| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Mar 2019 13:50:50 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: vakul.garg@....com
Cc: netdev@...r.kernel.org, borisp@...lanox.com, aviadye@...lanox.com,
davejwatson@...com, doronrk@...com
Subject: Re: [PATCH net-next] net/tls: Add support of AES128-CCM based
ciphers
From: Vakul Garg <vakul.garg@....com>
Date: Tue, 19 Mar 2019 05:15:20 +0000
> @@ -479,11 +477,18 @@ static int tls_do_encryption(struct sock *sk,
> struct tls_rec *rec = ctx->open_rec;
> struct sk_msg *msg_en = &rec->msg_encrypted;
> struct scatterlist *sge = sk_msg_elem(msg_en, start);
> - int rc;
> + int rc, iv_offset = 0;
> +
> + /* For CCM based ciphers, first byte of nonce+iv is always '2' */
> + if (prot->cipher_type == TLS_CIPHER_AES_CCM_128) {
> + rec->iv_data[0] = 2;
> + iv_offset = 1;
> + }
...
> iv = aad + prot->aad_size;
>
> + /* For CCM based ciphers, first byte of nonce+iv is always '2' */
> + if (prot->cipher_type == TLS_CIPHER_AES_CCM_128) {
> + iv[0] = 2;
> + iv_offset = 1;
> + }
Your explanation to Stephen about this '2' is great but belongs in the code
somehow so that the next person reading this will understand too.
Why not make a CPP macro for this value of '2', and explain it in a big
comment about the macro's definition?
Powered by blists - more mailing lists