RFR 8171277: Elliptic Curves for Security in Crypto (part 2)
Adam Petcher
adam.petcher at oracle.com
Tue Mar 27 20:23:20 UTC 2018
After the last code review[1] on this topic completed, it was suggested
that I add some more "spec enforcement" to the XDH service. The code
hasn't been integrated yet, so I'm doing this as a follow-on review
under the same ticket. The latest webrev contains only the diff from the
end of the last review.
JBS: https://bugs.openjdk.java.net/browse/JDK-8171277
Webrev: http://cr.openjdk.java.net/~apetcher/8171277/webrev.03/
(note: you can look at webrev.02 to see the code at the end of the last
review).
For XDH, we are adding the algorithm names "X25519" and "X448", because
these names are more widely known than "XDH". This leaves us with the
problem of whether things like this should be allowed:
var kpg = KeyPairGenerator.getInstance("X448");
kpg.initialize(new NamedParameterSpec("X25519"));
To promote good code hygiene, the implementation in SunEC will reject
all confusing combinations like this in all XDH services. Programmers
can still use the "XDH" algorithm name to get a service that allows all
supported parameters and key sizes.
[1]
http://mail.openjdk.java.net/pipermail/security-dev/2018-March/016915.html
More information about the security-dev
mailing list