Joachim Strömbergson joachim@secworks.se writes:

I'm looking at the source for Salsa20 and notice that there are separate versions for Salsa20 with 20 rounds and Salsa20 with 12 rounds (with specific r12 function names).

Would it be possible to instead add the given number of rounds to the context?

Nettle is slowly moving away from the style of a context struct including fields which differentiate between variants of an algorithm.

If such a salsa20 context is convenient for you, you could easily define your own context struct as

struct salsa20_any_ctx { struct salsa20_ctx ctx; unsigned nrounds; };

But you'd also need a variant of salsa20_crypt, say salsa20r_crypt, which takes the number of rounds as argument, so you could define

void salsa20_any_crypt (struct salsa20_any_ctx *ctx, ...) { salsa20r_crypt (&ctx->ctx, ctx->nrounds, ...); }

To add such a function has been discussed earlier, but it has not been added because there was no clear use case for it. If you want to experiment, you can write one based on salsa20_crypt and salsa20r12.

The internal function _salsa20_core does take the number of rounds as an argument. I can't say, without checking the various implementations of that function (C, x86_64 and arm), which values besides 12 and 20 really work.

Regards, /Niels