crypto: Fix K1/K2 use in ChaCha20-Poly1305 AEAD #22331

pull dhruv wants to merge 1 commits into bitcoin:master from dhruv:15649-followups changing 2 files +5 −4
  1. dhruv commented at 4:52 PM on June 23, 2021: contributor

    BIP324 mentions K1 is used for the associated data and K2 is used for the payload. The code does the opposite. This is not a security problem but will be a problem across implementations based on the HKDF key derivations.

    BIP324 author Jonas Schnelli thinks a code update will be better than a BIP update.

    If this PR is merged:

    • We need to update the test vector 3 in BIP324
  2. [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD
    BIP324 mentions K1 is used for the associated data and K2 is used for
the payload. The code does the opposite. This is not a security problem
but will be a problem across implementations based on the HKDF key
derivations.
    cd37356ff9
  3. dhruv cross-referenced this on Jun 23, 2021 from issue Add ChaCha20Poly1305@Bitcoin AEAD by jonasschnelli
  4. DrahtBot added the label Utils/log/libs on Jun 23, 2021
  5. benthecarman commented at 5:46 PM on June 23, 2021: contributor

    Concept ACK

  6. DrahtBot commented at 7:50 PM on June 23, 2021: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #20962 (Alter the ChaCha20Poly1305@Bitcoin AEAD to the new specification by jonasschnelli)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  7. DrahtBot cross-referenced this on Jun 24, 2021 from issue Alter the ChaCha20Poly1305@Bitcoin AEAD to the new specification by jonasschnelli
  8. fanquake requested review from jonasschnelli on Jun 24, 2021
  9. theStack commented at 10:32 AM on June 24, 2021: contributor

    Concept ACK

  10. jonasschnelli commented at 8:30 AM on August 11, 2021: contributor

    utACK cd37356ff9a1a3c2365c4fe3c716d1ca74185d73

  11. jonasschnelli removed review request from jonasschnelli on Aug 11, 2021
  12. fanquake renamed this:
    [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD
    crypto: Fix K1/K2 use in ChaCha20-Poly1305 AEAD
    on Aug 18, 2021
  13. fanquake merged this on Aug 19, 2021
  14. fanquake closed this on Aug 19, 2021
  15. sidhujag referenced this in commit 1ca38972fc on Aug 20, 2021
  16. stratospher cross-referenced this on Oct 13, 2021 from issue crypto: Fix K1/K2 use in the comments in ChaCha20-Poly1305 AEAD by stratospher
  17. laanwj referenced this in commit f41aa81c99 on Oct 21, 2021
  18. dhruv added this to the "Done" column in a project
  19. sidhujag referenced this in commit 3457504d34 on Oct 21, 2021
  20. kwvg referenced this in commit 359d945703 on Nov 1, 2021
  21. kwvg referenced this in commit df06dfa435 on Nov 3, 2021
  22. pravblockc referenced this in commit 00486f7c1e on Nov 18, 2021
  23. bitcoin locked this on Aug 19, 2022
Contributors
dhruvbenthecarmanDrahtBottheStackjonasschnelli
Labels
Utils/log/libs
Linked (view graph)
#15649 Add ChaCha20Poly1305@Bitcoin AEAD#23271 crypto: Fix K1/K2 use in the comments in ChaCha20-Poly1305 AEAD#27634 BIP324 tracking issue
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:53 UTC