On Wed, Apr 22, 2015 at 01:53:24PM +0800, Herbert Xu wrote: > On Wed, Apr 22, 2015 at 06:36:59AM +0200, Stephan Mueller wrote: > > > > The key wrapping is an authenticated encryption operation without > > associated data. Therefore, setting of AAD is permissible, but that data > > is not used by the cipher implementation. > > In that case you should return an error if AAD is provided rather > than silently discarding them since by definition AEAD must include > the AAD in the integrity value.
In fact drop the AEAD altogether and just use ablkcipher. The integrity value is then simply the output IV. Cheers, -- Email: Herbert Xu <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
