Ensure proper implementation of ChaCha20 as a block cipher in counter mode

[markentingh]

I'm no security specialist (just a simple web developer), but after reading this blog post, I'm skeptical about using any implementation of ChaCha20 for my C# projects until I know for sure that it was developed correctly. Could you confirm that your class is using a block cipher in counter mode instead of using a stream cipher?

[sbennett1990]

I'm no crypto software specialist :) You are right to be skeptical! I can't make a guarantee. If I recall correctly, I had trouble getting this implementation to calculate the known inputs correctly from the RFC. Then life happened before I could track down the issue.

However, this code is BSD licensed. So you are free to take it and modify it until you are assured that it meets your specification. PRs welcome!

Sorry for taking so long to respond... And thanks for linking that blog post! I will go and read it!

[sbennett1990]

Added the bug label, because I'm pretty sure my implementation does exactly what the linked Insane Coding article says not to do. Will work on correcting the situation.

[p10tyr]

Probably needs some unit test adding.. So I am not really to worried about whatever you guys saying.. I just want it to work for a small project I am doing. Does this work? Or is broken.

[xtremertx]

Hi, seem to be late... but to answer some of your questions.

1. If your implementation cannot handle arbitrary data lengths (which are not multiple of block size = 64 bytes), it simply means its not compatible with other implementations that are implemented in a correct way but doesn't mean its broken, it just means that you are wasting some keystream material.
2. ChaCha20 is a block cipher using counter mode in order to emulate stream cipher, ChaCha20 is immune to any side-channel attacks because of its ARX (Addition-Rotation-Xor) structure. Using counter is an advantage bacause you can jump on any block and encrypt/decrypt from there.

BTW: AES is a block cipher but later were developed some variants using counter mode, like AES-GCM.

3. I had same issue with my ChaCha20 implementation at first. I'll soon release an AVX2 C# NETCore implementation, including unit tests and RFC support..

[p10tyr]

That’s awesome. I was trying to use this for Apples homekit encryption but I struggled really hard to find any thing for C#. I can’t remember note exactly but built in net crypto had some feature in it that wasn’t compatible or was deprecated. The home kit use IV and and a simple code exchange between client and server on each request. I guess it simple to allow for low power cpu to be able to handle it.

I wanted to get back to my project but the Apple specification for HomeKit is a bit mental and I got stuck on this. Like one of the first things before even being able to create a link.

I see node and python have libraries. They use modules that we don’t have access to in C# so I struggled and gave up

---

From: Peter [email protected] Sent: Tuesday, June 16, 2020 2:27:00 PM To: sbennett1990/ChaCha20-csharp [email protected] Cc: Piotr Kula [email protected]; Comment [email protected] Subject: Re: [sbennett1990/ChaCha20-csharp] Ensure proper implementation of ChaCha20 as a block cipher in counter mode (#2)

Hi, seem to be late... but to answer some of your questions.

1. If your implementation cannot handle arbitrary data lengths (which are not multiple of block size = 64 bytes), it simply means its not compatible with other implementations that are implemented in a correct way but doesn't mean its broken, it just means that you are wasting some keystream material.

2. ChaCha20 is a block cipher using counter mode in order to emulate stream cipher, ChaCha20 is immune to any side-channel attacks because of its ARX (Addition-Rotation-Xor) structure.

3. I had same issue with my ChaCha20 implementation at first. I'll soon release an AVX2 C# NETCore implementation, including unit tests and RFC support..

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/sbennett1990/ChaCha20-csharp/issues/2#issuecomment-644764237, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAJRDE24GSP2NGUX73ODAPDRW5XKJANCNFSM4EENSYKQ.