0008327: Wrong key derivation algorithm for SymmetricSignatureAlgorithm_Poly1305 in ProfileReportingTool

ID	Project	Category	View Status	Date Submitted	Last Update

0008327	10000-007: Profiles	Spec	public	2022-09-14 10:18	2022-10-26 16:06

Reporter	Bernd Edlinger	Assigned To	Randy Armstrong
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	assigned	Resolution	open
Product Version	1.05.03

Summary	0008327: Wrong key derivation algorithm for SymmetricSignatureAlgorithm_Poly1305 in ProfileReportingTool
Description	I've just read this confusing statement in the opc/ua profile reporting tool Conformance Unit SymmetricSignatureAlgorithm_Poly1305 (opcfoundation.org) see: https://profiles.opcfoundation.org/conformanceunit/3780 "When using SignOnly, the Poly1305 key is generated using the algorithm specified in 2.6 of RFC8439." If you read chapter 2.6 of RFC8439 you will see that it derives the Poly key from ChaCha(signkey, iv XOR mask). Quite similar to how it is derived in the AEAD construction. But this is not than what the ECC amendment says, we use SHA256(signkey XOR mask) as Poly key AFAIK. I wonder if that is just an error in the Profile Reporting tool, or did I mis-read the spec somehow?
Tags	No tags attached.

Commit Version
Fix Due Date

Randy Armstrong 2022-10-26 16:05 administrator ~0018087	Remove this text from 6.8.2 If the hash length is less than the SigningKey length then the first hash length bytes of the SigningKey are replaced with the hash.

Randy Armstrong 2022-10-26 16:06 administrator ~0018088	Update Profile definition with wording from Part 6.

Date Modified	Username	Field	Change
2022-09-14 10:18	Bernd Edlinger	New Issue
2022-09-27 16:12	Jim Luth	Assigned To	=> Randy Armstrong
2022-09-27 16:12	Jim Luth	Status	new => assigned
2022-10-26 16:05	Randy Armstrong	Note Added: 0018087
2022-10-26 16:06	Randy Armstrong	Note Added: 0018088