WIP: chacha20

Author: whyoleg

build-logic/src/main/kotlin/ckbuild/tests/GenerateProviderTestsTask.kt

@@ -106,6 +106,8 @@ abstract class GenerateProviderTestsTask : DefaultTask() {
             "AesEcbCompatibilityTest",
             "AesGcmTest",
             "AesGcmCompatibilityTest",
+            "ChaCha20Poly1305Test",
+            "ChaCha20Poly1305CompatibilityTest",
 
             "HmacTest",
             "HmacCompatibilityTest",

cryptography-core/api/cryptography-core.api

@@ -199,6 +199,29 @@ public abstract interface class dev/whyoleg/cryptography/algorithms/AES$OFB$Key
 	public abstract fun cipher ()Ldev/whyoleg/cryptography/operations/IvCipher;
 }
 
+public abstract interface class dev/whyoleg/cryptography/algorithms/ChaCha20Poly1305 : dev/whyoleg/cryptography/CryptographyAlgorithm {
+	public static final field Companion Ldev/whyoleg/cryptography/algorithms/ChaCha20Poly1305$Companion;
+	public fun getId ()Ldev/whyoleg/cryptography/CryptographyAlgorithmId;
+	public abstract fun keyDecoder ()Ldev/whyoleg/cryptography/materials/key/KeyDecoder;
+	public abstract fun keyGenerator ()Ldev/whyoleg/cryptography/materials/key/KeyGenerator;
+}
+
+public final class dev/whyoleg/cryptography/algorithms/ChaCha20Poly1305$Companion : dev/whyoleg/cryptography/CryptographyAlgorithmId {
+}
+
+public abstract interface class dev/whyoleg/cryptography/algorithms/ChaCha20Poly1305$Key : dev/whyoleg/cryptography/materials/key/EncodableKey {
+	public abstract fun cipher ()Ldev/whyoleg/cryptography/operations/IvAuthenticatedCipher;
+}
+
+public final class dev/whyoleg/cryptography/algorithms/ChaCha20Poly1305$Key$Format : java/lang/Enum, dev/whyoleg/cryptography/materials/key/KeyFormat {
+	public static final field JWK Ldev/whyoleg/cryptography/algorithms/ChaCha20Poly1305$Key$Format;
+	public static final field RAW Ldev/whyoleg/cryptography/algorithms/ChaCha20Poly1305$Key$Format;
+	public static fun getEntries ()Lkotlin/enums/EnumEntries;
+	public synthetic fun getName ()Ljava/lang/String;
+	public static fun valueOf (Ljava/lang/String;)Ldev/whyoleg/cryptography/algorithms/ChaCha20Poly1305$Key$Format;
+	public static fun values ()[Ldev/whyoleg/cryptography/algorithms/ChaCha20Poly1305$Key$Format;
+}
+
 public abstract interface class dev/whyoleg/cryptography/algorithms/Digest : dev/whyoleg/cryptography/CryptographyAlgorithm {
 	public abstract fun getId ()Ldev/whyoleg/cryptography/CryptographyAlgorithmId;
 	public abstract fun hasher ()Ldev/whyoleg/cryptography/operations/Hasher;

cryptography-core/api/cryptography-core.klib.api

@@ -461,6 +461,31 @@ abstract interface <#A: dev.whyoleg.cryptography.materials.key/KeyFormat> dev.wh
     open suspend fun encodeToByteString(#A): kotlinx.io.bytestring/ByteString // dev.whyoleg.cryptography.materials.key/EncodableKey.encodeToByteString|encodeToByteString(1:0){}[0]
 }
 
+abstract interface dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305 : dev.whyoleg.cryptography/CryptographyAlgorithm { // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305|null[0]
+    open val id // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.id|{}id[0]
+        open fun <get-id>(): dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305> // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.id.<get-id>|<get-id>(){}[0]
+
+    abstract fun keyDecoder(): dev.whyoleg.cryptography.materials.key/KeyDecoder<dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format, dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key> // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.keyDecoder|keyDecoder(){}[0]
+    abstract fun keyGenerator(): dev.whyoleg.cryptography.materials.key/KeyGenerator<dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key> // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.keyGenerator|keyGenerator(){}[0]
+
+    abstract interface Key : dev.whyoleg.cryptography.materials.key/EncodableKey<dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format> { // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key|null[0]
+        abstract fun cipher(): dev.whyoleg.cryptography.operations/IvAuthenticatedCipher // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.cipher|cipher(){}[0]
+
+        final enum class Format : dev.whyoleg.cryptography.materials.key/KeyFormat, kotlin/Enum<dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format> { // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format|null[0]
+            enum entry JWK // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format.JWK|null[0]
+            enum entry RAW // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format.RAW|null[0]
+
+            final val entries // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format.entries|#static{}entries[0]
+                final fun <get-entries>(): kotlin.enums/EnumEntries<dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format> // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format.entries.<get-entries>|<get-entries>#static(){}[0]
+
+            final fun valueOf(kotlin/String): dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format.valueOf|valueOf#static(kotlin.String){}[0]
+            final fun values(): kotlin/Array<dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format> // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Key.Format.values|values#static(){}[0]
+        }
+    }
+
+    final object Companion : dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305> // dev.whyoleg.cryptography.algorithms/ChaCha20Poly1305.Companion|null[0]
+}
+
 abstract interface dev.whyoleg.cryptography.algorithms/Digest : dev.whyoleg.cryptography/CryptographyAlgorithm { // dev.whyoleg.cryptography.algorithms/Digest|null[0]
     abstract val id // dev.whyoleg.cryptography.algorithms/Digest.id|{}id[0]
         abstract fun <get-id>(): dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/Digest> // dev.whyoleg.cryptography.algorithms/Digest.id.<get-id>|<get-id>(){}[0]

cryptography-core/src/commonMain/kotlin/algorithms/ChaCha20Poly1305.kt

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.algorithms
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.materials.key.*
+import dev.whyoleg.cryptography.operations.*
+
+@SubclassOptInRequired(CryptographyProviderApi::class)
+public interface ChaCha20Poly1305 : CryptographyAlgorithm {
+    override val id: CryptographyAlgorithmId<ChaCha20Poly1305> get() = Companion
+
+    public companion object : CryptographyAlgorithmId<ChaCha20Poly1305>("ChaCha20-Poly1305")
+
+    public fun keyDecoder(): KeyDecoder<Key.Format, Key>
+    public fun keyGenerator(): KeyGenerator<Key>
+
+    @SubclassOptInRequired(CryptographyProviderApi::class)
+    public interface Key : EncodableKey<Key.Format> {
+        public fun cipher(): IvAuthenticatedCipher
+
+        public enum class Format : KeyFormat { RAW, JWK }
+    }
+}

cryptography-providers/jdk/src/jvmMain/kotlin/JdkCryptographyProvider.kt

@@ -109,35 +109,36 @@ internal class JdkCryptographyProvider(provider: Provider?) : CryptographyProvid
     @Suppress("UNCHECKED_CAST")
     override fun <A : CryptographyAlgorithm> getOrNull(identifier: CryptographyAlgorithmId<A>): A? = cache.getOrPut(identifier) {
         when (identifier) {
-            MD4 -> JdkDigest(state, "MD4", MD4)
-            MD5       -> JdkDigest(state, "MD5", MD5)
-            SHA1      -> JdkDigest(state, "SHA-1", SHA1)
-            SHA224    -> JdkDigest(state, "SHA-224", SHA224)
-            SHA256    -> JdkDigest(state, "SHA-256", SHA256)
-            SHA384    -> JdkDigest(state, "SHA-384", SHA384)
-            SHA512    -> JdkDigest(state, "SHA-512", SHA512)
-            SHA3_224  -> JdkDigest(state, "SHA3-224", SHA3_224)
-            SHA3_256  -> JdkDigest(state, "SHA3-256", SHA3_256)
-            SHA3_384  -> JdkDigest(state, "SHA3-384", SHA3_384)
-            SHA3_512  -> JdkDigest(state, "SHA3-512", SHA3_512)
-            RIPEMD160 -> JdkDigest(state, "RIPEMD160", RIPEMD160)
-            HMAC      -> JdkHmac(state)
-            AES.CBC   -> JdkAesCbc(state)
-            AES.CMAC  -> JdkAesCmac(state)
-            AES.CTR   -> JdkAesCtr(state)
-            AES.CFB -> JdkAesCfb(state)
-            AES.OFB -> JdkAesOfb(state)
-            AES.ECB   -> JdkAesEcb(state)
-            AES.GCM   -> JdkAesGcm(state)
-            RSA.OAEP  -> JdkRsaOaep(state)
-            RSA.PSS   -> JdkRsaPss(state)
-            RSA.PKCS1 -> JdkRsaPkcs1(state)
-            RSA.RAW   -> JdkRsaRaw(state)
-            ECDSA     -> JdkEcdsa(state)
-            ECDH      -> JdkEcdh(state)
-            PBKDF2    -> JdkPbkdf2(state)
-            HKDF      -> JdkHkdf(state, this)
-            else      -> null
+            MD4              -> JdkDigest(state, "MD4", MD4)
+            MD5              -> JdkDigest(state, "MD5", MD5)
+            SHA1             -> JdkDigest(state, "SHA-1", SHA1)
+            SHA224           -> JdkDigest(state, "SHA-224", SHA224)
+            SHA256           -> JdkDigest(state, "SHA-256", SHA256)
+            SHA384           -> JdkDigest(state, "SHA-384", SHA384)
+            SHA512           -> JdkDigest(state, "SHA-512", SHA512)
+            SHA3_224         -> JdkDigest(state, "SHA3-224", SHA3_224)
+            SHA3_256         -> JdkDigest(state, "SHA3-256", SHA3_256)
+            SHA3_384         -> JdkDigest(state, "SHA3-384", SHA3_384)
+            SHA3_512         -> JdkDigest(state, "SHA3-512", SHA3_512)
+            RIPEMD160        -> JdkDigest(state, "RIPEMD160", RIPEMD160)
+            HMAC             -> JdkHmac(state)
+            AES.CBC          -> JdkAesCbc(state)
+            AES.CMAC         -> JdkAesCmac(state)
+            AES.CTR          -> JdkAesCtr(state)
+            AES.CFB          -> JdkAesCfb(state)
+            AES.OFB          -> JdkAesOfb(state)
+            AES.ECB          -> JdkAesEcb(state)
+            AES.GCM          -> JdkAesGcm(state)
+            ChaCha20Poly1305 -> JdkChaCha20Poly1305(state)
+            RSA.OAEP         -> JdkRsaOaep(state)
+            RSA.PSS          -> JdkRsaPss(state)
+            RSA.PKCS1        -> JdkRsaPkcs1(state)
+            RSA.RAW          -> JdkRsaRaw(state)
+            ECDSA            -> JdkEcdsa(state)
+            ECDH             -> JdkEcdh(state)
+            PBKDF2           -> JdkPbkdf2(state)
+            HKDF             -> JdkHkdf(state, this)
+            else             -> null
         }
     } as A?
 }

cryptography-providers/jdk/src/jvmMain/kotlin/JdkCryptographyState.kt

@@ -46,8 +46,8 @@ internal class JdkCryptographyState(private val provider: JProvider?) {
         }
     }
 
-    fun cipher(algorithm: String): Pooled<JCipher> =
-        ciphers.get(algorithm, JCipher::getInstance, JCipher::getInstance)
+    fun cipher(algorithm: String, cached: Boolean = true): Pooled<JCipher> =
+        ciphers.get(algorithm, JCipher::getInstance, JCipher::getInstance, cached)
 
     fun messageDigest(algorithm: String): Pooled<JMessageDigest> =
         messageDigests.get(algorithm, JMessageDigest::getInstance, JMessageDigest::getInstance)

cryptography-providers/jdk/src/jvmMain/kotlin/algorithms/JdkChaCha20Poly1305.kt

@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.jdk.algorithms
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.materials.key.*
+import dev.whyoleg.cryptography.operations.*
+import dev.whyoleg.cryptography.providers.base.algorithms.*
+import dev.whyoleg.cryptography.providers.base.operations.*
+import dev.whyoleg.cryptography.providers.jdk.*
+import dev.whyoleg.cryptography.providers.jdk.materials.*
+import dev.whyoleg.cryptography.providers.jdk.operations.*
+import javax.crypto.spec.*
+
+internal class JdkChaCha20Poly1305(
+    private val state: JdkCryptographyState,
+) : ChaCha20Poly1305 {
+    private val keyWrapper: (JSecretKey) -> ChaCha20Poly1305.Key = { key -> JdkChaCha20Poly1305Key(state, key) }
+    private val keyDecoder = JdkSecretKeyDecoder<ChaCha20Poly1305.Key.Format, _>("ChaCha20", keyWrapper)
+
+    override fun keyDecoder(): KeyDecoder<ChaCha20Poly1305.Key.Format, ChaCha20Poly1305.Key> = keyDecoder
+    override fun keyGenerator(): KeyGenerator<ChaCha20Poly1305.Key> =
+        JdkSecretKeyGenerator(state, "ChaCha20", keyWrapper) {
+            init(state.secureRandom)
+        }
+}
+
+private class JdkChaCha20Poly1305Key(
+    private val state: JdkCryptographyState,
+    private val key: JSecretKey,
+) : ChaCha20Poly1305.Key, JdkEncodableKey<ChaCha20Poly1305.Key.Format>(key) {
+    override fun cipher(): IvAuthenticatedCipher = JdkChaCha20Poly1305Cipher(state, key)
+
+    override fun encodeToByteArrayBlocking(format: ChaCha20Poly1305.Key.Format): ByteArray = when (format) {
+        ChaCha20Poly1305.Key.Format.JWK -> error("$format is not supported")
+        ChaCha20Poly1305.Key.Format.RAW -> encodeToRaw()
+    }
+}
+
+private const val chachaNonceSize: Int = 12
+
+private class JdkChaCha20Poly1305Cipher(
+    private val state: JdkCryptographyState,
+    private val key: JSecretKey,
+) : BaseIvAuthenticatedCipher {
+    // TODO: !!! we can't cache it, because the check about reusing IV is too strict, as on JDK 11 and 17 it will check on decryption too - TBD?
+    private val cipher = state.cipher("ChaCha20-Poly1305", cached = false)
+
+    override fun createEncryptFunction(associatedData: ByteArray?): CipherFunction {
+        val iv = ByteArray(chachaNonceSize).also(state.secureRandom::nextBytes)
+        return BaseImplicitIvEncryptFunction(iv, createEncryptFunctionWithIv(iv, associatedData))
+    }
+
+    override fun createDecryptFunction(associatedData: ByteArray?): CipherFunction {
+        return BaseImplicitIvDecryptFunction(chachaNonceSize) { iv: ByteArray, startIndex: Int ->
+            createDecryptFunctionWithIv(iv, startIndex, chachaNonceSize, associatedData)
+        }
+    }
+
+    override fun createEncryptFunctionWithIv(iv: ByteArray, associatedData: ByteArray?): CipherFunction {
+        return JdkCipherFunction(cipher.borrowResource {
+            init(JCipher.ENCRYPT_MODE, key, IvParameterSpec(iv), state.secureRandom)
+            associatedData?.let(this::updateAAD)
+        })
+    }
+
+    private fun createDecryptFunctionWithIv(
+        iv: ByteArray,
+        startIndex: Int,
+        ivSize: Int,
+        associatedData: ByteArray?,
+    ): CipherFunction {
+        return JdkCipherFunction(cipher.borrowResource {
+            init(JCipher.DECRYPT_MODE, key, IvParameterSpec(iv, startIndex, ivSize), state.secureRandom)
+            associatedData?.let(this::updateAAD)
+        })
+    }
+
+    override fun createDecryptFunctionWithIv(iv: ByteArray, associatedData: ByteArray?): CipherFunction {
+        return createDecryptFunctionWithIv(iv, 0, iv.size, associatedData)
+    }
+}