RFR: ChaCha20 and ChaCha20/Poly1305 Cipher implementations

Tue May 1 17:20:40 UTC 2018

On 4/27/18 5:21 PM, Jamil Nimeh wrote:
> Round 4 of updates for ChaCha20 and ChaCha20-Poly1305, minor stuff mostly:
> 
>   * Added words in the description of javax.crypto.Cipher recommending
>     callers reinitialize the Cipher to use different nonces after each
>     complete encryption or decryption (similar language to what exists
>     already for AES-GCM encryption).
>   * Added an additional test case for ChaCha20NoReuse
>   * Made accessor methods for ChaCha20ParameterSpec final and cleaned up
>     the code a bit based on comments from the field.
> 
> http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.04/

Some comments so far, will continue my review later ...

- Cipher.java

After the paragraph, I would add a reference for more info, ex: "Please 
see <a href="http://www.ietf.org/rfc/rfc7539.txt"> RFC 7539 </a> for 
more information on the ChaCha20 and ChaCha20-Poly1305 algorithms."

- SunJCE.java

81     "(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, 
PBE, "

Should add the ChaCha20 algorithm to the provider information String above.

- ChaCha20ParameterSpec.java

Thinking more about this -- if you don't think there is any good reason 
that a provider would want to subclass this, I would just make the whole 
class final.

   60      * @throws IllegalArgumentException if {@code nonce} is not 12 
bytes
   61      *      in length.

Remove period since this is a fragment that is not followed by a sentence.

   87      * @return the counter value.

Same as above.

- ChaCha20Poly1305Parameters.java

52  * @since 11

We don't typically put @since lines in impl. classes.

111                     "ChaCha20-Poly1305 Parameter ASN.1 encoding error");

  102         if (val.tag == DerValue.tag_OctetString) {
  103             // Get the nonce value
  104             nonce = val.getOctetString();

I would probably just call val.getOctetString() directly and not 
proactively check the tag, since it will throw IOE if it is the wrong 
tag anyway. Then you don't need these lines:

  109         } else {
  110             throw new IOException(
  111                     "ChaCha20-Poly1305 Parameter ASN.1 encoding 
error");
  112         }

There are other reasons an IOException can be thrown, so it doesn't seem 
necessary to have a special-case for one type of error.

  134             throw new IllegalArgumentException(
  135                     "Unsupported parameter format: " + 
decodingMethod);

Although this seems like a reasonable exception to throw, 
AlgorithmParametersSpi.engineInit is not spec'ed to throw this, so I 
think you should throw an IOE instead.

  202             throw new IllegalArgumentException(
  203                     "Unsupported encoding format: " + encodingMethod);

Similar comment, AlgorithmParametersSpi.engineGetEncoded is not spec'ed 
to throw this, so I think you should throw an IOE instead.

--Sean