Re: [TLS] chacha/poly interop?

Joachim Strömbergson <joachim@secworks.se> Fri, 16 September 2016 09:13 UTC

Return-Path: <joachim@secworks.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32C9D12B2E5 for <tls@ietfa.amsl.com>; Fri, 16 Sep 2016 02:13:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cgRW9EN6W9sZ for <tls@ietfa.amsl.com>; Fri, 16 Sep 2016 02:13:29 -0700 (PDT)
Received: from mail.frobbit.se (mail.frobbit.se [IPv6:2a02:80:3ffe::176]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9925E12B2C3 for <tls@ietf.org>; Fri, 16 Sep 2016 02:13:29 -0700 (PDT)
Received: from Knubbis.local (unknown [80.252.219.34]) by mail.frobbit.se (Postfix) with ESMTPSA id ACF2121263; Fri, 16 Sep 2016 11:13:26 +0200 (CEST)
Message-ID: <57DBB7B4.2030603@secworks.se>
Date: Fri, 16 Sep 2016 11:13:24 +0200
From: =?UTF-8?B?Sm9hY2hpbSBTdHLDtm1iZXJnc29u?= <joachim@secworks.se>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: David Benjamin <davidben@chromium.org>
References: <ffd74054d64047cd9dfebc6e9fd6bc19@usma1ex-dag1mb1.msg.corp.akamai.com> <CAH8yC8nqiV-YKr7URdRozhtoWpDgCPhDgoPjE99iZw5Ct1Om+g@mail.gmail.com> <CAF8qwaCcVxRh_9UFUgbs5KJfyGEC5vtoCpV6i-6oH3qAVfqP=A@mail.gmail.com>
In-Reply-To: <CAF8qwaCcVxRh_9UFUgbs5KJfyGEC5vtoCpV6i-6oH3qAVfqP=A@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/SMkzImctH0r1jJHzrYfedIz7UzY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] chacha/poly interop?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2016 09:13:33 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!


David Benjamin wrote:
> TLS-ChaCha is actually RFC 7539 which comes with its own test
> vectors and isn't TLS-specific.
> 
> Our implementation matches RFC 7539 and seems to match the one test 
> vector I tried too. Note that that draft includes a number of things 
> like 128-bit keys and 8 or 12 rounds which are not applicable. The
> test vector whose answer begins "0x76 0xb8 0xe0 0xad 0xa0" is the one
> you want.

Also worth noting is that in RFC 7539, ChaCha has 96 bit IV/nonce and 32
bit counter instead of a 64 bit IV and 64 bit counter. The 32 extra IV
bits are used to initialize the state in the same way as 32 bits in the
counter. So its a simple matter of mapping the IV bits to the counter
bits and chacha will match the test vectors in RFC 7539. It tripped me
up when integrating the ChaCha core into my RFC 7539 ChaCha20_Poly1305 core.

https://github.com/secworks/chacha
https://github.com/secworks/ChaCha20-Poly1305

Note: the chacha-poly1305 core is not completed yet.
- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim@secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIbBAEBCAAGBQJX27e0AAoJEF3cfFQkIuyNERkP9j+Dp71dbqKIBEYkcW8dOMUv
RbHDfg9vRAelOyvSppOjXu3bSoNUNg2qC7KJEfY85SZERXSsLUTBzQIzinRRx33K
2HacSqSR0TmhhWThziDADOMpPoFAWyRrjVAXWTj4oThHZ4B8yM3lCC6bF+WuNiJz
JiiYLc8BvQqdGOMhyuoACpd7b12Dm25nbRcXFUUTZOBnIMhjevBPhUzLj/EQuWkS
oDQ/3F3g33AFE0zUmZNMbkHcmkr9A5jWGOW7NbhqcifLl+llp9o8J2EFw2daF7nE
jrwMmalUJu4s9vlvW0Md9N8TSHEPOWUxDpoCs+6slxwHFEK+0HmOHnYsMLJMoQs9
C6dUNsCeOA1N6jmw+40TveE597YkmEqvOgz0RG3XxIIRX2S0F9OSjgYdw4taPWJ6
7Zoc7YblNifbdyB+HT6T5udlBgGLvk8EzrIklVzDwLtOljy4Ryd4HDMF6/3jJh6W
v/QVhoOkXecglriU95SgNipBousTvID+hxrHaCq4BqlMtojI4Buyv76mMRGLRXpZ
lIiJOuJ4iM1xCZ58YiNaTU++jIqml0TX7YgEW7ZvbPP0nXaJ7xaW0tBYk9ho/Q/7
zLMZWIXr/bbaycAuJ8k6our0HCphh0kg/AN/F8FAvUL7xD4nM/Zn9ATVjHR+LyTv
iX0edtmGXGJ6KJBzEio=
=ERLC
-----END PGP SIGNATURE-----