AES-CCM mode is broken for 192bit and 256bit keys
According to spec(NIST 800-38C section 5.2), the cbc-mac is initialized with a zero IV. The cbc-mac init, however, is falling back to using key.length as the length of iv, so for aes key sizes of 192 and 256, cmac fails.
CBC-MAC init referenced below:
void init(CipherParameters params) {
if (params is ParametersWithIV) {
_params = params;
} else if (params is KeyParameter) {
final zeroIV = Uint8List(params.key.length);
_params = ParametersWithIV(params, zeroIV);
}
reset();
_cipher.init(true, _params);
}
Ephenodrom
commented
1 year ago
@AKushWarrior
AES-CCM mode is broken for 192bit and 256bit keys According to spec(NIST 800-38C section 5.2), the cbc-mac is initialized with a zero IV. The cbc-mac init, however, is falling back to using key.length as the length of iv, so for aes key sizes of 192 and 256, cmac fails.
CBC-MAC init referenced below: