Add 32 byte default rekey() to CipherState #8
Conversation
|
I don't think the nonce overflow check is correct. Unless the specification has changed since I last looked at it, I believe that the Noise nonce value is intended to be an unsigned 64-bit value where all nonces except 0xFFFFFFFFFFFFFFFF (i.e. -1L) are valid. Unfortunately Java doesn't have unsigned types so it is necessary to fake it with a signed long type. |
|
You're right. I misunderstood the overflow check to mean the actual overflow from positive to negative. But, you're right, those would be still valid values from the specification's point of view. So -1L is disallowed, except for rekey(). I'll think I'll just copy-paste rekey() to all 3 implementations then, so I can leave that check in, but not use it for rekey(). Or do you have a better design idea maybe? |
|
I moved the 3 nonce checks to a common decorator type class, so the rekey() now works, but the check is still in place for decrypt and encrypt calls from the "outside". |
Add the REKEY() function as specified by the Noise specification for 32 byte keys.
Patch also contains a related fix for nonce overflow check, which was -1, but the overflow actually happens at Long.MIN_VALUE which is Long.MAX_VALUE+1. -1 is actually 2^64-1, which is used for the above rekey() function.