Hi Herbert,
On Nov 15, 2007 9:18 AM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> Actually what I suggested is that you add a wrapper called
> salsa20 that then simply calls ctr(...) after constructing the IV.
I tried that but encountered a problem: what is the blocksize for the
underlying salsa20 expansion function. If 16 (block size of input)
then crypto_ctr_crypt_{inplace,segment} will be taking steps that are
too small. If 64 (block size of output) then we fail the ((noncesize +
ivsize + countersize) < alg->cra_blocksize) test in
crypto_crt_alloc(). It appears that ctr(salsa20,...) may not work or
am I missing something here?
> We don't really need to have two copies of the ctr code under crypto :)
Since I was unable to do ctr(salsa20,...) I simply let Bernstein's
original code handles the increment of the counter.
By the way, are there plans to collect the xor_{byte,quad,64,128}
functions into a common header, say include/crypto/xor_n.h? It would
be nice to have these common functions in a place where everyone can
use. Currently cbc, ctr, pcbc and xcbc each has their own
implementation. If it is useful to have such a header file, I can help
to put together it. (After all, I foresee that I will need them when
implementing other eSTREAM ciphers.)
Swee Heng
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
