ In = B506A6BA900C1147C806775324B36EB376AA01D4C3EEF6F5 AD = 6A59AACADD416E465264C15E1A1E9BFA084687492710F9BDA832E2571E468224 Out = 14B14FE5B317411392861638EC383AE40BA95FEFE34255DC2EC067887114BC370281DE6F00836CE4 +[AES-128/CCM(16,3)] +# NIST CAVS 11.0, "CCM-VNT" information, AES Keylen: 128, Count = 50 +Key = 005E8F4D8E0CBF4E1CEEB5D87A275848 +Nonce = 0EC3AC452B547B9062AAC8FA +In = B6F345204526439DAF84998F380DCFB4B4167C959C04FF65 +AD = 2F1821AA57E5278FFD33C17D46615B77363149DBC98470413F6543A6B749F2CA +Out = 9575E16F35DA3C88A19C26A7B762044F4D7BBBAFEFF05D754829E2A7752FA3A14890972884B511D8 |