Hi Jamil,
1) where there any guidelines about how the engineToString should be
formatted ?
I ask because i wondering why we need two new lines with access to the
System property.
If it is represented as single line json no need to line break would be
needed.
Gruß Thomas
/** * Creates a formatted string describing the parameters. * * @return
a string representation of the ChaCha20 parameters. */ @Override
protected String engineToString() { String LINE_SEP =
System.getProperty("line.separator"); HexDumpEncoder encoder = new
HexDumpEncoder(); StringBuilder sb = new StringBuilder(LINE_SEP +
"nonce:" + LINE_SEP + "[" + encoder.encodeBuffer(nonce) + "]"); return
sb.toString(); }
2) I do not think it is an good idea to say no secureRandom=null will cause IV
to be null.
I see here the risk of weak implementations. I would suggest to throw an
Exception to
enforce secure usages. If someone really want an insecure IV he can provide
am SecureRandom
implementation retuning 0 only or an matching IV.
* @param random a {@code SecureRandom} implementation. If {@code null}
* is used for the random object, then a nonce consisting of all
* zero bytes will be used. Otherwise a random nonce will be
* used.
3) If ChaCha20ParameterSpec would extends IvParameterSpec if would be valid for
booth modes in engineInit.
Even if the counter is not needed.
As an alternative i would allow ChaCha20ParameterSpec also for AEAD mode.
Grup Thomas
On 3/26/2018 9:08 PM, Jamil Nimeh wrote:
Hello all,
This is a request for review for the ChaCha20 and ChaCha20-Poly1305
cipher implementations. Links to the webrev and the JEP which
outlines the characteristics and behavior of the ciphers are listed
below.
http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.01/
http://openjdk.java.net/jeps/329
Thanks,
--Jamil
