Problems with CipherBox and AEAD

Xuelei Fan xuelei.fan at oracle.com
Tue Oct 13 02:14:33 UTC 2015


Were ChaCha20 and Poly1305 based cipher suites accepted as IETF RFC?
Looks like the proposal was not moving forward since May, 2014.

    https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04

Thanks,
Xuelei

On 10/11/2015 3:59 PM, Thomas Lußnig wrote:
> Hi,
> 
> when i extends "sun.security.ssl.CipherSuite" with
>     final static BulkCipher B_CHACHA20_POLY1305 = new
> BulkCipher("CHACHA20_POLY1305", AEAD_CIPHER  , 32 ,32,  0,  0, true );
> i found an Problem in "sun.security.ssl.CipherBox
> Method "applyExplicitNonce" there for the AEAD_CIPHER case is an NPE if
> the IV Length is zero. Then fixedIv become null
> and there is an NPE. The Workaround for this is
>     final byte[] iv;
>     if(this.fixedIv == null) { // FIX for CHACHA
>         iv = new byte[this.recordIvSize];              // CHACHA fix
>         bb.get(iv, 0, this.recordIvSize);
>     } else {
>         iv = Arrays.copyOf(this.fixedIv, this.fixedIv.length +
> this.recordIvSize);
>         bb.get(iv, this.fixedIv.length, this.recordIvSize);
>     }
> Another problem would occour if i use "new
> BulkCipher("CHACHA20_POLY1305", AEAD_CIPHER  , 32 ,32,  8,  8, true );"
> Then in createExplicitNonce the nonce should become zero size but is
> fixed length for AEAD of 8 bytes.
> Both was seen in JDK-1.8.0_60
> 
> Gruß Thomas Lußnig
> 



More information about the security-dev mailing list