Hi, Romain, On 10/18/2017 04:32 PM, Romain Izard wrote:
my fix also led to a systematic oops when running the ccm(aes) test case.
The NULL deference appears because of a memory corruption issue. atmel-aes does not implement ccm(aes), so the algorithm will be in the following form: ccm_base(atmel-ctr-aes,cbcmac(aes-generic)). ccm auth uses the first byte of the IV as length and eventually will memset memory to zero based on that length (see set_msg_len()). CTR overwrites the iv with the last ciphertext block and the length will be wrong. I will propose a fix, but I'm taking my time to better understand why CTR requires to overwrite the iv with the last ciphertext block. Cheers, ta