UPSTREAM: crypto: xchacha20 - fix comments for test vectors
The kernel's ChaCha20 uses the RFC7539 convention of the nonce being 12 bytes rather than 8, so actually I only appended 12 random bytes (not 16) to its test vectors to form 24-byte nonces for the XChaCha20 test vectors. The other 4 bytes were just from zero-padding the stream position to 8 bytes. Fix the comments above the test vectors. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 282c14852d00d6d1b8fadf3e01e4180f02ddda84) Bug: 152722841 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1037d3e19792fd7dbf0d9623fe530ce711a0e8ad
This commit is contained in:
Eric Biggers
Greg Kroah-Hartman
parent
b6685e597a
commit
2be733e152
1 changed files with 6 additions and 8 deletions
|
|
@ -32105,8 +32105,9 @@ static const struct cipher_testvec xchacha20_tv_template[] = {
|
|||
"\x57\x78\x8e\x6f\xae\x90\xfc\x31"
|
||||
"\x09\x7c\xfc",
|
||||
.len = 91,
|
||||
}, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes
|
||||
to nonce, and recomputed the ciphertext with libsodium */
|
||||
}, { /* Taken from the ChaCha20 test vectors, appended 12 random bytes
|
||||
to the nonce, zero-padded the stream position from 4 to 8 bytes,
|
||||
and recomputed the ciphertext using libsodium's XChaCha20 */
|
||||
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
|
|
@ -32133,8 +32134,7 @@ static const struct cipher_testvec xchacha20_tv_template[] = {
|
|||
"\x03\xdc\xf8\x2b\xc1\xe1\x75\x67"
|
||||
"\x23\x7b\xe6\xfc\xd4\x03\x86\x54",
|
||||
.len = 64,
|
||||
}, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes
|
||||
to nonce, and recomputed the ciphertext with libsodium */
|
||||
}, { /* Derived from a ChaCha20 test vector, via the process above */
|
||||
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
|
|
@ -32243,8 +32243,7 @@ static const struct cipher_testvec xchacha20_tv_template[] = {
|
|||
.np = 3,
|
||||
.tap = { 375 - 20, 4, 16 },
|
||||
|
||||
}, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes
|
||||
to nonce, and recomputed the ciphertext with libsodium */
|
||||
}, { /* Derived from a ChaCha20 test vector, via the process above */
|
||||
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
|
||||
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
|
||||
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
|
||||
|
|
@ -32287,8 +32286,7 @@ static const struct cipher_testvec xchacha20_tv_template[] = {
|
|||
"\x65\x03\xfa\x45\xf7\x9e\x53\x7a"
|
||||
"\x99\xf1\x82\x25\x4f\x8d\x07",
|
||||
.len = 127,
|
||||
}, { /* Taken from the ChaCha20 test vectors, appended 16 random bytes
|
||||
to nonce, and recomputed the ciphertext with libsodium */
|
||||
}, { /* Derived from a ChaCha20 test vector, via the process above */
|
||||
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
|
||||
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
|
||||
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
|
||||
|
|
|
|||
Loading…
Reference in a new issue