AnsweredAssumed Answered

CHACHA20_POLY1305

Question asked by tlussnig on Oct 5, 2015
Latest reply on Nov 3, 2015 by tlussnig

Hi,

 

i try to ad the CHACHA Suites that are supported by Google Chrome to Java as an JCE/JSSE Provider.

My Problem is that i have an Working CHACHA20 and an working POLY1305 class  (CipherSpi /  MacSpi).

Now when i try to combine them to the AEAD_CHACHA20_POLY1305 i do not get it working with Chrome.

I found 4 locations in the internet that define this AEAD cipher but the problem is thy differently construct the

Data used to build the MAC. Can anyone tell me what implementation is used in chrome?

 

Since there is an check for the suites supported on this page maybe someone know how the basic are working.

 

http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04

https://tools.ietf.org/html/draft-mavrogiannopoulos-chacha-tls-02

 

https://tools.ietf.org/html/rfc7539

-> mac_data = aad | pad16(aad)

   mac_data |= ciphertext | pad16(ciphertext)

   mac_data |= num_to_4_le_bytes(aad.length)

   mac_data |= num_to_4_le_bytes(ciphertext.length)

   tag = poly1305_mac(mac_data, otk)

http://www.ietf.org/proceedings/88/slides/slides-88-tls-1.pdf

-> TAG = Poly1305(A || len(A) || S || len(S))

Outcomes