diff options
| author | fanquake <fanquake@gmail.com> | 2021-08-19 08:57:23 +0800 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2021-08-19 09:16:28 +0800 |
| commit | 607a6338a73734bcdf6dc008f9f91e76efeb845f (patch) | |
| tree | e6dc406169d38baf47da5827c6b5035007abf547 /src/interfaces | |
| parent | cabbd01d85576f742be28485ab977db06ea64625 (diff) | |
| parent | cd37356ff9a1a3c2365c4fe3c716d1ca74185d73 (diff) | |
Merge bitcoin/bitcoin#22331: crypto: Fix K1/K2 use in ChaCha20-Poly1305 AEAD
cd37356ff9a1a3c2365c4fe3c716d1ca74185d73 [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD (Dhruv Mehta)
Pull request description:
BIP324 mentions K1 is used for the associated data and K2 is used for the payload. The code does the opposite. This is not a security problem but will be a problem across implementations based on the HKDF key derivations.
BIP324 author Jonas Schnelli thinks a [code update will be better](https://github.com/bitcoin/bitcoin/pull/15649#discussion_r440780669) than a BIP update.
If this PR is merged:
- [ ] We need to update the test vector 3 in BIP324
ACKs for top commit:
jonasschnelli:
utACK cd37356ff9a1a3c2365c4fe3c716d1ca74185d73
Tree-SHA512: e2165117bfbf7a031060e7376912f9af1c1bfc57916383799a0fa2c040e2caaab0d6aafc3425c083a233b96c84fafec75c938e00ceb6bd7d52607d58607cb145
Diffstat (limited to 'src/interfaces')
0 files changed, 0 insertions, 0 deletions