Comments (10)
@wzoet Thanks for the report. We originally implemented a much earlier version of the draft (actually it might have been a slightly different draft even), so it's not surprising that we're no longer compatible, but we certainly mean to address this.
from bc-csharp.
As @peterdettman notes, this will probably be due to bc-csharp not implementing the 96bit nonce/32 bit counter split in draft-nir-cfrg-chacha20-poly1305 (now draft-irtf-cfrg-chacha20-poly1305). I've implemented this for bc-java in bcgit/bc-java#108, so if/when that gets pulled I'll migrate the fu to bc-csharp.
This report is a little odd/concerning though - it'd be good to see a minimal test case demonstrating the problem to be sure - since ChaChaEngine can't actually execute the quoted test vector: it enforces a 64bit nonce (the test vector uses a 96 bit nonce) and the test vector requires the first block of output to be skipped (the Initial Block Counter = 1
bit, which requires skip support (this is already in bc-java, but also needs porting to bc-csharp).
from bc-csharp.
I found out I already subclassed the Salsa engine and updated it for 96bit nonce support and changed the block-assignment of it. I also added a property to set the initial blockcounter value. I guess I didn't look thorough enough when updating this code. I should have mentioned that.
The real problem is in processBytes And getKeyStream though.
ProcessBytes initializes a 128 byte array and uses it upon the plaintext.
I made that size dependent of the input length and added some extra bytes so it is now a multiplication of 64. After that this array can be 1-1 xorred with the plaintext.
The generateKeyStream method has to create enough blocks to fill the entire output array and not just two blocks as it does now.
I could post my customChaChaEngine class here together with my tests if you like, the tests are from the document I pointed out in my first post.
from bc-csharp.
@wzoet Apologies for the long delay on this. We did spend some time bringing ChaCha (and Salsa) up-to-date recently, including compatibility with test vectors from the latest draft descended from the one you mention (draft-ietf-tls-chacha20-poly1305-04). If you could quickly review the current state of things and see if you still see a problem here, it would be much appreciated.
from bc-csharp.
Hi,
Thanks for your reply and the effort to check into this.
I will check this in a few weeks when I have some more time. I will post back here.
Mvg,
Wim Zoet
Op 3 feb. 2016 om 17:49 heeft Peter Dettman <[email protected]mailto:[email protected]> het volgende geschreven:
@wzoethttps://github.com/wzoet Apologies for the long delay on this. We did spend some time bringing ChaCha (and Salsa) up-to-date recently, including compatibility with test vectors from the latest draft descended from the one you mention (draft-ietf-tls-chacha20-poly1305-04). If you could quickly review the current state of things and see if you still see a problem here, it would be much appreciated.
Reply to this email directly or view it on GitHubhttps://github.com//issues/33#issuecomment-179340373.
from bc-csharp.
Unfortunately, I am not yet able to use Tls.ChaCha20Poly1305 in my code.
This is because of lack of some example code to use this class. I need a TlsContext which I don't know how to create.
I did test the Chacha7539 engine. This produces the same chacha result as my code, but does not give me the opportunity to extract the poly1305 key in the process.
I included my own code. To use this code, I had to set the accessmodifier for engineState of SalsaEngine to protected and some methods in the Pack class had to be made public.
Do you have any exmples for this, perhaps based on the example code included?
from bc-csharp.
Getting back to this github issue after a busy period. I see you asked me to test the TLS version of the algorithm. My code is a conversion to a AEAD version: https://tools.ietf.org/html/rfc7539
from bc-csharp.
@wzoet I needed to get a version of this running, but was not ready to get it up to snuff for BC. However here is a pointer to my version https://github.com/cose-wg/cose-implementations/blob/master/csharp/COSE/ChaCha20Poly1305.cs
Note that there are a couple of different things, one of which is a reset of the key schedule that occurs after the first 128 bits are generated and an increment of the counter before starting encrypting the data. This might be your problem.
I also had to totally re-write poly1305 as the version did not match what is in the CFRG specification at all.
from bc-csharp.
@jimsch Thx for the input. i have it working in my code already, using an inherited salsa engine. Therefore I have no current need for solutions. Just wanted to point out that this part of the library was not producing right results for me and that an AEAD cipher is not present.
I rather use proven libraries in my projects than custom solutions which are hard to maintain.
from bc-csharp.
I'm assuming this issue is obsolete. Release 1.8.2 already brought Poly1305 into line with RFC 7539, and I don't think there were any problems with ChaCha20 itself.
from bc-csharp.
Related Issues (20)
- .NET 7.0 AOT CRASH HOT 2
- Some members are not available on .NET Full Fw >= 4.7 although they should
- Can SM2 signature verification be opened based on e (hash value) verification interface
- Probably bad encoding DerTaggedObject HOT 3
- Size of BouncyCastle library HOT 3
- SRP6 calculating M1, M2 incorrectly HOT 4
- itext7 - 'Pkcs12Store' exists in BouncyCastle.Crypto and BouncyCastle.Cryptography in c# HOT 1
- DefaultTlsServer TLS 1.2 Async Handshake Problems. HOT 1
- Support for ParamSets: TS26-B, TS26-C, TS26-D for GOST34.10-2012-256 HOT 2
- Convert Ed25519PrivateKeyParameters to X25519PrivateKeyParameters HOT 5
- DTLS fragmentation error? HOT 4
- Issues with ECC, S/MIME and BouncyCastle HOT 3
- Warning using Bouncy Castle v.2.3.0 HOT 3
- Release notes for v2.3.0 HOT 2
- SPHINCS+ key info encoding fails HOT 2
- SECG Key Agreement / Key Derivation functions not supported? HOT 3
- RSA/ECB/OAEPWithSHA-256AndMGF1Padding HOT 3
- Set Licence type expression on package info HOT 1
- Problem reading nested Octet Strings HOT 22
- Allow removal of "Version" header in PGP encryption HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bc-csharp.