[IPsec] ChaCha20/Poly1305 padding (was: I-D Action: draft-ietf-ipsecme-chacha20-poly1305-01.txt)
Martin Willi <martin@strongswan.org> Wed, 01 April 2015 12:37 UTC
Return-Path: <martin@strongswan.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEF171A896D for <ipsec@ietfa.amsl.com>; Wed, 1 Apr 2015 05:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.411
X-Spam-Level: *
X-Spam-Status: No, score=1.411 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_ORG=0.611] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4zufAeu3DiEq for <ipsec@ietfa.amsl.com>; Wed, 1 Apr 2015 05:37:48 -0700 (PDT)
Received: from mail.strongswan.org (sitav-80046.hsr.ch [IPv6:2001:620:130:a080::46]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 264EF1A88D0 for <ipsec@ietf.org>; Wed, 1 Apr 2015 05:37:48 -0700 (PDT)
Received: from [192.168.1.118] (143.204.173.83.static.wline.lns.sme.cust.swisscom.ch [83.173.204.143]) by mail.strongswan.org (Postfix) with ESMTPSA id 45B5A401DA for <ipsec@ietf.org>; Wed, 1 Apr 2015 14:39:03 +0200 (CEST)
Message-ID: <1427891865.3514.16.camel@martin>
From: Martin Willi <martin@strongswan.org>
To: ipsec@ietf.org
Date: Wed, 01 Apr 2015 14:37:45 +0200
In-Reply-To: <20150331105545.775.28233.idtracker@ietfa.amsl.com>
References: <20150331105545.775.28233.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.10.4-0ubuntu2
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/nDn4ZXB-FK0ihYx8UG_OYFwKD1s>
Subject: [IPsec] ChaCha20/Poly1305 padding (was: I-D Action: draft-ietf-ipsecme-chacha20-poly1305-01.txt)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 12:37:53 -0000
Hi, In Section 2, draft-ietf-ipsecme-chacha20-poly1305-01 has the following text: > o Finally, the Poly1305 function is run on the data to be > authenticated, which is, as specified in section 2.7 of > [chacha_poly] a concatenation of the following in the below order: > > * The Authenticated Additional Data (AAD) - see Section 2.1. > * The AAD length in bytes as a 32-bit network order quantity. > * The ciphertext > * The length of the ciphertext as a 32-bit network order > quantity. First, I assume [chacha_poly] should be updated to draft-irtf-cfrg-chacha20-poly1305, where section 2.7 is now 2.8? draft-irtf-cfrg-chacha20-poly1305-10 2.8 defines AEAD construction for Poly1305 with padding and a final block with two 64-bit little endian length fields; in contrary to what is defined here. The GCM-like padding is certainly preferable, as it allows implementations to run four Poly1305 iterations on each ChaCha20 block. This is not only simpler, but allows parallel ChaCha20/Poly1305 processing without operating on partial blocks. Kind regards Martin
- [IPsec] I-D Action: draft-ietf-ipsecme-chacha20-p… internet-drafts
- [IPsec] ChaCha20/Poly1305 padding (was: I-D Actio… Martin Willi
- Re: [IPsec] ChaCha20/Poly1305 padding (was: I-D A… Yoav Nir