Summary

ChaCha20 is a high-speed stream cipher, and poly1305 is a high-speed message authentication code. While ChaCha20-Poly1305 is an authenticated encryption with additional data (AEAD) cipher.

JEP JDK-8153028 will implement ciphers ChaCha20 and ChaCha20-Poly1305. It also provides a new key generator implementation on ChaCha20.

KAT Testing

RFC7539 section 2.4.2 gives some examples and test vectors for the ChaCha20 Cipher. And section 2.5.2 gives some examples and test vectors for the ChaCha20-Poly1305 Cipher. They can be used for KAT testing.

Interoperability Testing

The latest Bouncy Castle versions have supported ChaCha20 and ChaCha20-Poly1305 ciphers, and especially it has a pure java implementation, so it can take an Interoperability testing with this 3rd-party library.

There is an existing interoperability test on Bouncy Castle: closed/security/infra/javax/crypto/Cipher/BouncyCastleInterop.java. It's better to refactor it for adding more test cases. It should allow to receive different transformations. It also should support testing AEAD ciphers.

Key Generation

The new key generator implementation on ChaCha20 doesn't introduce new or modify existing public API. The following is a usage example:

KeyGenerator kg = KeyGenerator.getInstance(“ChaCha20”);
kg.init(256);
SecretKey key = kg.generateKey();

The key size must be 256, otherwise InvalidParameterException will raise.

ChaCha20ParameterSpec

javax.crypto.spec.ChaCha20ParameterSpec is a new introduced implementation on AlgorithmParameterSpec, and it is the only change on public API. It holds nonce and initial block counter for ChaCha20 cipher. Especially, the nonce size must be 96-bit. While block counter has no restricted.