After more experiments with the Linux kernel CryptoAPI, I find that the eSTREAM ciphers are a misfit. (This statement is not quite right as explained in the postscript at the end of this post.) The problem is that eSTREAM ciphers require a call to setiv() but cipher_alg and cipher_tfm do not provide such a callback.
The setiv() call is important for eSTREAM ciphers as most of them use it to mix the IV into their key expansion. This is very different from general block ciphers where the IV is handled at the “mode of operation” level and does not affect the cipher’s key expansion.
So I created a new crypto_type called crypto_estream_type (and the associated *_alg and *_tfm) to address the needs of eSTREAM ciphers. These patches (available here) pass the tcrypt regression test and seem to capture the semantics of eSTREAM ciphers better. Currently I am discussing with the veterans on firstname.lastname@example.org whether this is the right approach.
PS (14 Nov): I realized today that dm-crypt.c uses crypto_cipher directly so my patches will not work with dm-crypt. Bummer!
PS (15 Nov): Herbert Xu pointed out that I can achieve what I want to do using the blkcipher interface instead of the cipher interface. There is really no need for a new crypto_type. I think he is right so I will be giving it a try. (Note: Herbert is the current maintainer of the APIs and he developed many of these interfaces so he knows them much better than I do.)