> > Is the aad actually reused? I would assume it only affects the mac > on encryption, and the verification on decryption but I don't think > we actually need it back from the crypto routines.
I don't think it's reused. > Exactly what you said above :-) My patch only touches CCM but as you > said, > > """ > 'Also there's B_0/J_0 for CCM/GCM, and the 'zero' thing that GMAC > has. > """ Ah, but we can/should do the same for the others, no? johannes