diff options
| -rw-r--r-- | crypto/src/crypto/modes/CcmBlockCipher.cs | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/crypto/src/crypto/modes/CcmBlockCipher.cs b/crypto/src/crypto/modes/CcmBlockCipher.cs index fa583fdef..2f9ec216f 100644 --- a/crypto/src/crypto/modes/CcmBlockCipher.cs +++ b/crypto/src/crypto/modes/CcmBlockCipher.cs @@ -274,7 +274,17 @@ namespace Org.BouncyCastle.Crypto.Modes if (q < 4) { int limitLen = 1 << (8 * q); - if (inLen >= limitLen) + + // no input length adjustment for encryption + int inputAdjustment = 0; + + if (!forEncryption) + { + // input includes 16 additional bytes: CCM flags and n+q values. + inputAdjustment = 1 /* flags */ + 15 /* n + q */; + } + + if (inLen - inputAdjustment >= limitLen) throw new InvalidOperationException("CCM packet too large for choice of q."); } @@ -375,7 +385,17 @@ namespace Org.BouncyCastle.Crypto.Modes if (q < 4) { int limitLen = 1 << (8 * q); - if (inLen >= limitLen) + + // no input length adjustment for encryption + int inputAdjustment = 0; + + if (!forEncryption) + { + // input includes 16 additional bytes: CCM flags and n+q values. + inputAdjustment = 1 /* flags */ + 15 /* n + q */; + } + + if (inLen - inputAdjustment >= limitLen) throw new InvalidOperationException("CCM packet too large for choice of q."); } |