diff options
author | John Baldwin <jhb@FreeBSD.org> | 2021-10-06 21:08:48 +0000 |
---|---|---|
committer | John Baldwin <jhb@FreeBSD.org> | 2021-10-06 21:08:48 +0000 |
commit | 4361c4eb6e3620e68d005c1671fdbf60b1fe83c6 (patch) | |
tree | e887b9bb7c1f917e9b304fed46381bb730d208ba /sys/opencrypto/rmd160.h | |
parent | 366ae4a000b1483390ddbf28e3dc420ebac894a0 (diff) | |
download | src-4361c4eb6e3620e68d005c1671fdbf60b1fe83c6.tar.gz src-4361c4eb6e3620e68d005c1671fdbf60b1fe83c6.zip |
cryptosoft: Fix support for variable tag lengths in AES-CCM.
The tag length is included as one of the values in the flags byte of
block 0 passed to CBC_MAC, so merely copying the first N bytes is
insufficient.
To avoid adding more sideband data to the CBC MAC software context,
pull the generation of block 0, the AAD length, and AAD padding out of
cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are
handled where the length block is constructed in cryptosoft.c and
passed as an input to the Update callback. As a result, the CBC MAC
Update() routine is now much simpler and simply performs the
XOR-and-encrypt step on each input block.
While here, avoid a copy to the staging block in the Update routine
when one or more full blocks are passed as input to the Update
callback.
Reviewed by: sef
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32120
Diffstat (limited to 'sys/opencrypto/rmd160.h')
0 files changed, 0 insertions, 0 deletions