libtomcrypt icon indicating copy to clipboard operation
libtomcrypt copied to clipboard
verified publisher icon libtom

Length limits of encauth etc.

Open sjaeckel opened this issue 8 years ago • 1 comments

As @karel-m pointed out in https://github.com/libtom/libtomcrypt/pull/211/files#r115594690 we have a possible issue in chacha20poly1305

Now when I am looking at the implementation the max length of our chacha20poly1305 is 2^64 bytes; however, in theory chacha20poly1305 has max length limit 2^70 bytes. The potentioal trouble might occur due to the fact that we do not check for reaching 2^64.

We should verify the existing implementations regarding such limitations.

The following encauth implementations exist, they should be marked as resolved after their implementation has been verified and/or fixed

  • [ ] ccm
  • [ ] chacha20poly1305
  • [ ] eax
  • [x] gcm fixed in #129
  • [ ] ocb
  • [ ] ocb3

Should this list contain further elements, e.g. MAC's?

sjaeckel avatar May 11 '17 13:05 sjaeckel

CFRG is working on defining those limits in https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/

Integration will be postponed until the RFC is finished.

sjaeckel avatar Oct 07 '25 08:10 sjaeckel