New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is second test vector valid? #11
Comments
I see the problem. You're calling the AEAD interface in both places. The second test vector is for XChaCha20 itself ( |
I wonder if including the raw keystream prior to encryption would make this easier to troubleshoot. |
Sounds like a good idea to me. |
57a8ce2 should make it easier to prevent this in the future. Anyone who is about to retrace the same steps will have to notice that the keystream seems to be offset from what the test vectors provide, which should be a dead giveaway that they're using the AEAD interface for both test vectors. |
xchacha-rfc/draft-arciszewski-xchacha-rfc-03.txt Lines 565 to 569 in 0e3b53d
Thanks @philanc for reporting this issue. 👍 |
I ran the test vectors with Libsodium (1.0.16) and Monocypher (2.0.5)
For test in section A.3.1. AEAD_XCHACHA20_POLY1305, I got the expected result.
For test in section A.3.2. XChaCha20 (plaintext: "The dhole...", I got a different result (same result with Libsodium and Monocypher):
The text was updated successfully, but these errors were encountered: