From: "Jason A. Donenfeld" Subject: Re: [PATCH v5 1/4] siphash: add cryptographically secure PRF Date: Mon, 19 Dec 2016 18:08:47 +0100 Message-ID: References: <20161215203003.31989-1-Jason@zx2c4.com> <20161215203003.31989-2-Jason@zx2c4.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: Netdev , kernel-hardening@lists.openwall.com, LKML , Linux Crypto Mailing List , David Laight , Ted Tso , Hannes Frederic Sowa , Linus Torvalds , Eric Biggers , Tom Herbert , George Spelvin , Vegard Nossum , Andi Kleen , David Miller , Andy Lutomirski , Jean-Philippe Aumasson , "Daniel J . Bernstein" To: noloader@gmail.com Return-path: In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Sat, Dec 17, 2016 at 3:55 PM, Jeffrey Walton wrote: > It may be prudent to include the endian reversal in the test to ensure > big endian machines produce expected results. Some closely related > testing on an old Apple PowerMac G5 revealed that result needed to be > reversed before returning it to a caller. The function [1] returns a u64. Originally I had it returning a __le64, but that was considered unnecessary by many prior reviewers on the list. It returns an integer. If you want uniform bytes out of it, then use the endian conversion function, the same as you would do with any other type of integer. Additionally, this function is *not* meant for af_alg or any of the crypto/* code. It's very unlikely to find a use there. > Forgive my ignorance... I did not find reading on using the primitive > in a PRNG. Does anyone know what Aumasson or Bernstein have to say? > Aumasson's site does not seem to discuss the use case: He's on this thread so I suppose he can speak up for himself. But in my conversations with him, the primary take-away was, "seems okay to me!". But please -- JP - correct me if I've misinterpreted.