Kernel Module Request: CHACHA20POLY1305 #3836
Comments
|
This option adds ~30K of modules, which isn't too bad. What do others users need to do to make use of this? |
|
A user would need an IPSec IKE client or server depending on their use-case. I use the Pi as home-based VPN server so I can connect to my desktop and NAS while away. I use the Strongswan IKE server compiled from source on the Pi. The client is available on the Google and Apple apps stores. The Windows 10 native VPN client also works with it. |
pelwell
added a commit
that referenced
this issue
Sep 7, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
|
Thanks - see 9a1dd17. |
|
Thanks - have pulled the update and confirmed modules now included in the build. |
pelwell
added a commit
that referenced
this issue
Sep 11, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
pelwell
added a commit
that referenced
this issue
Sep 11, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
pelwell
added a commit
that referenced
this issue
Sep 11, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Sep 11, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
added a commit
to raspberrypi/firmware
that referenced
this issue
Sep 11, 2020
kernel: dtoverlay updates for i2c0 config raspberrypi/linux#3833 kernel: dtoverlay: composite option for vc4-kms-v3d-pi4 raspberrypi/linux#3833 kernel: configs: Enable CHACHA20POLY1305=m See: raspberrypi/linux#3836 kernel: staging/fbtft: Add support for display variant kernel: overlays: Add adafruit18 and sainsmart18 overlays kernel: ARM: dts: Limit BT modem baud rate on 3B firmware: platform: Add support for SCB clock and set to 250MHz firmware: Revert arm_loader: Move first call to set_turbo after arm->start
popcornmix
added a commit
to Hexxeh/rpi-firmware
that referenced
this issue
Sep 11, 2020
kernel: dtoverlay updates for i2c0 config raspberrypi/linux#3833 kernel: dtoverlay: composite option for vc4-kms-v3d-pi4 raspberrypi/linux#3833 kernel: configs: Enable CHACHA20POLY1305=m See: raspberrypi/linux#3836 kernel: staging/fbtft: Add support for display variant kernel: overlays: Add adafruit18 and sainsmart18 overlays kernel: ARM: dts: Limit BT modem baud rate on 3B firmware: platform: Add support for SCB clock and set to 250MHz firmware: Revert arm_loader: Move first call to set_turbo after arm->start
popcornmix
pushed a commit
that referenced
this issue
Sep 15, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Sep 15, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Sep 15, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Sep 28, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Sep 28, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Oct 2, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Oct 7, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Oct 7, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Oct 12, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Oct 16, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Oct 19, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Oct 19, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Oct 29, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Nov 4, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Nov 4, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Nov 9, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Nov 17, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Nov 23, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Nov 30, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Dec 7, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Dec 14, 2020
Enable the CHACHA20 cipher, a high-performance AES alternative, and the POLY1305 authentication algorithm. Together they make up RFC-7539. Can be used to run the strongSwan Open Source VPN server and client. See: #3836 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please add the following kernel modules to the build in order to support the CHACHA20POLY1305 ESP crypto algorithm for IPSec connections:
chacha20poly1305
chacha_generic
poly1305_generic
These modules are configured with the CONFIG_CRYPTO_CHACHA20POLY1305 kernel build option
Justification: IPSec encapsulated security protocol (ESP) crypto is carried out by the Linux kernel itself. AES used to be the de-facto standard IPSec encryption algorithm but the newer CHACHA20-POLY1305 AEAD algorithm is supplanting AES for mobile and low power devices such as the RPI which lack hardware instruction support for AES. CHACHA20-POLY1305 has a smaller processor demand than AES which should give higher bandwidth.
I've complied the modules locally (branch 5.4.y) and confirmed they are used with a Strongswan configured IPSec VPN tunnel which otherwise cannot be opened when using a CHACHA20-POLY1305 ESP configuration
The text was updated successfully, but these errors were encountered: