crypto: Add support for the XChaCha20-Poly1305 AEAD cipher.
ClosedPublic
Actions

Authored by jhb on Dec 17 2021, 12:10 AM.

Details

Reviewers

markj

Group Reviewers

manpages

Commits

rG8f35841f1f35: crypto: Add support for the XChaCha20-Poly1305 AEAD cipher.

Summary

This cipher is a wrapper around the ChaCha20-Poly1305 AEAD cipher
which accepts a larger nonce. Part of the nonce is used along with
the key as an input to HChaCha20 to generate a derived key used for
ChaCha20-Poly1305.

This cipher is used by WireGuard.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.Dec 17 2021, 12:10 AM

Herald added a reviewer: manpages. · View Herald TranscriptDec 17 2021, 12:10 AM

Herald added subscribers: jmg, imp. · View Herald Transcript

jhb requested review of this revision.Dec 17 2021, 12:10 AM

Harbormaster completed remote builds in B43431: Diff 100180.Dec 17 2021, 12:10 AM

jhb added a parent revision: D33522: crypto.ko: Add hchacha20 from libsodium..Dec 17 2021, 12:10 AM

jhb added a child revision: D33524: crypto: Add a simple API for [X]ChaCha20-Poly1035 on flat buffers..

This does not include cryptocheck support as OpenSSL does not include XChaCha20 (and specifically it does not include HChaCha20).

In theory ossl(4) could support XChaCha20-Poly1305 by using the HChaCha20 routine from libsodium to compute the derived key. However, WireGuard (the only expected consumer of this cipher) will most likely not use OCF but use the enc_xform directly (or a wrapper, see D33524), so patching ossl(4) probably isn't worth it.