Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow ChaCha20 cipher reuse with same key/IV or without init after decryption #50

Merged
merged 1 commit into from
Sep 29, 2023
Merged

Allow ChaCha20 cipher reuse with same key/IV or without init after decryption #50

merged 1 commit into from
Sep 29, 2023

Conversation

KostasTsiounis
Copy link
Contributor

The expected behaviour for reuse of NativeChaCha20Cipher for decryption is altered to match the existing Sun implementation in ChaCha20Cipher, as updated in OpenJDK21.

The following scenarios are now allowed for decryption:

  • Reinitialize with same key + nonce
  • Update AAD after a successful doFinal() without reinitializing
  • Update AAD after an AEADBadTagException

Those scenarios are not allowed (i.e., an exception is thrown) in OpenJDK20 and earlier.

Back-ported from: ibmruntimes/openj9-openjdk-jdk#661

Fixes: eclipse-openj9/openj9#17632

Signed-off by: Kostas Tsiounis kostas.tsiounis@ibm.com

@KostasTsiounis
Change NativeChaCha20Cipher reuse behaviour for decryption
aad3098 
The expected behaviour for reuse of NativeChaCha20Cipher for decryption
is altered to match the existing Sun implementation in ChaCha20Cipher,
as updated in OpenJDK21.

The following scenarios are now allowed for decryption:

- Reinitialize with same key + nonce
- Update AAD after a successful doFinal() without reinitializing
- Update AAD after an AEADBadTagException

Those scenarios are not allowed (i.e., an exception is thrown) in
OpenJDK20 and earlier.

Signed-off by: Kostas Tsiounis <kostas.tsiounis@ibm.com>
@KostasTsiounis
Copy link
Contributor Author

FYI @keithc-ca

@keithc-ca
Copy link
Member

Jenkins compile alinux jdk21

@keithc-ca
Copy link
Member

jdk_security3_0 failed in https://openj9-jenkins.osuosl.org/job/Grinder/2946 for reasons that seem unrelated to this change; passed in https://openj9-jenkins.osuosl.org/job/Grinder/2947.

@keithc-ca keithc-ca merged commit 0533c3f into ibmruntimes:openj9 Sep 29, 2023
4 checks passed
babsingh added a commit to babsingh/aqa-tests that referenced this pull request Oct 17, 2023
@babsingh
Re-enable ChaCha20NoReuse
4349a33 
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661
JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50

Closes: eclipse-openj9/openj9#17632

Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
babsingh added a commit to babsingh/aqa-tests that referenced this pull request Oct 17, 2023
@babsingh
Re-enable ChaCha20NoReuse
5a6047e 
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661
JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50

Closes: eclipse-openj9/openj9#17632

Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
@babsingh babsingh mentioned this pull request Oct 17, 2023
Merged
smlambert pushed a commit to adoptium/aqa-tests that referenced this pull request Oct 17, 2023
@babsingh
Re-enable ChaCha20NoReuse (#4817)
10a24d9 
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661
JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50

Closes: eclipse-openj9/openj9#17632

Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
llxia pushed a commit to llxia/openjdk-tests that referenced this pull request Nov 22, 2023
@babsingh @llxia
Re-enable ChaCha20NoReuse (adoptium#4817)
be2df90 
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661
JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50

Closes: eclipse-openj9/openj9#17632

Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
llxia pushed a commit to llxia/openjdk-tests that referenced this pull request Nov 22, 2023
@babsingh @llxia
Re-enable ChaCha20NoReuse (adoptium#4817)
545b306 
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661
JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50

Closes: eclipse-openj9/openj9#17632

Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
pshipton pushed a commit to adoptium/aqa-tests that referenced this pull request Nov 22, 2023
@babsingh @pshipton
Re-enable ChaCha20NoReuse (#4817)
f4a92c1 
JDK-next (JDK22) fix: ibmruntimes/openj9-openjdk-jdk#661
JDK21 fix: ibmruntimes/openj9-openjdk-jdk21#50

Closes: eclipse-openj9/openj9#17632

Signed-off-by: Babneet Singh <sbabneet@ca.ibm.com>
@KostasTsiounis KostasTsiounis deleted the chacha20_reuse branch May 16, 2024 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keithc-ca keithc-ca keithc-ca approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

jdk21 com/sun/crypto/provider/Cipher/ChaCha20/ChaCha20NoReuse Must use either a different key or iv
2 participants
@KostasTsiounis @keithc-ca