eSTREAM in Linux: Salsa20

It was pointed out by Herbert Xu that I could achieve what I want with eSTREAM ciphers simply by using the blkcipher interface. The estream.c and stream.c were entirely redundant. So I gave his suggestion a try and it worked for Salsa20! The patch is available on this page. This approach is much more elegant and does not disturb the existing “ecosystem”.

I’ve renamed the posts’ title to “eSTREAM in Linux: <algo name>” as I am now submitting one patch for each cipher. Seems more sensible this way.

PS: It was also suggested to me that Salsa20 can also be implemented as ctr(salsa20,0,16,8) where ctr is the counter mode template and salsa20 is the Salsa20 expansion function. Initially I thought it was possible too but when I read through ctr.c, I realize I can’t specify the block size of the Salsa20 expansion function. Should it be the 16 (blocksize of input) or 64 (blocksize of output)? If 16, then crypto_ctr_crypt_{segment,inplace} will be walking in steps smaller than the output block size; if 64, then the test for ((noncesize + ivsize + countersize) < alg->cra_blocksize) will trigger an error.

PS (19 Nov): This is commit 9ea2097f7339a03cb149c70b512f755cf0a529da in the kernel now.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: