Page MenuHomeFreeBSD

Add an implementation of CHACHA20_POLY1035 to cryptosoft.
ClosedPublic

Authored by jhb on Dec 30 2020, 12:50 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 21, 8:21 PM
Unknown Object (File)
Wed, Nov 20, 10:24 PM
Unknown Object (File)
Fri, Nov 15, 2:07 PM
Unknown Object (File)
Thu, Nov 14, 1:51 PM
Unknown Object (File)
Oct 25 2024, 11:21 AM
Unknown Object (File)
Sep 24 2024, 6:21 PM
Unknown Object (File)
Sep 24 2024, 6:21 PM
Unknown Object (File)
Sep 24 2024, 6:21 PM
Subscribers

Details

Summary

This uses the chacha20 IETF and poly1305 implementations from
libsodium. A seperate auth_hash is created for the auth side whose
Setkey method derives the poly1305 key from the AEAD key and nonce as
described in RFC 8439.

Test Plan
  • tested via cryptocheck

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.Dec 30 2020, 12:50 AM

The make-bits and other integration look fine. I didn't have time to verify the meat of the implementation (and probably won't).

This revision was not accepted when it landed; it landed in state Needs Review.Feb 18 2021, 5:55 PM
This revision was automatically updated to reflect the committed changes.

Hi John,

did you plan add chacha20-poly1305 support into IPsec? It seems there are needed some changes in the xform_esp.c related to IV, can you take a look at this not yet finished patch?
https://people.freebsd.org/~ae/ipsec-chacha.diff

In D27837#650093, @ae wrote:

Hi John,

did you plan add chacha20-poly1305 support into IPsec? It seems there are needed some changes in the xform_esp.c related to IV, can you take a look at this not yet finished patch?
https://people.freebsd.org/~ae/ipsec-chacha.diff

I do not currently have any plans to add chacha for IPsec myself, but I'm happy to have it added. One thing I don't understand in the current diff is why you add an auth algorithm for chacha20? It should be ESP-only and an AEAD like AES-GCM and AES-CCM?