Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp442778pxb; Thu, 21 Jan 2021 10:41:28 -0800 (PST) X-Google-Smtp-Source: ABdhPJx7U18a7rUrbVLgvBcC4M4Rb8s/rIgOSBoiPxpsNggaOyo/4YadVQdxbEyjiFN3NZeDIWxI X-Received: by 2002:a50:fb96:: with SMTP id e22mr408715edq.118.1611254488731; Thu, 21 Jan 2021 10:41:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611254488; cv=none; d=google.com; s=arc-20160816; b=MiCBXUYH+yxhhCNeFN2lguFfzAhNm3hU5SNl1r4oRJfWsRqbW6Z2wvwc+eSEfjYPwl yrixc316Wgop6lkGhmXexlTwSDv0HSMJ1KdPKIrFg9C6qz4vzbeG2Ekip86bA80Vl8Vg 8+7kpSrx7KTEEKRXWjHK+cRMYD16zTYqAktHLBE6pvJjJy3I73ggjkqdy/Tt9BUKXNnh g1IgCr4Mypxoj31utKoTmveuCYmUqP1Zr/Ei913n3WU9qq9y4VJw99G0FryVcp6424n+ Q/1aRaetowwSKcS4UHrnlXkK3NAZTRUKaBI0xfXayHGPSqD23o23EYDNVi7ohFSqC4vw RUQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=gfKHhBWnllqV8aYIWdKy3xPP8GjYeDgbWRRf1nj3hU4=; b=iJbhd028ZneQX1vwjwtC2WBELD4SjH+CV3qls0Uk1/SgMzvzdFvL4EapW6s31Queia XKybPPLWUGohlxOQe0saON1c7hICOYPYaGhF+r2V45XIYXPR1n0VU5qauQ+ciyL9oec7 I7p861Y7zSSFEK90dGiph6BxaHNwbtl09jUK4mtcp8EMMlc1VJKCb+KcqVT5b4Y7dk6U N3pXmHRYpvZha2XyFKqk6n9igaSshtJOksNJE7WxlXPACc8XGKlt78utvouzvLSeZpLO V/zB46WrBy4ktpoU0DogggWw2B+i8IoIfK9shfbzRItNzhJUbULQ5gX33Npe0OfQrHqe juMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=A7bKNXnl; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y11si2629635edo.40.2021.01.21.10.40.57; Thu, 21 Jan 2021 10:41:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=A7bKNXnl; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726942AbhAUS0E (ORCPT + 99 others); Thu, 21 Jan 2021 13:26:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726071AbhAUSX6 (ORCPT ); Thu, 21 Jan 2021 13:23:58 -0500 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EED2EC06174A for ; Thu, 21 Jan 2021 10:23:17 -0800 (PST) Received: by mail-ej1-x62e.google.com with SMTP id g3so3995714ejb.6 for ; Thu, 21 Jan 2021 10:23:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=gfKHhBWnllqV8aYIWdKy3xPP8GjYeDgbWRRf1nj3hU4=; b=A7bKNXnlzmjGEhMCNFdKraWE2UinHp3+g53w92NXQw6D4HRmkYR1TamlhYy7hxhfqU JAa5o1DJKzhfcw0ySPsijksvbvKWhrNASWU0q5v+177wE+ZYEOhlmKfl/LQY/EKCgens 3/JBlLwZi20Tfk9nu+ToDUAZ8VGFY0EmUW3Gb/339DVq5QdZu5st2D3NTEIWDo5+ioa6 PL3iHZogxxP19ZLrXNSGmRbOYCiypwnDrDiFFxYms7bQnEtrZAPBjTw5ntt07AQuKDXx VD9aBRrtqPwuvAtSXJxkFe+Hy3cAPyd/pDPAfz0PGoeoKKh5jyPpovy3oNJHizSFi64x WK7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=gfKHhBWnllqV8aYIWdKy3xPP8GjYeDgbWRRf1nj3hU4=; b=nVVzqaWZE9hvJqSb6+dllTJrMUDMOquaZslS7BGr2+WosgoB1UOVb6ABZIHUsFuRFA VvbkoCCCpN+MUGyTfWSuaxvEots3jL1rBvpR8mV4FL88cuuSSfeA7fGiPW3Oor6cMdqG Jag5RuctRBffCUdSMt8QuLm8kmcEt8BIS2nLjA1qNT6YMKeAx5s0rTT6UN8tSxVKPEE5 ZGZ7dw7xqjRuj8/XuofwHbbkkA3GUA9ps06znoZN+ezm/L0cyurqaZzwSOxqaqJ1PzNg fh2bcoVNm3mzSYd6jVjZ8T86M90tArxc2q2Q99HgHk+QGhFv9c9SHl2kWRGkmq2rOUcS F1kQ== X-Gm-Message-State: AOAM530sSqHdCiB7if3l8OSvyRI4jPKXIxI4y8lRirCBtJjedt2IE6Zo ke2UZvFSrwL6MGIADVSr0zA= X-Received: by 2002:a17:906:3999:: with SMTP id h25mr538652eje.146.1611253396600; Thu, 21 Jan 2021 10:23:16 -0800 (PST) Received: from [192.168.2.27] (39.35.broadband4.iol.cz. [85.71.35.39]) by smtp.gmail.com with ESMTPSA id x9sm1144459eje.36.2021.01.21.10.23.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Jan 2021 10:23:16 -0800 (PST) Subject: Re: [PATCH 5/5] crypto: remove Salsa20 stream cipher algorithm To: Ard Biesheuvel , Eric Biggers , agk@redhat.com, Mike Snitzer , dm-devel@redhat.com, Mikulas Patocka Cc: Linux Crypto Mailing List , Herbert Xu References: <20210121130733.1649-1-ardb@kernel.org> <20210121130733.1649-6-ardb@kernel.org> From: Milan Broz Message-ID: <2f010ae0-b949-d9b8-c382-e02447b36166@gmail.com> Date: Thu, 21 Jan 2021 19:23:14 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 21/01/2021 19:09, Ard Biesheuvel wrote: > On Thu, 21 Jan 2021 at 19:05, Eric Biggers wrote: >> >> On Thu, Jan 21, 2021 at 02:07:33PM +0100, Ard Biesheuvel wrote: >>> Salsa20 is not used anywhere in the kernel, is not suitable for disk >>> encryption, and widely considered to have been superseded by ChaCha20. >>> So let's remove it. >>> >>> Signed-off-by: Ard Biesheuvel >>> --- >>> Documentation/admin-guide/device-mapper/dm-integrity.rst | 4 +- >>> crypto/Kconfig | 12 - >>> crypto/Makefile | 1 - >>> crypto/salsa20_generic.c | 212 ---- >>> crypto/tcrypt.c | 11 +- >>> crypto/testmgr.c | 6 - >>> crypto/testmgr.h | 1162 -------------------- >>> 7 files changed, 3 insertions(+), 1405 deletions(-) >>> >>> diff --git a/Documentation/admin-guide/device-mapper/dm-integrity.rst b/Documentation/admin-guide/device-mapper/dm-integrity.rst >>> index 4e6f504474ac..d56112e2e354 100644 >>> --- a/Documentation/admin-guide/device-mapper/dm-integrity.rst >>> +++ b/Documentation/admin-guide/device-mapper/dm-integrity.rst >>> @@ -143,8 +143,8 @@ recalculate >>> journal_crypt:algorithm(:key) (the key is optional) >>> Encrypt the journal using given algorithm to make sure that the >>> attacker can't read the journal. You can use a block cipher here >>> - (such as "cbc(aes)") or a stream cipher (for example "chacha20", >>> - "salsa20" or "ctr(aes)"). >>> + (such as "cbc(aes)") or a stream cipher (for example "chacha20" >>> + or "ctr(aes)"). >> >> You should check with the dm-integrity maintainers how likely it is that people >> are using salsa20 with dm-integrity. It's possible that people are using it, >> especially since the documentation says that dm-integrity can use a stream >> cipher and specifically gives salsa20 as an example. >> > > Good point - cc'ed them now. I would say - just remove it. I do not see any users, we do not even test this combination in userspace testsuite. It is just an example in doc. From my POV these stream crypto ciphers should be never used there (but cc to Mikulas, it was his patch :-) Milan