Re: [PATCH 09/15] crypto: chacha-generic - Convert from skcipher to lskcipher

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 06, 2023 at 01:49:32PM +0800, Herbert Xu wrote:
> +static int chacha_stream_xor(const struct chacha_ctx *ctx, const u8 *src,
> +			     u8 *dst, unsigned nbytes, u8 *siv, u32 flags)

In cryptography, siv normally stands for Synthetic Initialization Vector.  I
*think* that here you're having it stand for "state and IV", or something like
that.  Is there a better name for it?  Maybe it should just be state?

> -static int crypto_xchacha_crypt(struct skcipher_request *req)
> +static int crypto_xchacha_crypt(struct crypto_lskcipher *tfm, const u8 *src,
> +				u8 *dst, unsigned nbytes, u8 *siv, u32 flags)
>  {
> -	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
> -	struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
> +	struct chacha_ctx *ctx = crypto_lskcipher_ctx(tfm);
>  	struct chacha_ctx subctx;
> -	u32 state[16];
> -	u8 real_iv[16];
> +	u8 *real_iv;
> +	u32 *state;
>  
> -	/* Compute the subkey given the original key and first 128 nonce bits */
> -	chacha_init_generic(state, ctx->key, req->iv);
> -	hchacha_block_generic(state, subctx.key, ctx->nrounds);
> +	real_iv = siv + XCHACHA_IV_SIZE;
> +	state = (u32 *)(real_iv + CHACHA_IV_SIZE);

So the "siv" contains xchacha_iv || real_iv || state?  That's 112 bytes, which
is more than the 80 that's allocated for it.

Isn't the state the only thing that actually needs to be carried forward?

- Eric




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux