crypto: keembay-ocs-aes - Fix 'q' assignment during CCM B0 generation

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In ocs_aes_ccm_write_b0(), 'q' (the octet length of the binary
representation of the octet length of the payload) is set to 'iv[0]',
while it should be set to 'iv[0] & 0x7' (i.e., only the last 3
bits of iv[0] should be used), as documented in NIST Special Publication
800-38C:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf

In practice, this is not an issue, since 'iv[0]' is checked to be in the
range [1-7] by ocs_aes_validate_inputs(), but let's fix the assignment
anyway, in order to make the code more robust.

Signed-off-by: Daniele Alessandrelli <daniele.alessandrelli@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Daniele Alessandrelli and committed by

Herbert Xu 5 years ago 0db5bc85 cfb28fde

+3 -3

1 changed file

expand all

drivers

crypto

keembay

ocs-aes.c

+3 -3

drivers/crypto/keembay/ocs-aes.c

··· 1080 1080 /* 1081 1081 * q is the octet length of Q. 1082 1082 * q can only be an element of {2, 3, 4, 5, 6, 7, 8} and is encoded as 1083 - * q - 1 == iv[0] 1083 + * q - 1 == iv[0] & 0x7; 1084 1084 */ 1085 1085 b0[0] |= iv[0] & 0x7; 1086 1086 /* 1087 1087 * Copy the Nonce N from IV to B0; N is located in iv[1]..iv[15 - q] 1088 1088 * and must be copied to b0[1]..b0[15-q]. 1089 - * q == iv[0] + 1 1089 + * q == (iv[0] & 0x7) + 1 1090 1090 */ 1091 - q = iv[0] + 1; 1091 + q = (iv[0] & 0x7) + 1; 1092 1092 for (i = 1; i <= 15 - q; i++) 1093 1093 b0[i] = iv[i]; 1094 1094 /*