Round 3 of updates for ChaCha20 and ChaCha20-Poly1305:
* Removed the key field in ChaCha20 and Poly1305 implementations and
only retain the key bytes as an object field (thanks Thomas for catching
this)
* Added additional protections against key/nonce reuse. This is a
behavioral change to ChaCha20 and ChaCha20-Poly1305. Instances of these
ciphers will no longer allow you to do subsequent doUpdate/doFinal calls
after the first doFinal without re-initializing the cipher with either a
new key or nonce. Attempting to reuse the cipher without a new
initialization will throw an IllegalStateException. This is similar to
the behavior of AES-GCM in encrypt mode, but for ChaCha20 it needs to be
done for both encrypt and decrypt.
http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.03/
Thanks,
--Jamil
On 04/10/2018 03:34 PM, Jamil Nimeh wrote:
Hello everyone,
This is a quick update to the previous webrev:
* When using the form of engineInit that does only takes op, key and
random, the nonce will always be random even if the random parameter
is null. A default instance of SecureRandom will be used to create
the nonce in this case, instead of all zeroes.
* Unused debug code was removed from the ChaCha20Cipher.java file
* ChaCha20Parameters.engineToString no longer obtains the line
separator from a System property directly. It calls
System.lineSeparator() similar to how other AlgorithmParameter classes
in com.sun.crypto.provider do it.
http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.02/
Thanks,
--Jamil
On 03/26/2018 12:08 PM, Jamil Nimeh wrote:
Hello all,
This is a request for review for the ChaCha20 and ChaCha20-Poly1305
cipher implementations. Links to the webrev and the JEP which
outlines the characteristics and behavior of the ciphers are listed
below.
http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.01/
http://openjdk.java.net/jeps/329
Thanks,
--Jamil
