fridex
commented
8 years ago According to sources, there are implemented "rfc7539esp" and ""rfc7539", which cover "rfc7539esp(chacha20,poly1305)" and ""rfc7539(chacha20,poly1305)". I expect memory organization to be different than AES-GCM in crypto API.
[1] https://tools.ietf.org/html/rfc7539 [2] http://lxr.free-electrons.com/source/crypto/chacha20poly1305.c
Currently only AES-GCM is supported from the TLS 1.2 ciphersuites. A new ciphersuite is defined in RFC7905 the chacha20-poly1305 which is used in several places where the AES-GCM performance is unsatisfactory. It would be good for af-ktls to support the chacha20-poly1305 ciphersuite.