Hi,
While debugging some AEAD issues with the inside-secure driver, I couldn't
help but notice that the testmgr is NOT checking the AAD data section of
the result. And when I added that check myself, I saw a lot of implementations
failing on out-of-place vectors, with the poison data still present in that
location. So am I correct to assume that the implementation is NOT supposed to
write the AAD data, but skip over that part of the output buffer, even if the
in- and output buffers do not overlap?
I wonder, as the current inside-secure driver DOES write out the AAD data and
I guess for us this is the natural way to do the AEAD transform so no one ever
just thought twice about that. Also can't find anything specific in the docs.
Even so, for the in-place case, checking the AAD data would ensure the crypto
implementation didn't *accidentally* corrupt it ...
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Inside Secure
On Mon, Apr 22, 2019 at 11:29:55AM +0000, Pascal Van Leeuwen wrote:
>
> Even so, for the in-place case, checking the AAD data would ensure the crypto
> implementation didn't *accidentally* corrupt it ...
Yes we probably should check it just in case some driver does
something weird with it.
Cheers,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt