[dpdk-dev] [RFC] Chacha20 Poly1305 Support

Trahe, Fiona fiona.trahe at intel.com
Wed Oct 9 17:48:56 CEST 2019

Previous message: [dpdk-dev] [RFC] Chacha20 Poly1305 Support
Next message: [dpdk-dev] [RFC] Chacha20 Poly1305 Support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Arek,

------
From: Kusztal, ArkadiuszX 
Sent: Wednesday, October 9, 2019 9:30 AM
To: dev at dpdk.org
Cc: akhil.goyal at nxp.com; Zhang, Roy Fan <roy.fan.zhang at intel.com>; Shally Verma <shallyv at marvell.com>; Trahe, Fiona <fiona.trahe at intel.com>; Anoob Joseph <anoobj at marvell.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch at intel.com>; Doherty, Declan <declan.doherty at intel.com>; tdu at semihalf.com
Subject: [RFC] Chacha20 Poly1305 Support

Hi,

due to increasing interest of crypto protocols in Chacha20-Poly1305 algorithm I would like to start discussion about adding it to cryptodev.
I would suggest adding something like:

@@ -348,6 +348,8 @@ enum rte_crypto_aead_algorithm {
             /**< AES algorithm in CCM mode. */
             RTE_CRYPTO_AEAD_AES_GCM,
             /**< AES algorithm in GCM mode. */
+            RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+            /**< Chacha20 encryption cipher with poly1305 authenticator */


In 'iv offset' of aead xform
+                           * - For Chacha20-Poly1305 it is 96-bit nonce. Initial counter
+                           * value for Chacha20 encryption is set by PMD to 1, meanwhile
+                            * for Poly1305 is set to 0 as per rfc7539 2.8. AEAD construction.
[Fiona] I'd suggest moving initial counter description to next line as separate from nonce.
And as Poly1305 is used twice in the procedure, maybe reword as:
PMD sets initial counter for Poly1305 key generation part to 0 and for Chacha20 encryption 
to 1 as per rfc7539 2.8. AEAD construction.

In 'iv length' of aead xform
+                           * - For Chacha20-Poly1305 this field is always 12.

It is AEAD instead of cipher + auth as rfc7539 explicitly specifies initial counters to one and zero with AEAD construction, which is not done
for Chacha and Poly separately. If in future someone would like to add these algorithms to cipher and auth enums additional field that holds initial counter
should be added as well.

I have tested it with openssl pmd implementation I have created for test purposes (Chacha Poly is supported since OpenSSL 1.1.0 version) which I may attach if needed.

(Sorry if I have not included someone in cc, please cc any interested person)

Regards,
Arek

Previous message: [dpdk-dev] [RFC] Chacha20 Poly1305 Support
Next message: [dpdk-dev] [RFC] Chacha20 Poly1305 Support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list