On Mon, Sep 12, 2016 at 7:35 PM Jeffrey Walton <noloa...@gmail.com> wrote:
> On Wed, Dec 9, 2015 at 8:02 PM, Salz, Rich <rs...@akamai.com> wrote: > > OpenSSL just landed our chacha/poly implementation into master. We pass > the > > RFC test vectors, looking for other implementations to test against. > > Sorry to dig up an old thread.... > > I tested against Bernstein/ECRYPT ChaCha and test vectors from > http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors. > TLS-ChaCha > <http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors.TLS-ChaCha> > does not inter-operate with ChaCha. > > The name should probably be disambiguated somehow. > TLS-ChaCha is actually RFC 7539 which comes with its own test vectors and isn't TLS-specific. Our implementation matches RFC 7539 and seems to match the one test vector I tried too. Note that that draft includes a number of things like 128-bit keys and 8 or 12 rounds which are not applicable. The test vector whose answer begins "0x76 0xb8 0xe0 0xad 0xa0" is the one you want. Were you perhaps using the 128-bit key test vector? RFC 7539 doesn't use that mode. It doesn't seem even be described in the paper, though it is in the reference implementation. (Looks like the constants change and you put two copies of the key in.) David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
