Hi, Romain,
On 10/18/2017 04:32 PM, Romain Izard wrote:
diff --git a/crypto/ccm.c b/crypto/ccm.c
index 1ce37ae0ce56..e7c2121a3ab2 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -47,6 +47,7 @@ struct crypto_ccm_req_priv_ctx {
u8 odata[16];
u8 idata[16];
u8 auth_tag[16];
+ u8 iv[16];
u32 flags;
struct scatterlist src[3];
struct scatterlist dst[3];
@@ -248,32 +249,22 @@ static void crypto_ccm_encrypt_done(struct
crypto_async_request *areq, int err)
aead_request_complete(req, err);
}
-static inline int crypto_ccm_check_iv(const u8 *iv)
-{
- /* 2 <= L <= 8, so 1 <= L' <= 7. */
- if (1 > iv[0] || iv[0] > 7)
- return -EINVAL;
-
- return 0;
-}
-
-static int crypto_ccm_init_crypt(struct aead_request *req, u8 *tag)
+static int crypto_ccm_init_crypt(struct aead_request *req, u8 *tag, u8* iv)
{
struct crypto_ccm_req_priv_ctx *pctx = crypto_ccm_reqctx(req);
struct scatterlist *sg;
- u8 *iv = req->iv;
- int err;
+ u8 L = req->iv[0] + 1;
- err = crypto_ccm_check_iv(iv);
- if (err)
- return err;
-
- pctx->flags = aead_request_flags(req);
+ if (2 > L || L > 8)
+ return -EINVAL;
/* Note: rfc 3610 and NIST 800-38C require counter of
* zero to encrypt auth tag.
*/
- memset(iv + 15 - iv[0], 0, iv[0] + 1);
+ memcpy(iv, req->iv, 16 - L);
+ memset(iv + 16 - L, 0, L);
+
+ pctx->flags = aead_request_flags(req);
sg_init_table(pctx->src, 3);
sg_set_buf(pctx->src, tag, 16);
@@ -301,10 +292,10 @@ static int crypto_ccm_encrypt(struct aead_request *req)
struct scatterlist *dst;
unsigned int cryptlen = req->cryptlen;
u8 *odata = pctx->odata;
- u8 *iv = req->iv;
+ u8 *iv = pctx->iv;
int err;
- err = crypto_ccm_init_crypt(req, odata);
+ err = crypto_ccm_init_crypt(req, odata, iv);
if (err)
return err;
@@ -363,12 +354,12 @@ static int crypto_ccm_decrypt(struct aead_request *req)
unsigned int cryptlen = req->cryptlen;
u8 *authtag = pctx->auth_tag;
u8 *odata = pctx->odata;
- u8 *iv = req->iv;
+ u8 *iv = pctx->iv;
int err;
cryptlen -= authsize;
- err = crypto_ccm_init_crypt(req, authtag);
+ err = crypto_ccm_init_crypt(req, authtag, iv);
if (err)
return err;
Looks good. Can you please submit with a commit message?
Thanks,
ta