Re: RFR: ChaCha20 and ChaCha20/Poly1305 Cipher implementations

Fri, 27 Apr 2018 14:22:21 -0700 

Round 4 of updates for ChaCha20 and ChaCha20-Poly1305, minor stuff mostly:

 * Added words in the description of javax.crypto.Cipher recommending
   callers reinitialize the Cipher to use different nonces after each
   complete encryption or decryption (similar language to what exists
   already for AES-GCM encryption).
 * Added an additional test case for ChaCha20NoReuse
 * Made accessor methods for ChaCha20ParameterSpec final and cleaned up
   the code a bit based on comments from the field.

http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.04/

Thanks!

--Jamil


On 04/13/2018 11:59 AM, Jamil Nimeh wrote:

Round 3 of updates for ChaCha20 and ChaCha20-Poly1305:
* Removed the key field in ChaCha20 and Poly1305 implementations and only retain the key bytes as an object field (thanks Thomas for catching this)
* Added additional protections against key/nonce reuse.  This is a behavioral change to ChaCha20 and ChaCha20-Poly1305.  Instances of these ciphers will no longer allow you to do subsequent doUpdate/doFinal calls after the first doFinal without re-initializing the cipher with either a new key or nonce. Attempting to reuse the cipher without a new initialization will throw an IllegalStateException.  This is similar to the behavior of AES-GCM in encrypt mode, but for ChaCha20 it needs to be done for both encrypt and decrypt. 

http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.03/

Thanks,
--Jamil

On 04/10/2018 03:34 PM, Jamil Nimeh wrote:

Hello everyone,

This is a quick update to the previous webrev:
* When using the form of engineInit that does only takes op, key and random, the nonce will always be random even if the random parameter is null.  A default instance of SecureRandom will be used to create the nonce in this case, instead of all zeroes. 

* Unused debug code was removed from the ChaCha20Cipher.java file
* ChaCha20Parameters.engineToString no longer obtains the line separator from a System property directly.  It calls System.lineSeparator() similar to how other AlgorithmParameter classes in com.sun.crypto.provider do it. 

http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.02/

Thanks,

--Jamil


On 03/26/2018 12:08 PM, Jamil Nimeh wrote:

Hello all,
This is a request for review for the ChaCha20 and ChaCha20-Poly1305 cipher implementations.  Links to the webrev and the JEP which outlines the characteristics and behavior of the ciphers are listed below. 

http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.01/
http://openjdk.java.net/jeps/329

Thanks,
--Jamil

Reply via email to