Le 30/08/2024 à 18:42, Christophe Leroy a écrit :


Le 30/08/2024 à 18:14, Jason A. Donenfeld a écrit :
On Fri, Aug 30, 2024 at 05:57:08PM +0200, Christophe Leroy wrote:
+ *    r5: 8-byte counter input/output (saved on stack)
+ *
+ *    r14-r15: counter
+ */
+SYM_FUNC_START(__arch_chacha20_blocks_nostack)
+    stwu    r1, -96(r1)
+    stw    r5, 20(r1)
+    stmw    r14, 24(r1)
+    li    r31, 4
+    LWZX_LE    r14, 0, r5
+    LWZX_LE    r15, r31, r5

Why swap endian on the counter?

Unlike the keys, the counter is passed to the function as an u8*, not as a u64*, so I thought it was raw data in little endian order, same as when using Sodium. Is it wrong ?

Hum ..... I looked again and it seems it is already a u32 *. Looks like I mis-read the 8-byte comment. Or I did it right in the begining then I swapped it at the same time as I swapped the keys after my first test when the selftest was using Sodium. I can't remember. I'll fix it.

Christophe

Reply via email to