IETF Logo Mail Archive

Re: [Cfrg] ChaCha20 and Poly1305 for IPsec

Yoav Nir <ynir@checkpoint.com> Tue, 21 January 2014 21:54 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C15F61A03C0 for <cfrg@ietfa.amsl.com>; Tue, 21 Jan 2014 13:54:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.436
X-Spam-Level:
X-Spam-Status: No, score=-7.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FAzaGVI_zVNv for <cfrg@ietfa.amsl.com>; Tue, 21 Jan 2014 13:54:06 -0800 (PST)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 82DE21A024C for <cfrg@irtf.org>; Tue, 21 Jan 2014 13:54:06 -0800 (PST)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id s0LLrsrU026940; Tue, 21 Jan 2014 23:53:54 +0200
X-CheckPoint: {52DEE66E-0-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.110]) by IL-EX10.ad.checkpoint.com ([169.254.2.228]) with mapi id 14.03.0123.003; Tue, 21 Jan 2014 23:53:54 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Adam Langley <agl@google.com>
Thread-Topic: [Cfrg] ChaCha20 and Poly1305 for IPsec
Thread-Index: AQHPCjHEk17DdD0mQkqxUhltboUzx5p33c2AgABIH4CAAApZgIAADBaAgAAKHoCAA5kvAIATe2+AgAAV8gCAADAqgIAAD2qA
Date: Tue, 21 Jan 2014 21:53:53 +0000
Message-ID: <8CE7853F-0CA3-4295-89D4-CFAF1887C876@checkpoint.com>
References: <180998C7-B6E5-489E-9C79-80D9CAC0DE68@checkpoint.com> <CAL9PXLy9hrq+i_neP96FbTJRvRLbLEXnMYdBdwSeHunFAwF+jQ@mail.gmail.com> <A867BB8E-4556-44B1-A0AF-16771626BF5C@checkpoint.com> <52CB358D.3050603@cisco.com> <A6BDE08D-1F7D-4813-A9C4-61AF8C14412B@checkpoint.com> <52CB482D.6090807@cisco.com> <09031D92-9A14-4CF0-A000-123E71D4F784@checkpoint.com> <3861F1D4-B412-42BE-AE6C-FF5DE213854C@checkpoint.com> <CAL9PXLzgo5a2dk0JM-kWvawPhO1arpurcYSuqcffTWGdrCGY7A@mail.gmail.com> <301290EC-B31A-4B83-9F29-D00469EC6CB8@checkpoint.com>
In-Reply-To: <301290EC-B31A-4B83-9F29-D00469EC6CB8@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.21.60]
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: text/plain; charset="us-ascii"
Content-ID: <63A0DC45F0E004439D7C94A2705EA1E6@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: David McGrew <mcgrew@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] ChaCha20 and Poly1305 for IPsec
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2014 21:54:07 -0000

On Jan 21, 2014, at 10:58 PM, Yoav Nir <ynir@checkpoint.com> wrote:

> 
>> You've changed the AEAD by switching the length values from uint64le
>> to uint32be. Seems unnecessary.
> 
> I'll change it back. For some reason I thought AES-GCM for IPsec was like that, but looking again, I see that it isn't.

Looking into GCM, I see two other things:
 1. The lengths there are big-endian ("...a 64-bit string containing the nonnegative integer describing the number of bits in its argument, with the least significant bit on the right.")
 2. The lengths there are the number of bits, not bytes.

Big-endian always seemed to me to be more "natural" because most binary protocols transmit numbers that way, but I don't think there's any reason to count bits, is there?

Yoav

v2.23.0 | Report a Bug | By Email