On Tue, 12 May 2020 14:44:45 +0200 Tobias Heider <tobias.hei...@stusta.de> wrote:
> Hi, > > thanks for the diff! > > > SipHash and ChaCha20Poly1305 are already available in the kernel. > > The only modification here is add the short and simple chapoly AEAD > > construction alongside the existing AE one. > > At first glance, I think you could use the crypto framework > implementation for the chacha20-poly1305 AEAD construction (see > sys/net/cryptosoft.c:swcr_authenc). An example for how it is used can > be found in netinet/ip_esp.c Hi Tobias, Yes, that is a good suggestion and we did look into that during development. However, for the time being I think the patch better provides for our needs. The patch is only ~210 lines (130:.c,80:.h), and doesn't just include our aead chapoly, but also xchapoly which is required by the WireGuard protocol and allows us to use random nonces, currently not provided by swcr_authenc. Additionally, as far as I'm aware, the cryptosoft only runs in a single threaded taskq, while with calling the raw functions allows us to crypt packets in parallel. Finally, we wanted this patchset to be as auditable as possible, so having the chapoly patch allows people to verify as easily as possible that this is doing what we want. So yes, for integration with the crypto(9) system, perhaps one day after working through the above, but for the time being I don't see it as a barrier to continuing development. Thanks for the feedback! Matt