Re: [TLS] chacha/poly interop?
David Benjamin <davidben@chromium.org> Tue, 13 September 2016 00:10 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B90412B15A for <tls@ietfa.amsl.com>; Mon, 12 Sep 2016 17:10:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.207
X-Spam-Level:
X-Spam-Status: No, score=-4.207 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.508, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EvchXgMRTTct for <tls@ietfa.amsl.com>; Mon, 12 Sep 2016 17:10:19 -0700 (PDT)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 263BC12B04E for <tls@ietf.org>; Mon, 12 Sep 2016 17:10:19 -0700 (PDT)
Received: by mail-oi0-x22b.google.com with SMTP id m11so345872755oif.1 for <tls@ietf.org>; Mon, 12 Sep 2016 17:10:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RX03A6gjO412hYEoUdgjhbNGXsp0syTG4R1Edwt+JlM=; b=GdzLVI0wCQCYXOwblG3h/H0M91x7URoARsl42CiSCuQXoJVhPNBBSx/LM4GXuifKbV dPRRzfL0LPzHm+JGMbRAawlwvSNfEUViX1KBHR/g73+0VTbQXp8OTC7R0NzJf0/mYxgg VtFEAFy9hN8pz5D4caHiwsuiRHxHTZhNt079k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RX03A6gjO412hYEoUdgjhbNGXsp0syTG4R1Edwt+JlM=; b=ZntYGc5TvmizA0JYCNngLuGbgWtUuF/7Puj6FdzCyXYKmwhMVTbcuLizM/a0OWg9CL RGNjYUd+vHkajHKfH66FV8rF2+YQ2hHD8qa4I5asBB+cIJGiHtn83orM0qP2Ifa/lDEi gHqsVMdIGkUSOFkHM4EgKdsZHTdzvljFEIZoVCiFbRgN7lYF58ZJUfItLMMfphTIrReN 2QA0oq1dRQTpOevZ23LgHCggF08Tc4oJ5DxkznEZHzl8EHHt3N7YIKTkUb1iDfrsLjBs 4bN6mo/wn3Fuxu0RiRaFyv9Mpj0TZFsXEClkWr6+nMXC3+Lyh4rmsrIeD9D74jomkEwE Tebw==
X-Gm-Message-State: AE9vXwNbM3whdd8QHq/MCyRMG+vNZT9o2qbGtza2lSr7fm2CAF0/XjPhS9S7PamA2lRC41DdfMpmcziM23XO3RQL
X-Received: by 10.157.39.8 with SMTP id r8mr24384101ota.103.1473725418372; Mon, 12 Sep 2016 17:10:18 -0700 (PDT)
MIME-Version: 1.0
References: <ffd74054d64047cd9dfebc6e9fd6bc19@usma1ex-dag1mb1.msg.corp.akamai.com> <CAH8yC8nqiV-YKr7URdRozhtoWpDgCPhDgoPjE99iZw5Ct1Om+g@mail.gmail.com>
In-Reply-To: <CAH8yC8nqiV-YKr7URdRozhtoWpDgCPhDgoPjE99iZw5Ct1Om+g@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Tue, 13 Sep 2016 00:10:08 +0000
Message-ID: <CAF8qwaCcVxRh_9UFUgbs5KJfyGEC5vtoCpV6i-6oH3qAVfqP=A@mail.gmail.com>
To: noloader@gmail.com, "Salz, Rich" <rsalz@akamai.com>
Content-Type: multipart/alternative; boundary="001a113ac4580f3ff6053c587025"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rLlMAXtkZvjM4T8BCx1bxSdKSVc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] chacha/poly interop?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2016 00:10:21 -0000
On Mon, Sep 12, 2016 at 7:35 PM Jeffrey Walton <noloader@gmail.com> wrote: > On Wed, Dec 9, 2015 at 8:02 PM, Salz, Rich <rsalz@akamai.com> wrote: > > OpenSSL just landed our chacha/poly implementation into master. We pass > the > > RFC test vectors, looking for other implementations to test against. > > Sorry to dig up an old thread.... > > I tested against Bernstein/ECRYPT ChaCha and test vectors from > http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors. > TLS-ChaCha > <http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors.TLS-ChaCha> > does not inter-operate with ChaCha. > > The name should probably be disambiguated somehow. > TLS-ChaCha is actually RFC 7539 which comes with its own test vectors and isn't TLS-specific. Our implementation matches RFC 7539 and seems to match the one test vector I tried too. Note that that draft includes a number of things like 128-bit keys and 8 or 12 rounds which are not applicable. The test vector whose answer begins "0x76 0xb8 0xe0 0xad 0xa0" is the one you want. Were you perhaps using the 128-bit key test vector? RFC 7539 doesn't use that mode. It doesn't seem even be described in the paper, though it is in the reference implementation. (Looks like the constants change and you put two copies of the key in.) David
- [TLS] chacha/poly interop? Salz, Rich
- Re: [TLS] chacha/poly interop? David Benjamin
- Re: [TLS] chacha/poly interop? Hubert Kario
- Re: [TLS] chacha/poly interop? Nikos Mavrogiannopoulos
- Re: [TLS] chacha/poly interop? Jeffrey Walton
- Re: [TLS] chacha/poly interop? David Benjamin
- Re: [TLS] chacha/poly interop? Jeffrey Walton
- Re: [TLS] chacha/poly interop? Joachim Strömbergson