RFC7634 and go implementation of ChachaPoly AEAD

77 views
Skip to first unread message

Deepak Dandekar

unread,
Sep 22, 2021, 4:27:30 PM9/22/21
to golang-nuts
Hello,

Not sure how to reach to the authors/contributors involved in ChaChaPoly implementation. So, sending this here. Please redirect as appopriate.

I am implementing "GO" utility (using gopacket) for decrypting
IPsec ESP tunnel packets  that are encrypted using ChachPoly. For my
testing, I used the RFC7634 (Appendix A) example. I believe my code is
correct, and still I continue to get "message authentication failed"
error message.

I am dumping everything on screen and validated (manually) that the
information (key, nonce, AAD and ciphertext) is correct (or rather as
expected for RFC7634 ESP example)

Who do you think can help me with this?

Here is the relevant code snippet -

key = append(key, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92,
0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d,
0x9e, 0x9f)

    /* nonce is 32 bit salt and 64 bit IV */
    nonce = append(nonce, 0xa0, 0xa1, 0xa2, 0xa3)
    nonce = append(nonce, esp.Encrypted[0], esp.Encrypted[1],esp.Encrypted[2],esp.Encrypted[3])
    nonce = append(nonce, esp.Encrypted[4], esp.Encrypted[5],esp.Encrypted[6],esp.Encrypted[7])

    aead, err := chacha20poly1305.New(key[:])
    binary.BigEndian.PutUint32(aad, esp.SPI)
    binary.BigEndian.PutUint32(aad[4:], esp.Seq)

    plainText, err = aead.Open(nil, nonce, esp.Encrypted, aad)

Really appreciate any help on this.
Thanks,
Deepak.
Reply all
Reply to author
Forward
0 new messages