RFR 8171279: Support X25519 and X448 in TLS 1.3

Xuelei Fan xuelei.fan at oracle.com
Fri Sep 7 14:06:52 UTC 2018 


On 9/7/2018 6:34 AM, Xuelei Fan wrote:
>  > The NamedParameterSpec object holds the name only, and not the key size.
> The name is not a meaningless string, it refer to a specific thing.  For 
> more examples, please refer to the standard names documentation, every 
> name has its specific meaning and the background.  If the name is just a 
> meaningless string, there is nothing we can do for it and we may not 
> want to define a meaningless API.
> 
> The parse of the NamedParameterSpec name is really about the 
> implementation details.  For example, for KeyFactory:
> 
>     public PublicKey engineGeneratePublic(KeySpec keySpec) {
>        if (the algorithm is 'x25519') {
>            // use the X25519 parameters, including key size
>        } else if ('x448') {
>            // use the X25519 parameters, including key size
stupid copy and past: X25519 -> X448

>        }
>     }
> 
> There are a few alternatice ways.  You can define a enum in the XDH 
> provider, or just use switch, or use Map, or something else you like. 
> Which one is a better one, it may depends on the implementation details.
> 
> Please don't define the x25519 parameters in JSSE.  JSSE should use the 
> 'x25519' name (via NamedParameterSpec object) only.  The underlying JCE 
> provider should take the responsibility to support the 
> NamedParameterSpec and defines the internal/private parameters for the 
> specific name.
> 
> Thanks,
> Xuelei
> 
> On 9/7/2018 5:49 AM, Adam Petcher wrote:
>> On 9/6/2018 4:49 PM, Xuelei Fan wrote:
>>
>>> I asked the question in a previous email.  The key size for x25529 is 
>>> fixed, right?
>>
>> Right.
>>
>>>
>>> If it is not right, stop here and tell me that it is not right. Keep 
>>> reading if it is right.
>>>
>>> OK, as the key size for x25519 is fixed, when you know the algorithm 
>>> is x25519, you know the key size.  Does it sound right to you?
>>
>> Possibly right---it depends on what you mean by "know". If all you 
>> have is the name, then you need use a static mapping to look up the 
>> key length.
>>
>>>
>>> If it is not right, stop here and tell me that it is not right. 
>>> Otherwise, keep reading.
>>>
>>> From the name you know the key size, when you create a 
>>> NamedParameterSpec object for "x25519", you know the name and key 
>>> size from the object, right?
>>
>> The NamedParameterSpec object holds the name only, and not the key 
>> size. We create the NamedParameterSpec from the algorithm name in the 
>> NamedGroup enum, which also doesn't have the key size. Are you 
>> suggesting that I add the key size to this enum as well? Like this:
>>
>>          // x25519 and x448
>>          X25519      (0x001D, "x25519", true, "x25519", 255,
>>                              ProtocolVersion.PROTOCOLS_TO_13),
>>          X448        (0x001E, "x448", true, "x448", 448,
>>                              ProtocolVersion.PROTOCOLS_TO_13),
>>
>> The constructor will take this length and store it. Then we can get 
>> this value out of the NamedGroup in XDHKeyExchange and pass it in to 
>> the methods of ECUtil so we don't need to get it from XECParameters. 
>> Is this what you had in mind?

More information about the security-dev mailing list