Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why need to limit the `add` length? #1996

Closed
edison-ai opened this issue Aug 30, 2018 · 4 comments

Comments

Projects
None yet
4 participants
@edison-ai
Copy link

commented Aug 30, 2018

Description

  • Type: Question
  • Priority: Major

Question

In CCM, why need to limit the add length as below?

mbedtls/library/ccm.c

Lines 165 to 166 in 9ce5160

if( add_len > 0xFF00 )
return( MBEDTLS_ERR_CCM_BAD_INPUT );

Is there any SPEC to limit it? Could we remove that?

Thanks,
Edison

@edison-ai

This comment has been minimized.

Copy link
Author

commented Aug 30, 2018

No needed. Thanks.

@edison-ai edison-ai closed this Aug 30, 2018

@RonEld

This comment has been minimized.

Copy link
Contributor

commented Nov 22, 2018

According to RFC 3610:

If 0 < l(a) < (2^16 - 2^8), then the length field is encoded as two
octets which contain the value l(a) in most-significant-byte first
order.
If (2^16 - 2^8) <= l(a) < 2^32, then the length field is encoded as
six octets consisting of the octets 0xff, 0xfe, and four octets
encoding l(a) in most-significant-byte-first order.
If 2^32 <= l(a) < 2^64, then the length field is encoded as ten
octets consisting of the octets 0xff, 0xff, and eight octets encoding
l(a) in most-significant-byte-first order.

Mbed TLS has a limitation for the first case, but the tests should check this limitation only when MBEDTLS_CCM_ALT is not defined

@ciarmcom

This comment has been minimized.

Copy link
Member

commented Nov 22, 2018

ARM Internal Ref: IOTSSL-2640

@ciarmcom ciarmcom added the mirrored label Nov 22, 2018

RonEld added a commit to RonEld/mbedtls that referenced this issue Nov 25, 2018

Test AD too long only when CCM_ALT not defined
Since the AD too long is a limitation on Mbed TLS,
HW accelerators may support this. Run the test for AD too long,
only if `MBEDTLS_CCM_ALT` is not defined.
Addresses comment in ARMmbed#1996.

@RonEld RonEld referenced this issue Nov 25, 2018

Merged

Test AD too long only when CCM_ALT not defined #2228

3 of 4 tasks complete

RonEld added a commit to RonEld/mbedtls that referenced this issue Dec 19, 2018

Test AD too long only when CCM_ALT not defined
Since the AD too long is a limitation on Mbed TLS,
HW accelerators may support this. Run the test for AD too long,
only if `MBEDTLS_CCM_ALT` is not defined.
Addresses comment in ARMmbed#1996.
@sbutcher-arm

This comment has been minimized.

Copy link
Collaborator

commented Jan 11, 2019

PR #2228 has been merged. This issue can be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.