crypto: Fix K1/K2 use in ChaCha20-Poly1305 AEAD #22331

pull dhruv wants to merge 1 commits into bitcoin:master from dhruv:15649-followups changing 2 files +5 −4
  1. dhruv commented at 4:52 PM on June 23, 2021: member

    BIP324 mentions K1 is used for the associated data and K2 is used for the payload. The code does the opposite. This is not a security problem but will be a problem across implementations based on the HKDF key derivations.

    BIP324 author Jonas Schnelli thinks a code update will be better than a BIP update.

    If this PR is merged:

    • We need to update the test vector 3 in BIP324
  2. [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD
    BIP324 mentions K1 is used for the associated data and K2 is used for
the payload. The code does the opposite. This is not a security problem
but will be a problem across implementations based on the HKDF key
derivations.
    cd37356ff9
  3. DrahtBot added the label Utils/log/libs on Jun 23, 2021
  4. benthecarman commented at 5:46 PM on June 23, 2021: contributor

    Concept ACK

  5. DrahtBot commented at 7:50 PM on June 23, 2021: member

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #20962 (Alter the ChaCha20Poly1305@Bitcoin AEAD to the new specification by jonasschnelli)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  6. fanquake requested review from jonasschnelli on Jun 24, 2021
  7. theStack commented at 10:32 AM on June 24, 2021: member

    Concept ACK

  8. jonasschnelli commented at 8:30 AM on August 11, 2021: contributor

    utACK cd37356ff9a1a3c2365c4fe3c716d1ca74185d73

  9. jonasschnelli removed review request from jonasschnelli on Aug 11, 2021
  10. fanquake renamed this:
    [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD
    crypto: Fix K1/K2 use in ChaCha20-Poly1305 AEAD
    on Aug 18, 2021
  11. fanquake merged this on Aug 19, 2021
  12. fanquake closed this on Aug 19, 2021
  13. sidhujag referenced this in commit 1ca38972fc on Aug 20, 2021
  14. laanwj referenced this in commit f41aa81c99 on Oct 21, 2021
  15. dhruv added this to the "Done" column in a project
  16. sidhujag referenced this in commit 3457504d34 on Oct 21, 2021
  17. kittywhiskers referenced this in commit 359d945703 on Nov 1, 2021
  18. kittywhiskers referenced this in commit df06dfa435 on Nov 3, 2021
  19. pravblockc referenced this in commit 00486f7c1e on Nov 18, 2021
  20. DrahtBot locked this on Aug 19, 2022
Contributors
dhruvbenthecarmanDrahtBottheStackjonasschnelli
Labels
Utils/log/libs
Linked (view graph)
#15649 Add ChaCha20Poly1305@Bitcoin AEAD#23271 crypto: Fix K1/K2 use in the comments in ChaCha20-Poly1305 AEAD#27634 BIP324 tracking issue
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-02 18:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me