summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2018-12-06 13:00:08 -0800
committerHerbert Xu <herbert@gondor.apana.org.au>2018-12-13 18:24:59 +0800
commit282c14852d00d6d1b8fadf3e01e4180f02ddda84 (patch)
treeb53a81a4fe030f050facafeaed28f3bdcbb50890 /crypto
parent5569e8c07447344cdc3771378ba4e0da0b94c2a4 (diff)
downloadlinux-282c14852d00d6d1b8fadf3e01e4180f02ddda84.tar.bz2
crypto: xchacha20 - fix comments for test vectors
The kernel's ChaCha20 uses the RFC7539 convention of the nonce being 12 bytes rather than 8, so actually I only appended 12 random bytes (not 16) to its test vectors to form 24-byte nonces for the XChaCha20 test vectors. The other 4 bytes were just from zero-padding the stream position to 8 bytes. Fix the comments above the test vectors. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/testmgr.h14
1 files changed, 6 insertions, 8 deletions
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 357cf4cbcbb1..e8f47d7b92cd 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -32281,8 +32281,9 @@ static const struct cipher_testvec xchacha20_tv_template[] = {
"\x57\x78\x8e\x6f\xae\x90\xfc\x31"
"\x09\x7c\xfc",
.len = 91,
- }, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes
- to nonce, and recomputed the ciphertext with libsodium */
+ }, { /* Taken from the ChaCha20 test vectors, appended 12 random bytes
+ to the nonce, zero-padded the stream position from 4 to 8 bytes,
+ and recomputed the ciphertext using libsodium's XChaCha20 */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
@@ -32309,8 +32310,7 @@ static const struct cipher_testvec xchacha20_tv_template[] = {
"\x03\xdc\xf8\x2b\xc1\xe1\x75\x67"
"\x23\x7b\xe6\xfc\xd4\x03\x86\x54",
.len = 64,
- }, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes
- to nonce, and recomputed the ciphertext with libsodium */
+ }, { /* Derived from a ChaCha20 test vector, via the process above */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
@@ -32419,8 +32419,7 @@ static const struct cipher_testvec xchacha20_tv_template[] = {
.np = 3,
.tap = { 375 - 20, 4, 16 },
- }, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes
- to nonce, and recomputed the ciphertext with libsodium */
+ }, { /* Derived from a ChaCha20 test vector, via the process above */
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
@@ -32463,8 +32462,7 @@ static const struct cipher_testvec xchacha20_tv_template[] = {
"\x65\x03\xfa\x45\xf7\x9e\x53\x7a"
"\x99\xf1\x82\x25\x4f\x8d\x07",
.len = 127,
- }, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes
- to nonce, and recomputed the ciphertext with libsodium */
+ }, { /* Derived from a ChaCha20 test vector, via the process above */
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"