[crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD
ClosedPublic
Actions

Authored by PiRK on Wed, Oct 22, 09:00.

Details

Reviewers

Fabien

Group Reviewers

Restricted Project

Commits

rABC57c4ea35edc5: [crypto] Fix K1/K2 use in ChaCha20-Poly1305 AEAD

Summary

BIP324 mentions K1 is used for the associated data and K2 is used for
the payload. The code does the opposite. This is not a security problem
but will be a problem across implementations based on the HKDF key
derivations.

This is a backport of core#22331 and core#23271

Note: this implementation is unused in the current codebase, outside of unit tests, and will be scrapped and replaced in core#28008. I'm only backporting this fix to avoid a test failure in another pre-28008 ChaCha20 backport (core#26153). It makes reviews and merge conflicts simpler to backport this in the right order.

Test Plan

ninja check

Diff Detail

Repository

rABC Bitcoin ABC

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 34840
Build 69142: Build Diff	build-clang · build-without-wallet · build-clang-tidy · build-diff · lint-circular-dependencies · build-debug
Build 69141: arc lint + arc unit