Page MenuHomeFreeBSD

Add an implementation of CHACHA20_POLY1035 to cryptosoft.
ClosedPublic

Authored by jhb on Dec 30 2020, 12:50 AM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 22 2024, 11:51 PM
Unknown Object (File)
Feb 11 2024, 6:16 AM
Unknown Object (File)
Feb 11 2024, 6:16 AM
Unknown Object (File)
Feb 10 2024, 5:57 PM
Unknown Object (File)
Feb 10 2024, 5:45 PM
Unknown Object (File)
Feb 2 2024, 7:46 AM
Unknown Object (File)
Dec 26 2023, 9:38 PM
Unknown Object (File)
Dec 20 2023, 8:07 AM
Subscribers

Details

Summary

This uses the chacha20 IETF and poly1305 implementations from
libsodium. A seperate auth_hash is created for the auth side whose
Setkey method derives the poly1305 key from the AEAD key and nonce as
described in RFC 8439.

Test Plan
  • tested via cryptocheck

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.Dec 30 2020, 12:50 AM

The make-bits and other integration look fine. I didn't have time to verify the meat of the implementation (and probably won't).

This revision was not accepted when it landed; it landed in state Needs Review.Feb 18 2021, 5:55 PM
This revision was automatically updated to reflect the committed changes.

Hi John,

did you plan add chacha20-poly1305 support into IPsec? It seems there are needed some changes in the xform_esp.c related to IV, can you take a look at this not yet finished patch?
https://people.freebsd.org/~ae/ipsec-chacha.diff

In D27837#650093, @ae wrote:

Hi John,

did you plan add chacha20-poly1305 support into IPsec? It seems there are needed some changes in the xform_esp.c related to IV, can you take a look at this not yet finished patch?
https://people.freebsd.org/~ae/ipsec-chacha.diff

I do not currently have any plans to add chacha for IPsec myself, but I'm happy to have it added. One thing I don't understand in the current diff is why you add an auth algorithm for chacha20? It should be ESP-only and an AEAD like AES-GCM and AES-CCM?