Generic CTR #195
Generic CTR #195
Conversation
| pub fn seek_ctr(&mut self, pos: u32) { | ||
| self.ctr.seek(pos); | ||
| } | ||
|
|
||
| /// Get the current NIST SP800-38D counter value. | ||
| // TODO(tarcieri): implement `SyncStreamCipherSeek` | ||
| #[inline] | ||
| pub fn current_ctr(&self) -> u32 { | ||
| self.ctr.current_pos() | ||
| } |
There was a problem hiding this comment.
aes-gcm (the crate) presently relies on these APIs, although they could probably be replaced with SyncStreamCipherSeek
There was a problem hiding this comment.
If it's block position, then it can be simply computed by dividing byte position by block size. Though we probably can extend the seek trait with a method which would return this number right away. I also thought about exposing the block nature of stream ciphers, but I haven't found a good AP for it which would fit different backends and runtime detection for ChaCha.
There was a problem hiding this comment.
I'd previously opened RustCrypto/traits#336 to discuss this
|
I am not sure how to work around the compiler error issue. Making the |
|
Well, I took all measures I can think of to allow compiler to properly optimize the code, but we can't know for sure without properly measuring it. |
An attempt to define CTR mode generically. The approach is quite flexible and I think it can be even used with the
__m128itype (i.e. we will be able to reduce amount of copied code in theaescrate).But I get a weird compilation error when I try to define implementations of
generate_blockandloadmethods. Even though the default implementation works without problems, when I copy it to the concrete type (Ctr128BE) impl, I get an error which asks me to further restrictNwithDiv<U16>bound, even though it's already restricted byDiv<Self::Size>. Even copying the suggested bound does not resolve the issue, compiler suggests to add already existing bound. Looks like a bug in the compiler to me.UPD: The implementation got restricted back to 128-bit ciphers, probably until landing of const generics.