From: "Tan Swee Heng" Subject: Re: [PATCH 2/2] salsa20_i586: Salsa20 stream cipher algorithm (i586 version) Date: Sun, 9 Dec 2007 02:13:40 +0800 Message-ID: References: <20071205214947.GA20246@Chamillionaire.breakpoint.cc> <20071207184432.GE24292@Chamillionaire.breakpoint.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit To: "Sebastian Siewior" , "Tan Swee Heng" , "Herbert Xu" , "Linux Crypto" Return-path: Received: from wr-out-0506.google.com ([64.233.184.235]:61185 "EHLO wr-out-0506.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751319AbXLHSNl (ORCPT ); Sat, 8 Dec 2007 13:13:41 -0500 Received: by wr-out-0506.google.com with SMTP id c49so881748wra for ; Sat, 08 Dec 2007 10:13:40 -0800 (PST) In-Reply-To: <20071207184432.GE24292@Chamillionaire.breakpoint.cc> Content-Disposition: inline Sender: linux-crypto-owner@vger.kernel.org List-ID: Hi Sebastian, On Dec 8, 2007 2:44 AM, Sebastian Siewior wrote: > >The keysetup() should be the same as the C version... except that I've > >previously modified the C version to use key length in bytes while the > >assembly version uses bits! :-) I could change the C code back. But I > >personally prefer to use the assembly version since it was distributed > >as a "self-contained and complete solution" in Bernstein's > >"salsa20.s". > I would go for the smaller files. That's why merged the AES code > earlier. I've seen your good work with the AES code. But I will stick with the assembly version for the time being... at least until I've done the Salsa x86-64 version and perhaps a few more eSTREAM ciphers. > I would not mind modifing the source code for the greated good :) Should > you make a mistake than the test vectors should detect them. Test vectors are great for catching general bugs (wrong S-box entry, wrong transformation, etc) but they can be weak at boundary conditions (an extra byte mistakenly written at the end of the output buffer) and against malicious intent (malicious code added without breaking crypto). Since I don't expect people to trust a newbie like me, I'd rather stick to not modifying the original assembly code too much. :-) > After all, you modified the C version and s/keysize/bits. With hindsight, I wish I had not modified the keysize bits in the C version. It was the source of a bug while I was writing up the i586 patch (I forgot to multiply keylen by 8). So I may revert them eventually to make them consistent with the assembly version. :-) Swee Heng