Re: [PATCH 09/15] crypto: chacha-generic - Convert from skcipher to lskcipher

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 14, 2024 at 03:41:51PM -0800, Eric Biggers wrote:
> On Wed, Dec 06, 2023 at 01:49:32PM +0800, Herbert Xu wrote:
> > +static int chacha_stream_xor(const struct chacha_ctx *ctx, const u8 *src,
> > +			     u8 *dst, unsigned nbytes, u8 *siv, u32 flags)
> 
> In cryptography, siv normally stands for Synthetic Initialization Vector.  I
> *think* that here you're having it stand for "state and IV", or something like
> that.  Is there a better name for it?  Maybe it should just be state?

Thanks, I'll change this to ivst.

> So the "siv" contains xchacha_iv || real_iv || state?  That's 112 bytes, which
> is more than the 80 that's allocated for it.

Correct, it's 112 bytes.  The caller is meant to allocate enough
space for the IV and state: 32(ivsize) + 80(statesize).

> Isn't the state the only thing that actually needs to be carried forward?

Some algorithms (statesize == 0) will carry all their state in
the IV, e.g., cbc.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux