RFR 8171279: Support X25519 and X448 in TLS 1.3

[Adam Petcher]

On 9/7/2018 9:34 AM, Xuelei Fan wrote:

> JSSE should use the 'x25519' name (via NamedParameterSpec object) only.

This is the part that I don't know how to do. In JSSE, we convert 
between the array containing the encoded public key and the BigInteger 
representation of the public key used in XECPublicKeySpec. To do this, 
you need to know the length of the key, in bits. That means that JSSE 
needs to know the length of the key, in addition to the name, in order 
to do this conversion. I understand that there are lots of ways to get 
this information in JSSE, but I don't know which ways you would find 
acceptable.

We keep going back and forth, saying the exact same things, and we don't 
seem to be making any progress. Can you please provide some code to 
illustrate what you want me to do? All I need is an acceptable 
implementation of the following method, that is used by JSSE to decode 
public keys:

public static XECPublicKeySpec decodeXecPublicKey(byte[] key,
                                         NamedParameterSpec spec)
         throws InvalidParameterSpecException {

     XECParameters params = XECParameters.get(
         InvalidParameterSpecException::new, spec);
     BigInteger u = decodeXecPublicKey(key, params.getBits());
     return new XECPublicKeySpec(spec, u);
}

For reference, here is the implementation of the helper method that does 
the actual decoding, using the length.

public static BigInteger decodeXecPublicKey(byte[] key,
                                             int bits) {

     ArrayUtil.reverse(key);
     // clear the extra bits
     int bitsMod8 = bits % 8;
     if (bitsMod8 != 0) {
         int mask = (1 << bitsMod8) - 1;
         key[0] &= mask;
     }
     return new BigInteger(1, key);
}