ChaCha20Poly1305 bug?
mcoret opened this issue · 2 comments
Hi!
I think there's a bug in the ChaCha20Poly1305 implementation. For my setup, the decryption and authentication completely fails. From a brief look on the source code, it looks that you are using the "AuthenticatedEncryptionFilter" together with a "StringSink" construction, almost identical to the (apparently) correct AES module. But from the official cryptopp wiki, it seems that one need to use "EncryptAndAuthenticate" and then "DecryptAndVerify" interfaces with ChaCha20Poly1305. Here's the source file path and wiki references:
Source/Algorithm/ChaCha20/ChaCha20.cpp
https://cryptopp.com/wiki/ChaCha20Poly1305
BTW, It's really a great project, thank you for it!
NB: I'm by no means an expert in cryptography. I'm just looking on code here :)
Hello @mcoret!,
You are actually right! thank you for noticing this, i seem to skip authentication instruction when performing a chacha20poly1305 encryption/decryption, it should be implemented entirely different than it is.
i made some changes in the last commit with tests, it seem to work now (at least in my side 😅), i would like if you take a look at it.
and btw neither i am an expert in cryptography, i made this project so i can learn a little about it 😁
thank you once again!
Hi!
I can confirm, it works now!
Thank you! :)