[RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

Anthony Scarpino anthony.scarpino at oracle.com
Tue Mar 31 02:50:23 UTC 2020


On 3/30/20 11:52 AM, Anthony Scarpino wrote:
> 
> On 3/30/20 6:21 AM, Weijun Wang wrote:
>> I was playing with keytool with your patch and noticed
>> sun.security.util.KeyUtil.getKeySize(Key) does not support an
>> EdECKey. While we use curve name instead of key size in EC to
>> describe the parameters, the size is still useful in determining the
>> strength.
> 
> I think I should be able to access the parameter with the key's 
> NamedParameterSpec to return the size.

I was wrong about this.  The parameters are part of jdk.crypto.ec while 
KeyUtil is part of java.base, so I cannot access the internal 
EdDSAParameters class.

The easiest way would be to look at the NamedParameterSpec and return a 
hardcoded length based on the curve used. It's not ideal, but all these 
curves don't change lengths unlike for RSA, AES, etc.

Tony

> 
>>
>> There is also a KeyUtil.getKeySize(AlgorithmParameters) nearby. I'm
>> not involved with previous discussions on EdDSA design, but why does
>> EdDSASignature.engineGetParameters() throw an UOE?
> 
> Because the public API for engineGetParameter(String param) is 
> deprecated would be my suspicion.
> 
>> Another small problem:
>>
>> You reverted the copyright year from 2020 to an earlier year in
>> module-info.java, keytool/Main.java.
> 
> The copyright has not been reverted, the jdk repo was updated to 2020 
> from another changeset.
> 
>>
>> Thanks, Max
>>
>>> On Mar 24, 2020, at 2:53 AM, Anthony Scarpino
>>> <anthony.scarpino at oracle.com> wrote:
>>>
>>> On 2/25/20 12:49 PM, Anthony Scarpino wrote:
>>>> Hi I need a code review for the EdDSA support in JEP 339.  The
>>>> code builds on the existing java implemented constant time
>>>> classes used for XDH and the NIST curves.  The change also adds
>>>> classes to the public API to support EdDSA operations. All
>>>> information about the JEP is located at: JEP 339:
>>>> https://bugs.openjdk.java.net/browse/JDK-8199231 CSR:
>>>> https://bugs.openjdk.java.net/browse/JDK-8190219 webrev:
>>>> https://cr.openjdk.java.net/~ascarpino/8166597/webrev/ thanks Tony
>>>
>>>
>>> I updated the webrev with some minor updates that were commented
>>> previously.
>>>
>>> https://cr.openjdk.java.net/~ascarpino/8166597/webrev.01/
>>>
>>> Tony
>>
> 




More information about the security-dev mailing list