Page MenuHomeFreeBSD

Add Chacha20-Poly1305 as a KTLS cipher suite.
ClosedPublic

Authored by jhb on Dec 30 2020, 12:51 AM.

Details

Summary

Chacha20-Poly1305 for TLS is an AEAD cipher suite for both TLS 1.2 and
TLS 1.3 (RFCs 7905 and 8446). For both versions, Chacha20 uses the
server and client IVs as implicit nonces xored with the record
sequence number to generate the per-record nonce matching the
construction used with AES-GCM for TLS 1.3.

Test Plan

Tested with pure software openssl s_client on a host and KTLS-enabled openssl s_server in a VM using chacha20 ciphers with both TLS 1.2 and TLS 1.3.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 35781
Build 32670: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Dec 30 2020, 12:51 AM
jhb added a reviewer: gallatin.
This revision is now accepted and ready to land.Jan 7 2021, 4:33 PM
This revision now requires review to proceed.Feb 17 2021, 10:26 PM
This revision was not accepted when it landed; it landed in state Needs Review.Feb 18 2021, 5:55 PM
This revision was automatically updated to reflect the committed changes.