<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Round 4 of updates for ChaCha20 and ChaCha20-Poly1305, minor
stuff mostly:</p>
<ul>
<li>Added words in the description of javax.crypto.Cipher
recommending callers reinitialize the Cipher to use different
nonces after each complete encryption or decryption (similar
language to what exists already for AES-GCM encryption).</li>
<li>Added an additional test case for ChaCha20NoReuse</li>
<li>Made accessor methods for ChaCha20ParameterSpec final and
cleaned up the code a bit based on comments from the field.</li>
</ul>
<p><a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.04/">http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.04/</a></p>
<p>Thanks!</p>
<p>--Jamil<br>
</p>
<br>
<div class="moz-cite-prefix">On 04/13/2018 11:59 AM, Jamil Nimeh
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4cdfa771-b222-2986-b1fa-2a67a89b9212@oracle.com">Round 3
of updates for ChaCha20 and ChaCha20-Poly1305:
<br>
<br>
* Removed the key field in ChaCha20 and Poly1305 implementations
and only retain the key bytes as an object field (thanks Thomas
for catching this)
<br>
<br>
* Added additional protections against key/nonce reuse. This is a
behavioral change to ChaCha20 and ChaCha20-Poly1305. Instances of
these ciphers will no longer allow you to do subsequent
doUpdate/doFinal calls after the first doFinal without
re-initializing the cipher with either a new key or nonce.
Attempting to reuse the cipher without a new initialization will
throw an IllegalStateException. This is similar to the behavior
of AES-GCM in encrypt mode, but for ChaCha20 it needs to be done
for both encrypt and decrypt.
<br>
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.03/">http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.03/</a>
<br>
<br>
Thanks,
<br>
--Jamil
<br>
<br>
On 04/10/2018 03:34 PM, Jamil Nimeh wrote:
<br>
<blockquote type="cite">Hello everyone,
<br>
<br>
This is a quick update to the previous webrev:
<br>
<br>
* When using the form of engineInit that does only takes op, key
and random, the nonce will always be random even if the random
parameter is null. A default instance of SecureRandom will be
used to create the nonce in this case, instead of all zeroes.
<br>
<br>
* Unused debug code was removed from the ChaCha20Cipher.java
file
<br>
<br>
* ChaCha20Parameters.engineToString no longer obtains the line
separator from a System property directly. It calls
System.lineSeparator() similar to how other AlgorithmParameter
classes in com.sun.crypto.provider do it.
<br>
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.02/">http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.02/</a>
<br>
<br>
Thanks,
<br>
<br>
--Jamil
<br>
<br>
<br>
On 03/26/2018 12:08 PM, Jamil Nimeh wrote:
<br>
<blockquote type="cite">Hello all,
<br>
<br>
This is a request for review for the ChaCha20 and
ChaCha20-Poly1305 cipher implementations. Links to the webrev
and the JEP which outlines the characteristics and behavior of
the ciphers are listed below.
<br>
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.01/">http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.01/</a>
<br>
<a class="moz-txt-link-freetext" href="http://openjdk.java.net/jeps/329">http://openjdk.java.net/jeps/329</a>
<br>
<br>
Thanks,
<br>
--Jamil
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>