Add an implementation of CHACHA20_POLY1035 to cryptosoft.
ClosedPublic
Actions

Authored by jhb on Dec 30 2020, 12:50 AM.

Details

Reviewers

jmg
cem

Commits

rGd5cbcae312e7: Add an implementation of CHACHA20_POLY1305 to cryptosoft.
rGdd2e1352b68a: Add an implementation of CHACHA20_POLY1305 to cryptosoft.

Summary

This uses the chacha20 IETF and poly1305 implementations from
libsodium. A seperate auth_hash is created for the auth side whose
Setkey method derives the poly1305 key from the AEAD key and nonce as
described in RFC 8439.

Test Plan

tested via cryptocheck

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.Dec 30 2020, 12:50 AM

Herald added a reviewer: jmg. · View Herald TranscriptDec 30 2020, 12:50 AM

Herald added a subscriber: imp. · View Herald Transcript

jhb requested review of this revision.Dec 30 2020, 12:50 AM

Harbormaster completed remote builds in B35779: Diff 81353.Dec 30 2020, 12:50 AM

jhb added a parent revision: D27836: Add an OCF algorithm for ChaCha20-Poly1035 AEAD..Dec 30 2020, 12:50 AM

jhb added a child revision: D27838: cryptocheck: Add Chacha20-Poly1305 AEAD coverage..

jhb added a reviewer: cem.Dec 30 2020, 12:59 AM

jhb added a subscriber: gallatin.

jhb edited the test plan for this revision. (Show Details)Dec 30 2020, 1:02 AM

The make-bits and other integration look fine. I didn't have time to verify the meat of the implementation (and probably won't).

This revision was not accepted when it landed; it landed in state Needs Review.Feb 18 2021, 5:55 PM

Closed by commit rGdd2e1352b68a: Add an implementation of CHACHA20_POLY1305 to cryptosoft. (authored by jhb). · Explain Why

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rGdd2e1352b68a: Add an implementation of CHACHA20_POLY1305 to cryptosoft..

Hi John,

did you plan add chacha20-poly1305 support into IPsec? It seems there are needed some changes in the xform_esp.c related to IV, can you take a look at this not yet finished patch?
https://people.freebsd.org/~ae/ipsec-chacha.diff

In D27837#650093, @ae wrote:

Hi John,

did you plan add chacha20-poly1305 support into IPsec? It seems there are needed some changes in the xform_esp.c related to IV, can you take a look at this not yet finished patch?
https://people.freebsd.org/~ae/ipsec-chacha.diff

I do not currently have any plans to add chacha for IPsec myself, but I'm happy to have it added. One thing I don't understand in the current diff is why you add an auth algorithm for chacha20? It should be ESP-only and an AEAD like AES-GCM and AES-CCM?

jhb added a commit: rGd5cbcae312e7: Add an implementation of CHACHA20_POLY1305 to cryptosoft..Oct 21 2021, 5:07 PM