Different values of "tag" in cifra and libsodium for the same function
monicaphalswal opened this issue · comments
I am using void cf_chacha20poly1305_encrypt(const uint8_t key[32], const uint8_t nonce[12], const uint8_t *header, size_t nheader, const uint8_t *plaintext, size_t nbytes, uint8_t *ciphertext, uint8_t tag[16])
from cifra and
int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c, unsigned char *mac, unsigned long long *maclen_p, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k);
from libsodium. Both of them are suppossed to produce the same ciphertext which they are doing but the tag is coming out to be different. I am not able to understand why this is happening. Please help.
same problem here
Could you post some code or test vectors?
I just tried:
key: 6b65792e6b65792e6b65792e6b65792e6b65792e6b65792e6b65792e6b65792e
nonce: 6e6f6e63652e6e6f6e63652e
aad: 616164
msg: 6d657373616765
cipher: 5d9c0a9fe7d5e5
tag: 2824af504fdce6e85fc9d80c7c2a9f38
And both libsodium/cifra agree. Cifra also passes the known answer tests in the RFC (though it's possible those are poorly designed and not exhaustive).
Actually, the test vectors from the RFC don't cover |aad| == 0, and cifra gets this case wrong. Fix incoming.
Fixed in b6cdf9f. Sorry for the inconvenience and thanks for the report.
Great!
Thank you! :)