Re: [quicwg/base-drafts] Example of ChaCha20-Poly1305 (#3712)

Martin Thomson <> Tue, 02 June 2020 10:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6D9C23A07BE for <>; Tue, 2 Jun 2020 03:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.983
X-Spam-Status: No, score=-0.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, PDS_BTC_ID=0.5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UBT-0o54drcf for <>; Tue, 2 Jun 2020 03:13:48 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3574C3A07B1 for <>; Tue, 2 Jun 2020 03:13:48 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 78E0766045A for <>; Tue, 2 Jun 2020 03:13:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1591092827; bh=YxPlMzbidXGX8N0cP7CtMr7j74NW0PZrDmETMnlaInU=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=su4ne1PSWJ1GgLa4HfM9/NiaYYUK5hQbQcma3xbgcPFqcEAyuq9IXU8tFKrG8nheh 1IJ0xuWpQLjp0eYVojV7KKONyinlgQHQ3oEnVwGL3fdsBiCS2kNe3fYA8UtMZ/cYQl HnGxBiRWVUUYGUrizvRCw20sSxILzGcNUxM5RezA=
Date: Tue, 02 Jun 2020 03:13:47 -0700
From: Martin Thomson <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/3712/review/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Example of ChaCha20-Poly1305 (#3712)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ed6265b69e23_49303f975f8cd9682373e2"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Jun 2020 10:13:49 -0000

@martinthomson commented on this pull request.

> +      73573685608597d0efcb076b0ab7a7a4
+ku  = HKDF-Expand-Label(server_initial_secret, "quic ku", _, 32)
+    = 1223504755036d556342ee9361d25342
+      1a826c9ecdf3c7148684b36b714881f9
+The following shows the steps involved in protecting a minimal packet with an
+empty Destination Connection ID. This packet contains a single HANDSHAKE_DONE
+frame (that is, a payload of just 0x1e) and has a packet number of 0. In this
+example, a packet number of length 3 is used to avoid having to pad the payload
+of the packet; PADDING frames would be needed if the packet number is encoded
+on fewer octets.
+pn                 = 0

This packet was from me reading the logs of our implementation, which sends HANDSHAKE_DONE in packet 0.  But I decided that it might be better to make this reproducible, and it wasn't THAT hard to write some JS.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: