Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8305822

Change ChaCha20 cipher init behavior to match AES-GCM

    XMLWordPrintable

Details

    • CSR
    • Resolution: Approved
    • P3
    • 21
    • security-libs
    • None
    • behavioral
    • low
    • If consumers of the API depend on decrypt mode ciphers throwing InvalidKeyException in order to implement workarounds to reuse the key and nonce this change may cause issues. This however is a highly unlikely case to see in the field.
    • Implementation

    Description

      Summary

      This change will alter the initialization behavior for the SunJCE ChaCha20 and ChaCha20-Poly1305 implementations to match that of AES-GCM. It will allow key/nonce reuse when in DECRYPT_MODE where it did not previously.

      Problem

      AEAD-based ciphers do not allow key and nonce reuse for encryption with different plaintext inputs as it creates a situation where data can be compromised. Key/nonce reuse for decryption is not a problem since the result is the plaintext. Key and nonce reuse for decryption can be helpful in cases where a user may need to decrypt data using the same key and nonce a second time. Currently AES-GCM allows key/nonce reuse for decryption, but ChaCha20 and ChaCha20-Poly1305 do not. The latter two ciphers should conform to the AES-GCM behavior.

      Solution

      Allow the ChaCha20 and ChaCha20-Poly1305 cipher instances to reuse the key and nonce when in DECRYPT_MODE:

      • The cipher will return to its previously initialized state following a doFinal call.
      • The cipher may perform two doFinal operations using the same key and nonce without an intervening init call.
      • The cipher may re-initialize itself with the same key and nonce without throwing an InvalidKeyException

      These allowances do not extend to ENCRYPT_MODE ChaCha20 or ChaCha20-Poly1305 SunJCE Cipher instances. The key/nonce reuse prohibitions in encrypt mode remain unchanged from their current behavior.

      Specification

      There are no specification changes.

      Attachments

        Issue Links

          Activity

            People

              jnimeh Jamil Nimeh
              jnimeh Jamil Nimeh
              Anthony Scarpino, Daniel Jelinski
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: