Closed JaehaerysNL closed 2 years ago
See passepartoutvpn/passepartoutkit#40
Apologies for posting a duplicate, I specifically used the search term ChaCha and GitHub yielded nothing, so I thought there was no other, but then I did not filter the tunnelkit repo..
Hello!
I wish to request support for the usage of "CHACHA20-POLY1305" as an OpenVPN data cipher.
Why?
ChaCha20Poly1305 is an authenticated encryption (AEAD) scheme that combines ChaChaTLS and Poly1305. The scheme uses the IETF versions of the ciphers because it is defined in RFC 8439, ChaCha20 and Poly1305 for IETF Protocols. The scheme is somewhat unique because it pairs a stream cipher with an authenticator (most authenticated encryption modes pair a block cipher).
ChaCha Poly is a modern cipher and today often used for mobile devices, this is because mobile devices lack the AES-NI (acceleration) instructions that desktop processors with AMD and Intel possess, resulting in lower speeds when using AES (in particular when in AEAD GCM mode) The following above is why WireGuard implements it as it's default (and currently, only) cipher.
Adding support for ChaCha20-Poly1305 would give these devices access to a cipher that doesn't require AES-NI to be fast.
I've tried to import ovpn files with data cipher set to ChaCha but it falls back to CBC / HMAC when it reads the file, which led me to assume ChaCha was not supported yet. ** Yes, tested for servers which have been confirmed to support ChaCha server side.
If you have any comments or additional questions please let me know.
Kind regards and enjoy your day.