On Wed, Dec 06, 2023 at 01:49:32PM +0800, Herbert Xu wrote:
> +static int chacha_stream_xor(const struct chacha_ctx *ctx, const u8 *src,
> + u8 *dst, unsigned nbytes, u8 *siv, u32 flags)
In cryptography, siv normally stands for Synthetic Initialization Vector. I
*think* that here you're having it stand for "state and IV", or something like
that. Is there a better name for it? Maybe it should just be state?
> -static int crypto_xchacha_crypt(struct skcipher_request *req)
> +static int crypto_xchacha_crypt(struct crypto_lskcipher *tfm, const u8 *src,
> + u8 *dst, unsigned nbytes, u8 *siv, u32 flags)
> {
> - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
> - struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
> + struct chacha_ctx *ctx = crypto_lskcipher_ctx(tfm);
> struct chacha_ctx subctx;
> - u32 state[16];
> - u8 real_iv[16];
> + u8 *real_iv;
> + u32 *state;
>
> - /* Compute the subkey given the original key and first 128 nonce bits */
> - chacha_init_generic(state, ctx->key, req->iv);
> - hchacha_block_generic(state, subctx.key, ctx->nrounds);
> + real_iv = siv + XCHACHA_IV_SIZE;
> + state = (u32 *)(real_iv + CHACHA_IV_SIZE);
So the "siv" contains xchacha_iv || real_iv || state? That's 112 bytes, which
is more than the 80 that's allocated for it.
Isn't the state the only thing that actually needs to be carried forward?
- Eric