Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8184357

Test Plan for ChaCha20 and Poly1305 algorithms

    XMLWordPrintable

    Details

    • Type: JEP Task
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Fix Version/s: 11
    • Component/s: security-libs
    • Labels:

      Description

      Summary

      ChaCha20 is a high-speed stream cipher, and poly1305 is a high-speed message authentication code. While ChaCha20-Poly1305 is an authenticated encryption with additional data (AEAD) cipher.

      JEP JDK-8153028 will implement ciphers ChaCha20 and ChaCha20-Poly1305. It also provides a new key generator implementation on ChaCha20.

      KAT Testing

      RFC7539 section 2.4.2 gives some examples and test vectors for the ChaCha20 Cipher. And section 2.5.2 gives some examples and test vectors for the ChaCha20-Poly1305 Cipher. They can be used for KAT testing.

      Interoperability Testing

      The latest Bouncy Castle versions have supported ChaCha20 and ChaCha20-Poly1305 ciphers, and especially it has a pure java implementation, so it can take an Interoperability testing with this 3rd-party library.

      There is an existing interoperability test on Bouncy Castle: closed/security/infra/javax/crypto/Cipher/BouncyCastleInterop.java. It's better to refactor it for adding more test cases. It should allow to receive different transformations. It also should support testing AEAD ciphers.

      Key Generation

      The new key generator implementation on ChaCha20 doesn't introduce new or modify existing public API. The following is a usage example:

      KeyGenerator kg = KeyGenerator.getInstance(“ChaCha20”);
      kg.init(256);
      SecretKey key = kg.generateKey();

      The key size must be 256, otherwise InvalidParameterException will raise.

      ChaCha20ParameterSpec

      javax.crypto.spec.ChaCha20ParameterSpec is a new introduced implementation on AlgorithmParameterSpec, and it is the only change on public API. It holds nonce and initial block counter for ChaCha20 cipher. Especially, the nonce size must be 96-bit. While block counter has no restricted.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jjiang John Jiang
              Reporter:
              ggalimbe Gustavo Galimberti (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: