New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix AES-CCM* to work with a_len up to 0xfeff and m_len up to 0xffff #1170
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Congrats!! I'm looking forward to using this update with large frames 👍 Leaving minor comments.
os/lib/ccm-star.c
Outdated
@@ -42,64 +42,68 @@ | |||
#include "lib/aes-128.h" | |||
#include <string.h> | |||
|
|||
/* see RFC 3610 */ | |||
#define CCM_STAR_AUTH_FLAGS(Adata, M) ((Adata ? (1u << 6) : 0) | (((M - 2u) >> 1) << 3) | 1u) | |||
/* As per RFC 3610. M == 2 (m_len is two bytes long) */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here, M == 2
should be L == 2
??
[Section 2, RFC 3610]
Name Description Size Encoding
---- ---------------------------------------- ------ --------
M Number of octets in authentication field 3 bits (M-2)/2
L Number of octets in length field 3 bits L-1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And, M
is always 2
in this implementation, which I'd mention here as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here,
M == 2
should beL == 2
??
Good point, fixing the comment
And,
M
is always2
in this implementation, which I'd mention here as well.
Hmm I don't think so: M is the MIC len, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess I was confused. Ignore the second point. Sorry for that (>_<)
uint8_t i; | ||
|
||
set_iv(x, CCM_STAR_AUTH_FLAGS(a_len, mic_len), nonce, m_len); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be nicer to check if the given mic_len
is valid?
[Section 2, RFC 3610]
For the generic CCM mode there are two parameter choices. The first
choice is M, the size of the authentication field. .... (snip) ...
Valid values are 4, 6, 8, 10, 12, 14, and 16 octets. The second
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
os/lib/hexconv.h
Outdated
#include <stdint.h> | ||
|
||
int hexconv_hexlify(const uint8_t *data, int data_len, | ||
char *text, int text_size); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
@@ -0,0 +1,2 @@ | |||
To generate test vectors, run: | |||
./generate-test-vectors.py > test-vectors.c |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add
pip install pycryptodome
or something to resolve the dependency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did that. Also, switched to python3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 I confirmed the code actually was able to run with Python 2 and Python 3 :-)
#include <stdio.h> | ||
#include <stdbool.h> | ||
|
||
#define MICLEN 8 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we have tests for MICLEN == 4
and MICLEN == 16
, which can be used in IEEE 802.15.4 as well (Table 9-4, IEEE 802.15.4-2015)
if [ -z $TIMEOUT ]; then | ||
printf "FAIL (%u seconds)\n" $SECONDS | tee -a $BASENAME.testlog; | ||
else | ||
printf "FAIL (%u seconds timeout)\n" $TIMEOUT | tee -a $BASENAME.testlog; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This works perfectly... I confirmed with the commit of 84e07a9. This is great!
-- Starting test 07-aes-ccm
* clean ... OK (6 seconds)
* compile ... OK (20 seconds)
* start ./test-aesccm.native ... OK (0/30 seconds)
* run ./test-aesccm.native ... FAIL (120 seconds timeout)
* run ./test-aesccm.native ... SKIP
-- Killing background jobs
kill -9 1827
../utils.sh: line 41: 1827 Killed $TEST &> $RUNLOG
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh yes we've been using that one intensively :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Though just spotted a buggy log output: the SKIP line should have been for "check" not for "run". Committed a fix for that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. I will wait for a couple of days before merging this.
if [ -z $TIMEOUT ]; then | ||
printf "FAIL (%u seconds)\n" $SECONDS | tee -a $BASENAME.testlog; | ||
else | ||
printf "FAIL (%u seconds timeout)\n" $TIMEOUT | tee -a $BASENAME.testlog; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Thanks. Just pushed another minor thing. |
This PR fixes the AES-CCM* library for payloads/headers beyond 240 bytes (current implem is for up to 255 but ends in infinite loop for
m_len
greater than 240).The new limit for
a_len
is 0xfeff and form_len
0xffff.This is useful for e.g. use of AES-CCM in upper layers, or for 802.15.4g with larger frames.
Also adds relevant unit tests.
This is contributed by Yanzi Networks AB (www.yanzi.se).