Skip to content

Commit

Permalink
ccm: support decrypting empty message
Browse files Browse the repository at this point in the history
  • Loading branch information
hannesm committed Feb 26, 2020
1 parent d7f11f7 commit 99ff492
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/ccm.ml
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ let generation_encryption ~cipher ~key ~nonce ~maclen ?adata data =

let decryption_verification ~cipher ~key ~nonce ~maclen ?adata data =
valid_nonce nonce;
if Cstruct.len data <= maclen then
if Cstruct.len data < maclen then
None
else
let pclen = Cstruct.len data - maclen in
Expand Down
12 changes: 12 additions & 0 deletions tests/test_cipher.ml
Original file line number Diff line number Diff line change
Expand Up @@ -370,13 +370,25 @@ let ccm_regressions =
assert_raises ~msg:"CCM with short nonce raises"
(Invalid_argument "Mirage_crypto: CCM: nonce length not between 7 and 13: 14")
(fun () -> encrypt ~key ~nonce plaintext)
and enc_dec_empty_message _ =
(* as reported in https://github.com/mirleft/ocaml-nocrypto/issues/168 *)
let key = of_secret ~maclen:16 (vx "000102030405060708090a0b0c0d0e0f")
and nonce = vx "0001020304050607"
and adata = Cstruct.of_string "hello"
and p = Cstruct.empty
in
let cipher = encrypt ~adata ~key ~nonce p in
match decrypt ~key ~nonce ~adata cipher with
| Some x -> assert_cs_equal ~msg:"CCM decrypt of empty message" p x
| None -> assert_failure "decryption broken"
in
[
test_case no_vs_empty_ad ;
test_case short_nonce_enc ;
test_case short_nonce_enc2 ;
test_case short_nonce_enc3 ;
test_case long_nonce_enc ;
test_case enc_dec_empty_message ;
]

let suite = [
Expand Down

0 comments on commit 99ff492

Please sign in to comment.