Open
Description
As @karel-m pointed out in https://github.com/libtom/libtomcrypt/pull/211/files#r115594690 we have a possible issue in chacha20poly1305
Now when I am looking at the implementation the max length of our
chacha20poly1305is2^64bytes; however, in theorychacha20poly1305has max length limit2^70bytes. The potentioal trouble might occur due to the fact that we do not check for reaching2^64.
We should verify the existing implementations regarding such limitations.
The following encauth implementations exist, they should be marked as resolved after their implementation has been verified and/or fixed
-
ccm -
chacha20poly1305 -
eax -
gcmfixed in GCM counter incrementation isn't stopped at 2^32 blocks, which breaks GCM #129 -
ocb -
ocb3
Should this list contain further elements, e.g. MAC's?