-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kernel Module Request: CHACHA20POLY1305 #3836
Comments
This option adds ~30K of modules, which isn't too bad. What do others users need to do to make use of this? |
A user would need an IPSec IKE client or server depending on their use-case. I use the Pi as home-based VPN server so I can connect to my desktop and NAS while away. I use the Strongswan IKE server compiled from source on the Pi. The client is available on the Google and Apple apps stores. The Windows 10 native VPN client also works with it. |
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Thanks - see 9a1dd17. |
Thanks - have pulled the update and confirmed modules now included in the build. |
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
kernel: dtoverlay updates for i2c0 config raspberrypi/linux#3833 kernel: dtoverlay: composite option for vc4-kms-v3d-pi4 raspberrypi/linux#3833 kernel: configs: Enable CHACHA20POLY1305=m See: raspberrypi/linux#3836 kernel: staging/fbtft: Add support for display variant kernel: overlays: Add adafruit18 and sainsmart18 overlays kernel: ARM: dts: Limit BT modem baud rate on 3B firmware: platform: Add support for SCB clock and set to 250MHz firmware: Revert arm_loader: Move first call to set_turbo after arm->start
kernel: dtoverlay updates for i2c0 config raspberrypi/linux#3833 kernel: dtoverlay: composite option for vc4-kms-v3d-pi4 raspberrypi/linux#3833 kernel: configs: Enable CHACHA20POLY1305=m See: raspberrypi/linux#3836 kernel: staging/fbtft: Add support for display variant kernel: overlays: Add adafruit18 and sainsmart18 overlays kernel: ARM: dts: Limit BT modem baud rate on 3B firmware: platform: Add support for SCB clock and set to 250MHz firmware: Revert arm_loader: Move first call to set_turbo after arm->start
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Please add the following kernel modules to the build in order to support the CHACHA20POLY1305 ESP crypto algorithm for IPSec connections:
chacha20poly1305
chacha_generic
poly1305_generic
These modules are configured with the CONFIG_CRYPTO_CHACHA20POLY1305 kernel build option
Justification: IPSec encapsulated security protocol (ESP) crypto is carried out by the Linux kernel itself. AES used to be the de-facto standard IPSec encryption algorithm but the newer CHACHA20-POLY1305 AEAD algorithm is supplanting AES for mobile and low power devices such as the RPI which lack hardware instruction support for AES. CHACHA20-POLY1305 has a smaller processor demand than AES which should give higher bandwidth.
I've complied the modules locally (branch 5.4.y) and confirmed they are used with a Strongswan configured IPSec VPN tunnel which otherwise cannot be opened when using a CHACHA20-POLY1305 ESP configuration
The text was updated successfully, but these errors were encountered: