On Mon, Jun 01, 2015 at 05:36:58PM +0200, Stephan Mueller wrote: > Am Montag, 1. Juni 2015, 16:35:26 schrieb Johannes Berg: > >IOW, I think something like this would make sense: > > That looks definitely cleaner :-) Indeed.. That AAD length-in-the-buffer design came from the over ten year old code that was optimized to cover the CCM construction with the same buffer and that was not cleaned up when this was converted to use cryptoapi couple of years ago. > Though, my main concern was just to ensure that the aad length value is not > zero. It won't be in IEEE 802.11 use cases. The exact length depends on the IEEE 802.11 frame type, but AAD is constructed in a way that it is normally a bit over 20 octets while allowing CCM to fit the related operations into two AES blocks. -- Jouni Malinen PGP id EFC895FA -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html