search

kazu-yamamoto / quic

IETF QUIC library in Haskell
BSD 3-Clause "New" or "Revised" License
91 stars 13 forks source link

Can't use ChaCha20Poly1503 as cipher #42

Closed jvanbruegge closed 2 years ago

jvanbruegge commented 2 years ago

Running the QUIC connection with defaultClientConfig { ccCiphers = [cipher_TLS13_CHACHA20POLY1305_SHA256] } results in:

client: TransportErrorIsSent TLS InternalError "Error_Misc \"cipherHeaderProtection\\nCallStack (from HasCallStack):
   error, called at ./Network/QUIC/Crypto/Nite.hs:207:54 in quic-0.0.1-zg3MWtNOoiFqfpD8VIR5d:Network.QUIC.Crypto.Nite\""

Looking at that file, it is not clear to me how to submit a PR to fix this because of the required State

kazu-yamamoto commented 2 years ago

Since cryptonite does not provide an API to support chacha poly, it is not supported currently. Volunteers took over cryptonite recently, so the situation would change.

jvanbruegge commented 2 years ago

It doesn't? Isnt that the correct cipher? https://hackage.haskell.org/package/cryptonite-0.29/docs/Crypto-Cipher-ChaChaPoly1305.html

The problem I see is that it is not a stateless cipher and I have no idea where to thread the state through

kazu-yamamoto commented 2 years ago

See https://www.rfc-editor.org/rfc/rfc9001.html#name-chacha20-based-header-prote. In QUIC, we need to specify the counter. The counter is hard-coded in crypotnite.

jvanbruegge commented 2 years ago

Ah, I see. Thank you!