Skip to content

Implement ChaCha20-Poly1305 Crypto Primitive #789

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
adrianosela wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Implement ChaCha20-Poly1305 Crypto Primitive #789

adrianosela wants to merge 1 commit into from

Conversation

@adrianosela
Copy link
Contributor

@adrianosela adrianosela commented Feb 2, 2026
edited
Loading

Implement ChaCha20-Poly1305 Crypto Primitive

Adds encrypt/decrypt with ChaCha20-Poly1305.

ChaCha20-Poly1305, CCM, and GCM are all AEAD based, so I've refactored the encrypt/decrypt logic into a generic aead implementation.

Also refactors all the common code in all the benchmark tests into helper functions benchmarkEncrypt and benchmarkDecrypt

The refactor also includes using buffer-pools for nonces for all of the ciphers... which comes with some nice side effects. Performance is neutral to slightly better for the refactored cipher implementations (CCM and GCM), and memory allocations per operation are reduced:

CCM:

  • Encrypt: 7 allocs (same as original)
  • Decrypt: 9 → 7 allocs (-2 allocations, -16 to -24 bytes)

GCM:

  • Encrypt: 4 → 3 allocs (-1 allocation, -16 bytes)
  • Decrypt: 3 → 2 allocs (-1 allocation, -16 bytes)

Note that the new ChaCha20-Poly1305 crypto primitive is currently unused. Next PR will add full cipher suite implementations (TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, etc...) which will make use of this code.

@codecov
Copy link

codecov bot commented Feb 2, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 89.10891% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.88%. Comparing base (9495bef) to head (8ed00b7).

Files with missing lines Patch % Lines
pkg/crypto/ciphersuite/ciphersuite.go 88.33% 6 Missing and 1 partial ⚠️
pkg/crypto/ciphersuite/chacha20poly1305.go 80.95% 2 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #789      +/-   ##
==========================================
+ Coverage   81.72%   81.88%   +0.16%     
==========================================
  Files         108      109       +1     
  Lines        6062     6072      +10     
==========================================
+ Hits         4954     4972      +18     
+ Misses        712      706       -6     
+ Partials      396      394       -2
Flag Coverage Δ
go 81.88% <89.10%> (+0.16%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@adrianosela adrianosela force-pushed the chacha20poly1305-ciphersuite branch 4 times, most recently from 55d3734 to 19ea7d2 Compare February 2, 2026 07:21
@adrianosela adrianosela force-pushed the chacha20poly1305-ciphersuite branch from 19ea7d2 to 8ed00b7 Compare February 2, 2026 07:27
@adrianosela adrianosela requested a review from theodorsm February 3, 2026 03:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sean-Der Sean-Der Awaiting requested review from Sean-Der

@JoTurk JoTurk Awaiting requested review from JoTurk

@theodorsm theodorsm Awaiting requested review from theodorsm

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adrianosela