svn rev #21620: branches/aes-ccm/src/lib/crypto/enc_provider/

lhoward@MIT.EDU lhoward at MIT.EDU
Sun Dec 28 17:41:10 EST 2008 

http://src.mit.edu/fisheye/changelog/krb5/?cs=21620
Commit By: lhoward
Log Message:
Return KRB5_CRYPTO_INTERNAL if counter wraps around



Changed Files:
U   branches/aes-ccm/src/lib/crypto/enc_provider/aes_ctr.c
Modified: branches/aes-ccm/src/lib/crypto/enc_provider/aes_ctr.c
===================================================================
--- branches/aes-ccm/src/lib/crypto/enc_provider/aes_ctr.c	2008-12-28 19:55:52 UTC (rev 21619)
+++ branches/aes-ccm/src/lib/crypto/enc_provider/aes_ctr.c	2008-12-28 22:41:09 UTC (rev 21620)
@@ -31,7 +31,7 @@
 
 #define CCM_FLAG_MASK_Q		0x07
 
-#define CCM_COUNTER_LENGTH	3
+#define CCM_DEFAULT_COUNTER_LEN	3 /* default q=3 from RFC 5116 5.3 */
 
 static inline void xorblock(unsigned char *out, const unsigned char *in)
 {
@@ -52,7 +52,7 @@
     assert(q >= 2 && q <= 8);
 
     for (i = 0, blockno = 0; i < q; i++) {
-	register int s = (q - i - 1) * 8;
+	register krb5_octet s = (q - i - 1) * 8;
 
 	blockno |= ctr[16 - q + i] << s;
     }
@@ -69,12 +69,15 @@
     q = ctr[0] + 1;
 
     for (i = 0; i < q; i++) {
-	register int s = (q - i - 1) * 8;
+	register krb5_octet s = (q - i - 1) * 8;
 
 	ctr[16 - q + i] = (blockno >> s) & 0xFF;
     }
 }
 
+/* Maximum number of invocations with a given nonce and key */
+#define maxblocks(q)	    (1UL << (8 * q))
+
 /*
  * ivec must be a correctly formatted counter block per SP800-38C A.3
  */
@@ -106,7 +109,7 @@
 	memcpy(ctr, ivec->data, BLOCK_SIZE);
     } else {
 	memset(ctr, 0, BLOCK_SIZE);
-	ctr[0] = CCM_COUNTER_LENGTH - 1; /* default q=3 from RFC 5116 5.3 */
+	ctr[0] = CCM_DEFAULT_COUNTER_LEN - 1;
     }
 
     getctrblockno(&blockno, ctr);
@@ -115,6 +118,9 @@
 	unsigned char plain[BLOCK_SIZE];
 	unsigned char ectr[BLOCK_SIZE];
 
+	if (blockno >= maxblocks(ctr[0] + 1))
+	    return KRB5_CRYPTO_INTERNAL;
+
 	if (!krb5int_c_iov_get_block((unsigned char *)plain, BLOCK_SIZE, data, num_data, &input_pos))
 	    break;
 
@@ -161,7 +167,7 @@
 	memcpy(ctr, ivec->data, BLOCK_SIZE);
     } else {
 	memset(ctr, 0, BLOCK_SIZE);
-	ctr[0] = CCM_COUNTER_LENGTH - 1; /* default q=3 from RFC 5116 5.3 */
+	ctr[0] = CCM_DEFAULT_COUNTER_LEN - 1;
     }
 
     getctrblockno(&blockno, ctr);
@@ -170,6 +176,9 @@
 	unsigned char ectr[BLOCK_SIZE];
 	unsigned char cipher[BLOCK_SIZE];
 
+	if (blockno >= maxblocks(ctr[0] + 1))
+	    return KRB5_CRYPTO_INTERNAL;
+
 	if (!krb5int_c_iov_get_block((unsigned char *)cipher, BLOCK_SIZE, data, num_data, &input_pos))
 	    break;

More information about the cvs-krb5 mailing list