Page MenuHomeFreeBSD

Add an implementation of CHACHA20_POLY1035 to cryptosoft.
ClosedPublic

Authored by jhb on Dec 30 2020, 12:50 AM.

Details

Summary

This uses the chacha20 IETF and poly1305 implementations from
libsodium. A seperate auth_hash is created for the auth side whose
Setkey method derives the poly1305 key from the AEAD key and nonce as
described in RFC 8439.

Test Plan
  • tested via cryptocheck

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 35779
Build 32668: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Dec 30 2020, 12:50 AM

The make-bits and other integration look fine. I didn't have time to verify the meat of the implementation (and probably won't).

This revision was not accepted when it landed; it landed in state Needs Review.Feb 18 2021, 5:55 PM
This revision was automatically updated to reflect the committed changes.

Hi John,

did you plan add chacha20-poly1305 support into IPsec? It seems there are needed some changes in the xform_esp.c related to IV, can you take a look at this not yet finished patch?
https://people.freebsd.org/~ae/ipsec-chacha.diff

In D27837#650093, @ae wrote:

Hi John,

did you plan add chacha20-poly1305 support into IPsec? It seems there are needed some changes in the xform_esp.c related to IV, can you take a look at this not yet finished patch?
https://people.freebsd.org/~ae/ipsec-chacha.diff

I do not currently have any plans to add chacha for IPsec myself, but I'm happy to have it added. One thing I don't understand in the current diff is why you add an auth algorithm for chacha20? It should be ESP-only and an AEAD like AES-GCM and AES-CCM?