New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add RFC 8439 ChaCha20 test vectors test #245
Add RFC 8439 ChaCha20 test vectors test #245
Conversation
As mentioned on #244, some of the test vectors are in the At this point I think we should just merge some PRs like this and #244 even if they duplicate test vectors in the It generally seems problematic that To answer your question:
Within the context of the ChaCha20Poly1305, the first 64-bytes of the ChaCha20 keystream are used as the Poly1305 key. |
Thanks, I appreciate the clarification. |
@philipr-za I believe the // The test vectors omit the first 64-bytes of the keystream
let mut prefix = [0u8; 64];
cipher.apply_keystream(&mut prefix) is needed because when you create the ChaCha Cypher, It is initialized with its counter equal to zero. Consuming the first 64 bytes produced by the Cypher causes the counter to be incremented by one, thus causing the state of the Cypher to match the tests in the rfc. |
Thanks, that makes perfect sense. I will leave it up you guys to decide whether this PR is worthwhile or not. By all means close it if those vectors are covered or you would like to handle it in a different way. |
I had to write a tool to dump the test vectors from blobby. I'm not sure one existed before? (cc @newpavlov) Anyway, here's what's in
So I think it's worth merging this and I guess then we can look at regenerating the |
While playing with your ChaCha20 implementation I noticed in my tests that I was not able to generate the correct result using the test vectors given in RFC 8439. So I thought I would write the tests to reproduce my problem in this PR.
However, while writing them I stumbled on this section of the XChaCha tests:
Adding this to my tests produced the correct results with the test vectors and I am not sure why this is needed. I don't see it mentioned in the RFC. So I wanted to ask why this prefix is needed for the test vectors to produce the correct cipher text? I thought I would contribute the RFC test vectors test during the process of asking.
Regards,
Philip