Hello,
Not sure how to reach to the authors/contributors involved in ChaChaPoly implementation. So, sending this here. Please redirect as appopriate.
I am implementing "GO" utility (using gopacket) for decrypting
IPsec ESP tunnel packets that are encrypted using ChachPoly. For my
testing, I used the RFC7634 (Appendix A) example. I believe my code is
correct, and still I continue to get "message authentication failed"
error message.
I am dumping everything on screen and validated (manually) that the
information (key, nonce, AAD and ciphertext) is correct (or rather as
expected for RFC7634 ESP example)
Who do you think can help me with this?
Here is the relevant code snippet -
key = append(key, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92,
0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d,
0x9e, 0x9f)
/* nonce is 32 bit salt and 64 bit IV */
nonce = append(nonce, 0xa0, 0xa1, 0xa2, 0xa3)
nonce = append(nonce, esp.Encrypted[0], esp.Encrypted[1],esp.Encrypted[2],esp.Encrypted[3])
nonce = append(nonce, esp.Encrypted[4], esp.Encrypted[5],esp.Encrypted[6],esp.Encrypted[7])
aead, err := chacha20poly1305.New(key[:])
binary.BigEndian.PutUint32(aad, esp.SPI)
binary.BigEndian.PutUint32(aad[4:], esp.Seq)
plainText, err = aead.Open(nil, nonce, esp.Encrypted, aad)
Really appreciate any help on this.
Thanks,
Deepak.