Refactor XChaCha20Poly1305 to delegate via injected ChaCha engine#93
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reworks
TXChaCha20Poly1305to share the parent's nonce/key validation, MAC state machine, and reuse-detection by injecting the underlying ChaCha engine instead of overridingInitwith a parallel implementation. Adds round-trip, tamper, and nonce-validation tests for bothTXChaCha20EngineandTXChaCha20Poly1305.Design
TChaCha20Poly1305gains a protected constructor accepting(IMac, IChaCha7539Engine, ANonceBytes). The 12-byte nonce check is replaced with a configurableFNonceBytes, and the previously hard-codedNonceSizeconstant is removed. The internalFChaCha20field becomesIChaCha7539Engine(interfaced, so the explicit destructor is no longer needed). Error messages (SInvalidParameters,SNonceMustBe96,SCannotReuseNonce,SMacCheckFailed) become format strings keyed byAlgorithmNameand nonce width.TXChaCha20Poly1305collapses to a thin subclass:(IMac)-taking), both delegating to the base viainherited Create(APoly1305, TXChaCha20Engine.Create() as IXChaCha20Engine, 24).GetAlgorithmNameoverride.Init, the cachedFMasterKey, and the destructor are removed — the parent now handles nonce-length validation (192-bit), reuse detection, MAC sizing, and key state, with HChaCha20 derivation happening inside the injectedTXChaCha20Engine.IChaCha7539Engineis extended withProcessBlocks2/ProcessBlocks4so future SIMD fast paths can be invoked through the interface rather than the concrete class.Test changes
XChaCha20Poly1305Testsadds:TestDeterministicRoundTrip2048— 2048-byte plaintext encrypted then decrypted with a deterministic LCG-generated key/nonce/AAD/payload, asserting the round-trip recovers the input.TestTamperedTagMacFailure— flips the last tag byte of a known-vector ciphertext and assertsEInvalidCipherTextCryptoLibExceptionwith the new format-string message (mac check in XChaCha20Poly1305 failed).TestRejectNonce12Byte— passing a 96-bit nonce raisesEArgumentCryptoLibExceptionwithNonce must be 192 bits(verifies the format-string path picks upFNonceBytescorrectly).TestReuseNonceEncryptionRejected— a second encrypt-init under the same (key, nonce) raises withcannot reuse nonce for XChaCha20Poly1305 encryption.XChaCha20Testsadds:TestRoundTrip1024— 1024-byte plaintext encrypt/decrypt round-trip, with an explicit check that ciphertext differs from plaintext (catches a no-op keystream regression).TestRejectShortNonce64BitsandTestRejectShortNonce96Bits— 8-byte and 12-byte nonces must raiseEArgumentCryptoLibException.