RFR 8171279: Support X25519 and X448 in TLS 1.3
Adam Petcher
adam.petcher at oracle.com
Fri Sep 7 12:49:52 UTC 2018
On 9/6/2018 4:49 PM, Xuelei Fan wrote:
> I asked the question in a previous email. The key size for x25529 is
> fixed, right?
Right.
>
> If it is not right, stop here and tell me that it is not right. Keep
> reading if it is right.
>
> OK, as the key size for x25519 is fixed, when you know the algorithm
> is x25519, you know the key size. Does it sound right to you?
Possibly right---it depends on what you mean by "know". If all you have
is the name, then you need use a static mapping to look up the key length.
>
> If it is not right, stop here and tell me that it is not right.
> Otherwise, keep reading.
>
> From the name you know the key size, when you create a
> NamedParameterSpec object for "x25519", you know the name and key size
> from the object, right?
The NamedParameterSpec object holds the name only, and not the key size.
We create the NamedParameterSpec from the algorithm name in the
NamedGroup enum, which also doesn't have the key size. Are you
suggesting that I add the key size to this enum as well? Like this:
// x25519 and x448
X25519 (0x001D, "x25519", true, "x25519", 255,
ProtocolVersion.PROTOCOLS_TO_13),
X448 (0x001E, "x448", true, "x448", 448,
ProtocolVersion.PROTOCOLS_TO_13),
The constructor will take this length and store it. Then we can get this
value out of the NamedGroup in XDHKeyExchange and pass it in to the
methods of ECUtil so we don't need to get it from XECParameters. Is this
what you had in mind?
More information about the security-dev
mailing list