From 89017afdb2ab9ab7209def7750b793d97a4da3a9 Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Wed, 17 Apr 2019 18:59:27 -0500 Subject: [PATCH] crypto: Skip aes-ctr decryption for in_len = 16 If the input length is 16 bytes, this means aes_siv_decrypt should only be verifying the 16 byte SIV and not decrypting any data. If this is the case, we can skip over the whole AES-CTR portion of AES-SIV and only verify the SIV. --- src/crypto.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/crypto.c b/src/crypto.c index ecf35f7d..85de78f3 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -365,11 +365,17 @@ bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in, uint8_t iv[16]; uint8_t v[16]; + if (in_len < 16) + return false; + memcpy(iov, ad, sizeof(iov) * num_ad); iov[num_ad].iov_base = (void *)out; iov[num_ad].iov_len = in_len - 16; num_ad++; + if (in_len == 16) + goto check_cmac; + memcpy(iv, in, 16); iv[8] &= 0x7f; @@ -387,6 +393,7 @@ bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in, l_cipher_free(ctr); +check_cmac: cmac = l_checksum_new_cmac_aes(key, key_len / 2); if (!cmac) return false;