RFR: ChaCha20 and ChaCha20/Poly1305 Cipher implementations
Jamil Nimeh
jamil.j.nimeh at oracle.com
Tue May 1 21:45:49 UTC 2018
Comments in-line:
On 5/1/2018 10:20 AM, Sean Mullan wrote:
> On 4/27/18 5:21 PM, Jamil Nimeh wrote:
>> Round 4 of updates for ChaCha20 and ChaCha20-Poly1305, minor stuff
>> mostly:
>>
>> * Added words in the description of javax.crypto.Cipher recommending
>> callers reinitialize the Cipher to use different nonces after each
>> complete encryption or decryption (similar language to what exists
>> already for AES-GCM encryption).
>> * Added an additional test case for ChaCha20NoReuse
>> * Made accessor methods for ChaCha20ParameterSpec final and cleaned up
>> the code a bit based on comments from the field.
>>
>> http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.04/
>
> Some comments so far, will continue my review later ...
>
> - Cipher.java
>
> After the paragraph, I would add a reference for more info, ex:
> "Please see <a href="http://www.ietf.org/rfc/rfc7539.txt"> RFC 7539
> </a> for more information on the ChaCha20 and ChaCha20-Poly1305
> algorithms."
JN: Sounds good. I'll do that.
>
> - SunJCE.java
>
> 81 "(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2,
> PBE, "
>
> Should add the ChaCha20 algorithm to the provider information String
> above.
JN: Yep, missed that. Will fix.
>
> - ChaCha20ParameterSpec.java
>
> Thinking more about this -- if you don't think there is any good
> reason that a provider would want to subclass this, I would just make
> the whole class final.
JN: Given what ChaCha20 takes as variable inputs, I cannot see what
anyone could gain from subclassing it. I can set it to final and update
the CSR.
>
> 60 * @throws IllegalArgumentException if {@code nonce} is not
> 12 bytes
> 61 * in length.
>
> Remove period since this is a fragment that is not followed by a
> sentence.
>
> 87 * @return the counter value.
>
> Same as above.
JN: Will fix.
>
> - ChaCha20Poly1305Parameters.java
>
> 52 * @since 11
>
> We don't typically put @since lines in impl. classes.
JN: Consider it gone.
>
> 111 "ChaCha20-Poly1305 Parameter ASN.1 encoding
> error");
>
> 102 if (val.tag == DerValue.tag_OctetString) {
> 103 // Get the nonce value
> 104 nonce = val.getOctetString();
>
> I would probably just call val.getOctetString() directly and not
> proactively check the tag, since it will throw IOE if it is the wrong
> tag anyway. Then you don't need these lines:
>
> 109 } else {
> 110 throw new IOException(
> 111 "ChaCha20-Poly1305 Parameter ASN.1 encoding
> error");
> 112 }
>
> There are other reasons an IOException can be thrown, so it doesn't
> seem necessary to have a special-case for one type of error.
JN: Sure, that seems reasonable. Will fix.
>
> 134 throw new IllegalArgumentException(
> 135 "Unsupported parameter format: " +
> decodingMethod);
>
> Although this seems like a reasonable exception to throw,
> AlgorithmParametersSpi.engineInit is not spec'ed to throw this, so I
> think you should throw an IOE instead.
>
> 202 throw new IllegalArgumentException(
> 203 "Unsupported encoding format: " +
> encodingMethod);
>
> Similar comment, AlgorithmParametersSpi.engineGetEncoded is not
> spec'ed to throw this, so I think you should throw an IOE instead.
JN: Fair enough. I had figured IAE would be OK since it's an unchecked
exception and seemed more appropriate to the situation. But IOE is fine
too. Will fix.
--Jamil
More information about the security-dev
mailing list