diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-01-04 17:22:54 +0100 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-01-05 15:23:38 +0100 |
commit | b9292918b2ec3c26492ae2424756080059a089b4 (patch) | |
tree | 18cb7dfd715759f0d64d0d67c574af3981e7cf21 /node-admin/src/test | |
parent | bb6638634f5bec608f62d710c97b0b97f79fc07f (diff) |
Use ChaCha20-Poly1305 instead of AES-GCM for shared key-based crypto
This is to get around the limitation where AES GCM can only produce
a maximum of 64 GiB of ciphertext for a particular <key, IV> pair before
its security properties break down. ChaCha20-Poly1305 does not have any
practical limitations here.
ChaCha20-Poly1305 uses a 256-bit key whereas the shared key is 128 bits.
A HKDF is used to internally expand the key material to 256 bits.
To let token based decryption be fully backwards compatible, introduce
a token version 2. V1 tokens will be decrypted with AES-GCM 128, while
V2 tokens use ChaCha20-Poly1305.
As a bonus, cryptographic operations will generally be _faster_ after
this cipher change, as we use BouncyCastle ciphers and these do not use
any native AES instructions. ChaCha20-Poly1305 is usually considerably
faster when running without specialized hardware support. An ad-hoc
experiment with a large ciphertext showed a near 70% performance increase
over AES-GCM 128.
Diffstat (limited to 'node-admin/src/test')
-rw-r--r-- | node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java index 1fd688558a0..c5a652e5702 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoredumpHandlerTest.java @@ -294,7 +294,7 @@ public class CoredumpHandlerTest { // We don't parse any of these fields in the test, so just use dummy contents. byte[] enc = bytesOf("hello world"); byte[] ciphertext = bytesOf("imaginary ciphertext"); - return new SecretSharedKey(secretKey, new SealedSharedKey(keyId, enc, ciphertext)); + return new SecretSharedKey(secretKey, new SealedSharedKey(SealedSharedKey.CURRENT_TOKEN_VERSION, keyId, enc, ciphertext)); } } |