Re: [PATCH 0/9] crypto: Add ChaCha20-Poly1305 AEAD support for IPsec

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 01, 2015 at 01:43:55PM +0200, Martin Willi wrote:
> This is a first version of a patch series implementing the ChaCha20-Poly1305
> AEAD construction defined in RFC7539. It is based on the current cryptodev tree.
> 
> The first two patches implement the ChaCha20 cipher, the second two the Poly1305
> authenticator, both in portable C for all architectures. Patch 5 and 6
> provide an AEAD construction using the two cipher primitives, named rfc7539.
> 
> Patch 7 and 8 add a variant of the same AEAD that uses additional key material
> as a nonce to shorten the explicit IV to 8 bytes, as defined for use in IPsec
> in draft-ietf-ipsecme-chacha20-poly1305. The last patch exposes that AEAD
> to IPsec users.
> 
> I don't expect any technical changes to draft-ietf-ipsecme-chacha20-poly1305,
> but we don't have an RFC name yet to reference the AEAD. We therefore simply
> name it rfc7539esp, but other suggestions are welcome.
> 
> The AEAD uses the crypto_nivaead_type to make it available to IPsec. However,
> I was unable to run test vectors against this type of AEAD on cryptodev, but
> I've verified the vectors against the same AEAD using crypto_aead_type.
> Additionally IPsec traffic has been tested against our userland ESP backend in
> strongSwan.
> 
> On my x64_64 test setup the IPsec throughput is ~700Mbits/s with these portable
> drivers. Architecture specific drivers subject to a future patchset can improve
> performance, for example with SSE doubling performance is feasible.

All applied.  Thanks a lot!
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux