Please review EdDSA API

Adam Petcher adam.petcher at oracle.com
Wed Jul 25 15:07:53 UTC 2018


+core-libs-dev for additional API expertise.


On 7/25/2018 10:29 AM, Adam Petcher wrote:
> The draft CSR[1] for the EdDSA API[2] is ready for review. Please take 
> a look and send me any feedback you may have. Here are a few 
> high-level notes to explain the API:
>
> 1) Where possible, this API is similar to the API for X25519/X448. To 
> get the complete background/motivation for the API design, you can 
> review the discussion[3] on this topic.
> 2) Similar to X25519/X448, private keys are byte arrays, and public 
> keys coordinates. Though we can't get by with a single BigInteger 
> coordinate for EdDSA, so I am using the new EdPoint class to hold the 
> coordinates.
> 3) EdDSA has multiple signature modes defined in the RFC[4], including 
> some that "prehash" the input before signing. The draft API uses the 
> EdDSAParameterSpec class to specify parameters of these modes. The 
> standard does not allow an arbitrary choice of prehash function, so 
> the API for EdDSA does not support algorithm names like 
> "SHA256withEdDSA".
>
> [1] https://wiki.openjdk.java.net/display/csr/Main
> [2] https://bugs.openjdk.java.net/browse/JDK-8190219
> [3] 
> http://mail.openjdk.java.net/pipermail/security-dev/2017-September/016325.html
> [4] https://tools.ietf.org/html/rfc8032
>



More information about the security-dev mailing list