Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp190463ybt; Tue, 7 Jul 2020 20:08:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwdkkW92JPUmFGvGcKoELfqekjDf4ukIbIkHDDpOG1yG8jY1hog2HGrylxoQK2i/PrzZHui X-Received: by 2002:a17:906:fcc7:: with SMTP id qx7mr51137043ejb.182.1594177719921; Tue, 07 Jul 2020 20:08:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594177719; cv=none; d=google.com; s=arc-20160816; b=qunh6jSPn0R4xbrEnisXZDQ2rQA+ak7I4JuYh4JpAeTpkCgbbFIgTrIPAjssXkQW+6 6x1lh/5JwcFUwPWU/MXpE90Mn/UtZwwPrg26Yawg6YNrkt2msjFppEi8wiPY7/2O8qTW obRBrDM6xQ7paTbPPTBBixM5Tu45vzCj0SEAWFAQCTmTm43GNXDccZPvBcZ2I7OHJSIM JN4fjpqbbVwJ90+tOnZO8eE4jsAzsgZNouejg0FvFVMXYQj5by3Ks+JoaKPGwqNaNblO +Wlf5hWYCXw8fhvwbO/QdF2v0BqVr68FXOsKp8T4m9LP82d8vuEokzyugH1oK4Y5x50U HlyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=We2ju/Qq6kYGB2S3RcwF3uv9EmH6Gx/qyqSrxSDwADI=; b=QBcBAyzcdDc+IZKcbE+11yDyNH537YkTFpMG/qAwWsfPBMVIoQ2Eh0oN9TNRNjGsbV B27Z7MYRksomlyWL93Eg+PjJxlT9amK6qNoFOKbw/sVO7w4mJiSwmV/5TRuTDmf0xJPE pMayXQtTUQFHU2J4V5tr2ME3PWQBwTUrTlOUnUOH7hGU8TyqxjR9Ycg5TPz6PtgENeXi itJIVqErrMoh9U/9epFQJO652Y8K5zMoTs2QwOnroUERfkLmRreMZfoyu4q6XnlCbiHQ 4tpheHt/HRAs+2JfmS5Wu4ZJx54p1M1gYatXIQQ/wt7LvBlaDtsUNIjqXka0UG+2rqw1 c5Yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=AuyloZ1W; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v25si15657376ejx.496.2020.07.07.20.07.54; Tue, 07 Jul 2020 20:08:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=AuyloZ1W; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728491AbgGHCbK (ORCPT + 99 others); Tue, 7 Jul 2020 22:31:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:41142 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728366AbgGHCbK (ORCPT ); Tue, 7 Jul 2020 22:31:10 -0400 Received: from sol.localdomain (c-107-3-166-239.hsd1.ca.comcast.net [107.3.166.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C6CB720774; Wed, 8 Jul 2020 02:31:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594175469; bh=deOqMgE6ri2ZQxDhkOiWPPcblPJS6MGFDkts87mWmsw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=AuyloZ1WUtC7nPR//VlWSDpgMfzctdo1HW4xOJy8aKgyyU1L0hQdOOmQ+i8WbxYcz Vh8izWn7dDqyoBk2GzT7k5jizGVtGwX9vUUBQNF2NBn6O6ZzZPWla6vbAgjt2/qGSE w8Qor0QXBlm6n3bvUlgw8roTV2/uXyTtpljagQ50= Date: Tue, 7 Jul 2020 19:31:08 -0700 From: Eric Biggers To: Herbert Xu Cc: Linux Crypto Mailing List Subject: Re: [v2 PATCH] crypto: chacha - Add DEFINE_CHACHA_STATE macro Message-ID: <20200708023108.GK839@sol.localdomain> References: <20200706133733.GA6479@gondor.apana.org.au> <20200706190717.GB736284@gmail.com> <20200706223716.GA10958@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200706223716.GA10958@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Jul 07, 2020 at 08:37:16AM +1000, Herbert Xu wrote: > On Mon, Jul 06, 2020 at 12:07:17PM -0700, Eric Biggers wrote: > > > > This changes chacha_state to be a pointer, which breaks clearing the state > > because that uses sizeof(chacha_state): > > > > memzero_explicit(chacha_state, sizeof(chacha_state)); > > > > It would need to be changed to use CHACHA_BLOCK_SIZE. > > Good catch. Thanks! Here's an update: > > ---8<--- > As it stands the chacha state array is made 12 bytes bigger on > x86 in order for it to be 16-byte aligned. However, the array > is not actually aligned until it hits the x86 code. > > This patch moves the alignment to where the state array is defined. > To do so a macro DEFINE_CHACHA_STATE has been added which takes > care of all the work to ensure that it is actually aligned on the > stack. > > Signed-off-by: Herbert Xu Hmm, __chacha20poly1305_encrypt() already uses: memzero_explicit(chacha_state, CHACHA_STATE_WORDS * sizeof(u32)); That's equivalent to CHACHA_BLOCK_SIZE now, but it would be best to use the same constant everywhere. Can you pick one or the other to use? Also, in chacha20poly1305-selftest.c there's a state array that needs to be converted to use the new macro: u32 chacha20_state[CHACHA_STATE_WORDS]; - Eric