Open emillon opened 4 years ago
Hi,
When using CCM, the computed tag is different when no AAD is passed and when an empty AAD is passed:
let () = let key = Cstruct.of_hex "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f" |> Nocrypto.Cipher_block.AES.CCM.of_secret ~maclen:16 in let nonce = Cstruct.of_hex "00 01 02 03 04 05 06 07" in let plaintext = Cstruct.of_string "hello" in Nocrypto.Cipher_block.AES.CCM.encrypt ~key ~nonce plaintext |> Cstruct.hexdump; Nocrypto.Cipher_block.AES.CCM.encrypt ~adata:Cstruct.empty ~key ~nonce plaintext |> Cstruct.hexdump
Output: (note that the ciphertext is identical but tag differs)
65 92 16 9e 94 8b c0 88 9b fb e9 a5 2a f2 73 80 3d cf c2 a5 b4 65 92 16 9e 94 68 e4 95 f3 b1 16 49 d8 c9 9f 54 a1 7b 01 ab e3
In the Cstruct.empty case, it seems that an extra padding block is taken into account.
Cstruct.empty
Quoting RFC 3610:
Users who do not wish to authenticate additional data can provide a string of length zero. (§2.1) If l(a)>0 (as indicated by the Adata field), then one or more blocks of authentication data are added. (§2.2)
Users who do not wish to authenticate additional data can provide a string of length zero. (§2.1)
If l(a)>0 (as indicated by the Adata field), then one or more blocks of authentication data are added. (§2.2)
Thanks!
Hi,
When using CCM, the computed tag is different when no AAD is passed and when an empty AAD is passed:
Output: (note that the ciphertext is identical but tag differs)
In the
Cstruct.emptycase, it seems that an extra padding block is taken into account.Quoting RFC 3610:
Thanks!