summaryrefslogtreecommitdiff
path: root/rnd.h
diff options
context:
space:
mode:
authorTobias Klauser <tklauser@distanz.ch>2014-06-12 15:56:21 +0200
committerTobias Klauser <tklauser@distanz.ch>2014-06-12 15:56:21 +0200
commit7a78872dc5fa22c834d12e1f909c4fdf68da1879 (patch)
treedc920475da8f01c4ea08f0d907f3c03194995768 /rnd.h
parentb0e03239c7e3ecc08c51daedfff3a9be04113a62 (diff)
netsniff-ng 0.5.9-rc1v0.5.9-rc1
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Diffstat (limited to 'rnd.h')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-02 07:59:52 +0000
ac_vector(). This makes the code more understandable, and allows platforms to implement cmac(aes) in a more secure (*) and efficient way than is typically possible when using the AES cipher directly. So replace the crypto_cipher by a crypto_shash, and update the aes_s2v() routine to call the shash interface directly. * In particular, the generic table based AES implementation is sensitive to known-plaintext timing attacks on the key, to which AES based MAC algorithms are especially vulnerable, given that their plaintext is not usually secret. Time invariant alternatives are available (e.g., based on SIMD algorithms), but may incur a setup cost that is prohibitive when operating on a single block at a time, which is why they don't usually expose the cipher API. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat
-rw-r--r--net/mac80211/Kconfig1
-rw-r--r--net/mac80211/aes_cmac.h4
-rw-r--r--net/mac80211/fils_aead.c74
3 files changed, 34 insertions, 45 deletions
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig