3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-11 10:12:42 +01:00

crypto: Skip aes-ctr decryption for in_len = 16

If the input length is 16 bytes, this means aes_siv_decrypt should
only be verifying the 16 byte SIV and not decrypting any data. If
this is the case, we can skip over the whole AES-CTR portion of
AES-SIV and only verify the SIV.
This commit is contained in:
Denis Kenzior 2019-04-17 18:59:27 -05:00
parent 799a29d37c
commit 89017afdb2

View File

@ -365,11 +365,17 @@ bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
uint8_t iv[16]; uint8_t iv[16];
uint8_t v[16]; uint8_t v[16];
if (in_len < 16)
return false;
memcpy(iov, ad, sizeof(iov) * num_ad); memcpy(iov, ad, sizeof(iov) * num_ad);
iov[num_ad].iov_base = (void *)out; iov[num_ad].iov_base = (void *)out;
iov[num_ad].iov_len = in_len - 16; iov[num_ad].iov_len = in_len - 16;
num_ad++; num_ad++;
if (in_len == 16)
goto check_cmac;
memcpy(iv, in, 16); memcpy(iv, in, 16);
iv[8] &= 0x7f; iv[8] &= 0x7f;
@ -387,6 +393,7 @@ bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
l_cipher_free(ctr); l_cipher_free(ctr);
check_cmac:
cmac = l_checksum_new_cmac_aes(key, key_len / 2); cmac = l_checksum_new_cmac_aes(key, key_len / 2);
if (!cmac) if (!cmac)
return false; return false;