RFR: ChaCha20 and ChaCha20/Poly1305 Cipher implementations

Thomas Lußnig lussnig at suche.org
Mon Mar 26 19:45:05 UTC 2018

Hi Jamil,

1) where there any guidelines about how the engineToString should be 
formatted ?
I ask because i wondering why we need two new lines with access to the 
System property.
If it is represented as single line json no need to line break would be 

Gruß Thomas

/** * Creates a formatted string describing the parameters. * * @return 
a string representation of the ChaCha20 parameters. */ @Override 
protected String engineToString() { String LINE_SEP = 
System.getProperty("line.separator"); HexDumpEncoder encoder = new 
HexDumpEncoder(); StringBuilder sb = new StringBuilder(LINE_SEP + 
"nonce:" + LINE_SEP + "[" + encoder.encodeBuffer(nonce) + "]"); return 
sb.toString(); }

2) I do not think it is an good idea to say no secureRandom=null will cause IV to be null.
    I see here the risk of weak implementations. I would suggest to throw an Exception to
    enforce secure usages. If someone really want an insecure IV he can provide am SecureRandom
    implementation retuning 0 only or an matching IV.

      * @param random a {@code SecureRandom} implementation.  If {@code null}
      *      is used for the random object, then a nonce consisting of all
      *      zero bytes will be used.  Otherwise a random nonce will be
      *      used.

3) If ChaCha20ParameterSpec would extends IvParameterSpec if would be valid for booth modes in engineInit.
     Even if the counter is not needed.
     As an alternative i would allow ChaCha20ParameterSpec also for AEAD mode.

Grup Thomas

On 3/26/2018 9:08 PM, Jamil Nimeh wrote:
> Hello all,
> This is a request for review for the ChaCha20 and ChaCha20-Poly1305 
> cipher implementations.  Links to the webrev and the JEP which 
> outlines the characteristics and behavior of the ciphers are listed 
> below.
> http://cr.openjdk.java.net/~jnimeh/reviews/8153028/webrev.01/
> http://openjdk.java.net/jeps/329
> Thanks,
> --Jamil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20180326/7e108874/attachment.html>

More information about the security-dev mailing list