DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [RFC] Chacha20 Poly1305 Support
@ 2019-10-09  8:29 Kusztal, ArkadiuszX
  2019-10-09 15:48 ` Trahe, Fiona
  0 siblings, 1 reply; 3+ messages in thread
From: Kusztal, ArkadiuszX @ 2019-10-09  8:29 UTC (permalink / raw)
  To: dev
  Cc: akhil.goyal, Zhang, Roy Fan, Shally Verma, Trahe, Fiona,
	Anoob Joseph, De Lara Guarch, Pablo, Doherty, Declan, tdu

Hi,

due to increasing interest of crypto protocols in Chacha20-Poly1305 algorithm I would like to start discussion about adding it to cryptodev.
I would suggest adding something like:

@@ -348,6 +348,8 @@ enum rte_crypto_aead_algorithm {
             /**< AES algorithm in CCM mode. */
             RTE_CRYPTO_AEAD_AES_GCM,
             /**< AES algorithm in GCM mode. */
+            RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+            /**< Chacha20 encryption cipher with poly1305 authenticator */


In 'iv offset' of aead xform
+                           * - For Chacha20-Poly1305 it is 96-bit nonce. Initial counter
+                           * value for Chacha20 encryption is set by PMD to 1, meanwhile
+                            * for Poly1305 is set to 0 as per rfc7539 2.8. AEAD construction.

In 'iv length' of aead xform
+                           * - For Chacha20-Poly1305 this field is always 12.

It is AEAD instead of cipher + auth as rfc7539 explicitly specifies initial counters to one and zero with AEAD construction, which is not done
for Chacha and Poly separately. If in future someone would like to add these algorithms to cipher and auth enums additional field that holds initial counter
should be added as well.

I have tested it with openssl pmd implementation I have created for test purposes (Chacha Poly is supported since OpenSSL 1.1.0 version) which I may attach if needed.

(Sorry if I have not included someone in cc, please cc any interested person)

Regards,
Arek

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [RFC] Chacha20 Poly1305 Support
  2019-10-09  8:29 [dpdk-dev] [RFC] Chacha20 Poly1305 Support Kusztal, ArkadiuszX
@ 2019-10-09 15:48 ` Trahe, Fiona
  2019-10-16 10:57   ` Kusztal, ArkadiuszX
  0 siblings, 1 reply; 3+ messages in thread
From: Trahe, Fiona @ 2019-10-09 15:48 UTC (permalink / raw)
  To: Kusztal, ArkadiuszX, dev
  Cc: akhil.goyal, Zhang, Roy Fan, Shally Verma, Anoob Joseph,
	De Lara Guarch, Pablo, Doherty, Declan, tdu, Trahe, Fiona

Hi Arek,

------
From: Kusztal, ArkadiuszX 
Sent: Wednesday, October 9, 2019 9:30 AM
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>; Shally Verma <shallyv@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>; Anoob Joseph <anoobj@marvell.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Doherty, Declan <declan.doherty@intel.com>; tdu@semihalf.com
Subject: [RFC] Chacha20 Poly1305 Support

Hi,

due to increasing interest of crypto protocols in Chacha20-Poly1305 algorithm I would like to start discussion about adding it to cryptodev.
I would suggest adding something like:

@@ -348,6 +348,8 @@ enum rte_crypto_aead_algorithm {
             /**< AES algorithm in CCM mode. */
             RTE_CRYPTO_AEAD_AES_GCM,
             /**< AES algorithm in GCM mode. */
+            RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+            /**< Chacha20 encryption cipher with poly1305 authenticator */


In 'iv offset' of aead xform
+                           * - For Chacha20-Poly1305 it is 96-bit nonce. Initial counter
+                           * value for Chacha20 encryption is set by PMD to 1, meanwhile
+                            * for Poly1305 is set to 0 as per rfc7539 2.8. AEAD construction.
[Fiona] I'd suggest moving initial counter description to next line as separate from nonce.
And as Poly1305 is used twice in the procedure, maybe reword as:
PMD sets initial counter for Poly1305 key generation part to 0 and for Chacha20 encryption 
to 1 as per rfc7539 2.8. AEAD construction.

In 'iv length' of aead xform
+                           * - For Chacha20-Poly1305 this field is always 12.

It is AEAD instead of cipher + auth as rfc7539 explicitly specifies initial counters to one and zero with AEAD construction, which is not done
for Chacha and Poly separately. If in future someone would like to add these algorithms to cipher and auth enums additional field that holds initial counter
should be added as well.

I have tested it with openssl pmd implementation I have created for test purposes (Chacha Poly is supported since OpenSSL 1.1.0 version) which I may attach if needed.

(Sorry if I have not included someone in cc, please cc any interested person)

Regards,
Arek

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [RFC] Chacha20 Poly1305 Support
  2019-10-09 15:48 ` Trahe, Fiona
@ 2019-10-16 10:57   ` Kusztal, ArkadiuszX
  0 siblings, 0 replies; 3+ messages in thread
From: Kusztal, ArkadiuszX @ 2019-10-16 10:57 UTC (permalink / raw)
  To: Trahe, Fiona, dev
  Cc: akhil.goyal, Zhang, Roy Fan, Shally Verma, Anoob Joseph,
	De Lara Guarch, Pablo, Doherty, Declan, tdu

Hi Fiona,

Thanks for your feedback,
> 
> Hi,
> 
> due to increasing interest of crypto protocols in Chacha20-Poly1305
> algorithm I would like to start discussion about adding it to cryptodev.
> I would suggest adding something like:
> 
> @@ -348,6 +348,8 @@ enum rte_crypto_aead_algorithm {
>              /**< AES algorithm in CCM mode. */
>              RTE_CRYPTO_AEAD_AES_GCM,
>              /**< AES algorithm in GCM mode. */
> +            RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
> +            /**< Chacha20 encryption cipher with poly1305 authenticator
> +*/
> 
> 
> In 'iv offset' of aead xform
> +                           * - For Chacha20-Poly1305 it is 96-bit
> +nonce. Initial counter
> +                           * value for Chacha20 encryption is set by
> +PMD to 1, meanwhile
> +                            * for Poly1305 is set to 0 as per rfc7539 2.8. AEAD
> construction.
> [Fiona] I'd suggest moving initial counter description to next line as separate
> from nonce.
> And as Poly1305 is used twice in the procedure, maybe reword as:
> PMD sets initial counter for Poly1305 key generation part to 0 and for
> Chacha20 encryption to 1 as per rfc7539 2.8. AEAD construction.
[Arek] - Yes, we can reword it this way.
[Arek] - rfc7539 is obsoleted by rfc8439 so " as per rfc8439", no additional changes are necessary due to this fact.
> 
> In 'iv length' of aead xform
> +                           * - For Chacha20-Poly1305 this field is always 12.
> 
> It is AEAD instead of cipher + auth as rfc7539 explicitly specifies initial
> counters to one and zero with AEAD construction, which is not done for
> Chacha and Poly separately. If in future someone would like to add these
> algorithms to cipher and auth enums additional field that holds initial
> counter should be added as well.
> 
> I have tested it with openssl pmd implementation I have created for test
> purposes (Chacha Poly is supported since OpenSSL 1.1.0 version) which I may
> attach if needed.
> 
> (Sorry if I have not included someone in cc, please cc any interested person)
> 
> Regards,
> Arek

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-10-16 10:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-09  8:29 [dpdk-dev] [RFC] Chacha20 Poly1305 Support Kusztal, ArkadiuszX
2019-10-09 15:48 ` Trahe, Fiona
2019-10-16 10:57   ` Kusztal, ArkadiuszX

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).