Am Mittwoch, 22. April 2015, 14:13:54 schrieb Herbert Xu: Hi Herbert,
> On Wed, Apr 22, 2015 at 01:53:24PM +0800, Herbert Xu wrote: > > On Wed, Apr 22, 2015 at 06:36:59AM +0200, Stephan Mueller wrote: > > > The key wrapping is an authenticated encryption operation without > > > associated data. Therefore, setting of AAD is permissible, but that data > > > is not used by the cipher implementation. > > > > In that case you should return an error if AAD is provided rather > > than silently discarding them since by definition AEAD must include > > the AAD in the integrity value. > > In fact drop the AEAD altogether and just use ablkcipher. The > integrity value is then simply the output IV. Initially I was playing with ablkcipher. But then I moved to AEAD because the ciphertext is longer than the plaintext. Isn't it a basic assumption to ablkcipher is that the ciphertext is equal in size as the plaintext? -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
