New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generic CTR #195
Generic CTR #195
Conversation
pub fn seek_ctr(&mut self, pos: u32) { | ||
self.ctr.seek(pos); | ||
} | ||
|
||
/// Get the current NIST SP800-38D counter value. | ||
// TODO(tarcieri): implement `SyncStreamCipherSeek` | ||
#[inline] | ||
pub fn current_ctr(&self) -> u32 { | ||
self.ctr.current_pos() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aes-gcm
(the crate) presently relies on these APIs, although they could probably be replaced with SyncStreamCipherSeek
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's block position, then it can be simply computed by dividing byte position by block size. Though we probably can extend the seek trait with a method which would return this number right away. I also thought about exposing the block nature of stream ciphers, but I haven't found a good AP for it which would fit different backends and runtime detection for ChaCha.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd previously opened RustCrypto/traits#336 to discuss this
I am not sure how to work around the compiler error issue. Making the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! A little curious about the impact on performance, but otherwise looks fantastic.
Well, I took all measures I can think of to allow compiler to properly optimize the code, but we can't know for sure without properly measuring it. |
An attempt to define CTR mode generically. The approach is quite flexible and I think it can be even used with the
__m128i
type (i.e. we will be able to reduce amount of copied code in theaes
crate).But I get a weird compilation error when I try to define implementations of
generate_block
andload
methods. Even though the default implementation works without problems, when I copy it to the concrete type (Ctr128BE
) impl, I get an error which asks me to further restrictN
withDiv<U16>
bound, even though it's already restricted byDiv<Self::Size>
. Even copying the suggested bound does not resolve the issue, compiler suggests to add already existing bound. Looks like a bug in the compiler to me.UPD: The implementation got restricted back to 128-bit ciphers, probably until landing of const generics.