diff options
author | Eric Biggers <ebiggers@google.com> | 2018-12-06 13:00:08 -0800 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2018-12-13 18:24:59 +0800 |
commit | 282c14852d00d6d1b8fadf3e01e4180f02ddda84 (patch) | |
tree | b53a81a4fe030f050facafeaed28f3bdcbb50890 /crypto | |
parent | 5569e8c07447344cdc3771378ba4e0da0b94c2a4 (diff) | |
download | linux-282c14852d00d6d1b8fadf3e01e4180f02ddda84.tar.bz2 |
crypto: xchacha20 - fix comments for test vectors
The kernel's ChaCha20 uses the RFC7539 convention of the nonce being 12
bytes rather than 8, so actually I only appended 12 random bytes (not
16) to its test vectors to form 24-byte nonces for the XChaCha20 test
vectors. The other 4 bytes were just from zero-padding the stream
position to 8 bytes. Fix the comments above the test vectors.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/testmgr.h | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 357cf4cbcbb1..e8f47d7b92cd 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -32281,8 +32281,9 @@ static const struct cipher_testvec xchacha20_tv_template[] = { "\x57\x78\x8e\x6f\xae\x90\xfc\x31" "\x09\x7c\xfc", .len = 91, - }, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes - to nonce, and recomputed the ciphertext with libsodium */ + }, { /* Taken from the ChaCha20 test vectors, appended 12 random bytes + to the nonce, zero-padded the stream position from 4 to 8 bytes, + and recomputed the ciphertext using libsodium's XChaCha20 */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -32309,8 +32310,7 @@ static const struct cipher_testvec xchacha20_tv_template[] = { "\x03\xdc\xf8\x2b\xc1\xe1\x75\x67" "\x23\x7b\xe6\xfc\xd4\x03\x86\x54", .len = 64, - }, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes - to nonce, and recomputed the ciphertext with libsodium */ + }, { /* Derived from a ChaCha20 test vector, via the process above */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" @@ -32419,8 +32419,7 @@ static const struct cipher_testvec xchacha20_tv_template[] = { .np = 3, .tap = { 375 - 20, 4, 16 }, - }, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes - to nonce, and recomputed the ciphertext with libsodium */ + }, { /* Derived from a ChaCha20 test vector, via the process above */ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" "\x47\x39\x17\xc1\x40\x2b\x80\x09" @@ -32463,8 +32462,7 @@ static const struct cipher_testvec xchacha20_tv_template[] = { "\x65\x03\xfa\x45\xf7\x9e\x53\x7a" "\x99\xf1\x82\x25\x4f\x8d\x07", .len = 127, - }, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes - to nonce, and recomputed the ciphertext with libsodium */ + }, { /* Derived from a ChaCha20 test vector, via the process above */ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" "\x47\x39\x17\xc1\x40\x2b\x80\x09" |