ChaCha20Poly1305 interface suggests stream usage, but doesn't support streaming

[twisteroidambassador]

wolfcrypt.ciphers.ChaCha20Poly1305 has many of the same methods as wolfcrypt.ciphers.AesGcmStream, suggesting that it also supports streaming usage, but it actually doesn't.

Specifically, both these classes provide the following methods: set_aad, encrypt / decrypt, final. This suggests the following workflow:

# for encryption
set_aad(aad) -> encrypt(data1) -> encrypt(data2) -> ... -> final()
# for decryption
set_aad(aad) -> decrypt(data1) -> decrypt(data2) -> ... -> final(tag)

AesGcmStream does actually work like this, but ChaCha20Poly1305 does not.

Problems of ChaCha20Poly1305 include:

• __init__ requires the aad argument, making set_aad redundant
• encrypt returns both ciphertext and tag, and calling encrypt again raises UnboundLocalError
• decrypt takes both ciphertext and tag, making final redundant
• there is no workflow where final can be called at all

Recommendations:

First, decide whether ChaCha20Poly1305 should support streaming or not.

• If ChaCha20Poly1305 should support streaming:
  • Make its interface exactly the same as AesGcmStream
• If ChaCha20Poly1305 should not support streaming:
  • Make its interface exactly the same as AesSiv

[embhorn]

Hi @twisteroidambassador

Thanks for bringing this to our attention. I have modified it to be a one shot algorithm:
#84

Could you tell us a bit about your project using wolfCrypt-Py?

Kind regards,
@embhorn - wolfSSL Support