Skip to content

Commit c145ed1

Browse files
jezcryptjezcrypt
committed
encode bit length instead of byte length
1 parent 14fdd3a commit c145ed1

File tree

1 file changed

+14
-10
lines changed

1 file changed

+14
-10
lines changed

src/ECCX08.cpp

+14-10
Original file line numberDiff line numberDiff line change
@@ -392,12 +392,14 @@ int ECCX08Class::AESEncrypt(byte IV[], byte ad[], byte pt[], byte ct[], byte tag
392392
memset(input+adLength, 0, adPad);
393393
memcpy(input+adLength+adPad, ct, ptLength);
394394
memset(input+adLength+adPad+ptLength, 0, ctPad);
395-
// Device is little endian
396-
// GCM specification requires big endian length representation
397-
// Hence we reverse the byte order of adLength and ptLength
395+
// Device is little endian.
396+
// GCM specification requires big endian representation
397+
// of bit length.
398+
// Hence we multiply by 8 and
399+
// reverse the byte order of adLength and ptLength.
398400
for (int i=0; i<8; i++){
399-
input[adLength+adPad+ptLength+ctPad+i] = (adLength >> (56-8*i)) & 0xFF;
400-
input[adLength+adPad+ptLength+ctPad+8+i] = (ptLength >> (56-8*i)) & 0xFF;
401+
input[adLength+adPad+ptLength+ctPad+i] = (adLength*8 >> (56-8*i)) & 0xFF;
402+
input[adLength+adPad+ptLength+ctPad+8+i] = (ptLength*8 >> (56-8*i)) & 0xFF;
401403
}
402404

403405
if (!AESGHASH(H, input, S, inputLength)){
@@ -439,12 +441,14 @@ int ECCX08Class::AESDecrypt(byte IV[], byte ad[], byte pt[], byte ct[], byte tag
439441
memset(input+adLength, 0, adPad);
440442
memcpy(input+adLength+adPad, ct, ctLength);
441443
memset(input+adLength+adPad+ctLength, 0, ctPad);
442-
// Device is little endian
443-
// GCM specification requires big endian length representation
444-
// Hence we reverse the byte order of adLength and ctLength
444+
// Device is little endian.
445+
// GCM specification requires big endian representation
446+
// of bit length.
447+
// Hence we multiply by 8 and
448+
// reverse the byte order of adLength and ptLength.
445449
for (int i=0; i<8; i++){
446-
input[adLength+adPad+ctLength+ctPad+i] = (adLength >> (56-8*i)) & 0xFF;
447-
input[adLength+adPad+ctLength+ctPad+8+i] = (ctLength >> (56-8*i)) & 0xFF;
450+
input[adLength+adPad+ctLength+ctPad+i] = (adLength*8 >> (56-8*i)) & 0xFF;
451+
input[adLength+adPad+ctLength+ctPad+8+i] = (ctLength*8 >> (56-8*i)) & 0xFF;
448452
}
449453

450454
if (!AESGHASH(H, input, S, inputLength)){

0 commit comments

Comments
 (0)