RFR: ChaCha20 and ChaCha20/Poly1305 Cipher implementations

Thomas Lußnig lussnig at suche.org
Wed Apr 11 17:56:49 UTC 2018


Hi,

same with key/keyBytes is with the class Poly1305 also here the key is 
not used.

Gruß Thomas

On 4/11/2018 5:54 PM, Jamil Nimeh wrote:
> Yes, that does appear to be the case, good catch!  I'll make that change.
>
> --Jamil
>
> On 4/11/2018 7:18 AM, Thomas Lußnig wrote:
>> Hi,
>>
>> i found another point. The "key" field can be removed from 
>> ChaCha20Cipher.
>> 1) This field is only set once and later checked if it was initialized.
>>      But we do not want to knew is the key exists but if key bytes 
>> exists.
>> 2) So if two lines are changed from key to keyBytes we can remove 
>> this unused field.
>>
>>
>> Gruß Thomas
>>
>> http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.02/src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Cipher.java.html 
>>
>> Lines 426 , 461 (change to keyBytes)
>>     if (key == null
>> Line 75+507 (remove)
>>     private Key key;
>>     this.key = key;
>>
>>
>> On 4/11/2018 12:34 AM, Jamil Nimeh wrote:
>>> Hello everyone,
>>>
>>> This is a quick update to the previous webrev:
>>>
>>> * When using the form of engineInit that does only takes op, key and 
>>> random, the nonce will always be random even if the random parameter 
>>> is null.  A default instance of SecureRandom will be used to create 
>>> the nonce in this case, instead of all zeroes.
>>>
>>> * Unused debug code was removed from the ChaCha20Cipher.java file
>>>
>>> * ChaCha20Parameters.engineToString no longer obtains the line 
>>> separator from a System property directly.  It calls 
>>> System.lineSeparator() similar to how other AlgorithmParameter 
>>> classes in com.sun.crypto.provider do it.
>>>
>>> http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.02/
>>>
>>> Thanks,
>>>
>>> --Jamil
>>>
>>>
>>> On 03/26/2018 12:08 PM, Jamil Nimeh wrote:
>>>> Hello all,
>>>>
>>>> This is a request for review for the ChaCha20 and ChaCha20-Poly1305 
>>>> cipher implementations.  Links to the webrev and the JEP which 
>>>> outlines the characteristics and behavior of the ciphers are listed 
>>>> below.
>>>>
>>>> http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.01/
>>>> http://openjdk.java.net/jeps/329
>>>>
>>>> Thanks,
>>>> --Jamil
>>>
>


More information about the security-dev mailing list