[dm-devel] [PATCH 5/5] crypto: remove Salsa20 stream cipher algorithm

Mike Snitzer snitzer at redhat.com
Thu Jan 21 18:20:35 UTC 2021 

On Thu, Jan 21 2021 at  1:09pm -0500,
Ard Biesheuvel <ardb at kernel.org> wrote:

> On Thu, 21 Jan 2021 at 19:05, Eric Biggers <ebiggers at kernel.org> wrote:
> >
> > On Thu, Jan 21, 2021 at 02:07:33PM +0100, Ard Biesheuvel wrote:
> > > Salsa20 is not used anywhere in the kernel, is not suitable for disk
> > > encryption, and widely considered to have been superseded by ChaCha20.
> > > So let's remove it.
> > >
> > > Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> > > ---
> > >  Documentation/admin-guide/device-mapper/dm-integrity.rst |    4 +-
> > >  crypto/Kconfig                                           |   12 -
> > >  crypto/Makefile                                          |    1 -
> > >  crypto/salsa20_generic.c                                 |  212 ----
> > >  crypto/tcrypt.c                                          |   11 +-
> > >  crypto/testmgr.c                                         |    6 -
> > >  crypto/testmgr.h                                         | 1162 --------------------
> > >  7 files changed, 3 insertions(+), 1405 deletions(-)
> > >
> > > diff --git a/Documentation/admin-guide/device-mapper/dm-integrity.rst b/Documentation/admin-guide/device-mapper/dm-integrity.rst
> > > index 4e6f504474ac..d56112e2e354 100644
> > > --- a/Documentation/admin-guide/device-mapper/dm-integrity.rst
> > > +++ b/Documentation/admin-guide/device-mapper/dm-integrity.rst
> > > @@ -143,8 +143,8 @@ recalculate
> > >  journal_crypt:algorithm(:key)        (the key is optional)
> > >       Encrypt the journal using given algorithm to make sure that the
> > >       attacker can't read the journal. You can use a block cipher here
> > > -     (such as "cbc(aes)") or a stream cipher (for example "chacha20",
> > > -     "salsa20" or "ctr(aes)").
> > > +     (such as "cbc(aes)") or a stream cipher (for example "chacha20"
> > > +     or "ctr(aes)").
> >
> > You should check with the dm-integrity maintainers how likely it is that people
> > are using salsa20 with dm-integrity.  It's possible that people are using it,
> > especially since the documentation says that dm-integrity can use a stream
> > cipher and specifically gives salsa20 as an example.
> >
> 
> Good point - cc'ed them now.
> 

No problem here, if others don't find utility in salsa20 then
dm-integrity certainly isn't the hold-out.

Acked-by:  Mike Snitzer <snitzer at redhat.com>

Mike

More information about the dm-devel mailing list