On 27 December 2016 at 15:36, Jeffrey Walton <noloader@xxxxxxxxx> wrote: >> ChaCha20 is a stream cipher described in RFC 7539, and is intended to be >> an efficient software implementable 'standby cipher', in case AES cannot >> be used. > > That's not quite correct. > > The IETF changed the algorithm a bit, and its not compatible with > Bernstein's ChaCha. They probably should have differentiated the name > to avoid this sort of confusion. > > You can find Bernstein's specification for ChaCha at > https://cr.yp.to/chacha.html, and the test vectors for Bernstein's > specification at > http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors. > Thanks for the clarification. However, this should not affect the content of the patches: they simply reimplement in ARM SIMD what the kernel already knows as "chacha20", which is the IETF derivative rather than djb's original. I will mention this in the cover letter of the next respin (given that I need to respin these anyway) -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html