wolfcrypt.ciphers.ChaCha20Poly1305 has many of the same methods as wolfcrypt.ciphers.AesGcmStream, suggesting that it also supports streaming usage, but it actually doesn't.
Specifically, both these classes provide the following methods: set_aad, encrypt / decrypt, final. This suggests the following workflow:
# for encryption
set_aad(aad) -> encrypt(data1) -> encrypt(data2) -> ... -> final()
# for decryption
set_aad(aad) -> decrypt(data1) -> decrypt(data2) -> ... -> final(tag)
AesGcmStream does actually work like this, but ChaCha20Poly1305 does not.
Problems of ChaCha20Poly1305 include:
__init__ requires the aad argument, making set_aad redundantencrypt returns both ciphertext and tag, and calling encrypt again raises UnboundLocalErrordecrypt takes both ciphertext and tag, making final redundant- there is no workflow where
final can be called at all
Recommendations:
First, decide whether ChaCha20Poly1305 should support streaming or not.
- If
ChaCha20Poly1305 should support streaming:
- Make its interface exactly the same as
AesGcmStream
- If
ChaCha20Poly1305 should not support streaming:
- Make its interface exactly the same as
AesSiv
wolfcrypt.ciphers.ChaCha20Poly1305has many of the same methods aswolfcrypt.ciphers.AesGcmStream, suggesting that it also supports streaming usage, but it actually doesn't.Specifically, both these classes provide the following methods:
set_aad,encrypt/decrypt,final. This suggests the following workflow:AesGcmStreamdoes actually work like this, butChaCha20Poly1305does not.Problems of
ChaCha20Poly1305include:__init__requires theaadargument, makingset_aadredundantencryptreturns both ciphertext and tag, and callingencryptagain raisesUnboundLocalErrordecrypttakes both ciphertext and tag, makingfinalredundantfinalcan be called at allRecommendations:
First, decide whether
ChaCha20Poly1305should support streaming or not.ChaCha20Poly1305should support streaming:AesGcmStreamChaCha20Poly1305should not support streaming:AesSiv