[RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

Bradford Wetmore bradford.wetmore at oracle.com
Tue May 12 00:07:20 UTC 2020 

Finally found the bottom of the review.  ;)  I'll send you minor nits 
(unused imports/etc.) in a separate email.


src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSAOperations.java
----------
136:  Here you are calling sun.security.util.ArrayUtil.reverse() (and
swap()), but you also added a reverse code in EdDSAPublicKeyImpl.java.
I would suggest removing the one in EdDSAPublicKeyImpl and make those
calls call into ArrayUtil.

141:  Wouldn't it be better to use a temporary variable here instead of
2 array reversals?

src/jdk.crypto.ec/share/classes/sun/security/ec/ed/EdDSASignature.java
----------
115-118:  You're calling edKey.getPoint() twice here.

139/150:  indent problem.

test/jdk/sun/security/ec/ed/TestEdDSA.java
----------
362:  Extra //XXX

test/jdk/sun/security/ec/ed/TestEdOps.java
----------
Please put in where you got these test vectors.

206:  Could you put in a quick note here why you're doing this?  i.e. to
avoid draining the system's entropy pool by using a seeded PRNG.

Thanks,

Brad



On 5/4/2020 6:12 PM, Bradford Wetmore wrote:
> All minor nits, can be done later if it won't be a problem to make minor 
> API wording tweaks.
> 
> On 5/4/2020 10:17 AM, Anthony Scarpino wrote:
>> On 2/25/20 12:49 PM, Anthony Scarpino wrote:
>>> Hi
>>>
>>> I need a code review for the EdDSA support in JEP 339.  The code 
>>> builds on the existing java implemented constant time classes used 
>>> for XDH and the NIST curves.  The change also adds classes to the 
>>> public API to support EdDSA operations.
>>>
>>
>> Here is the final code review for the JEP. As the JEP is preparing to 
>> move to Propose-to-Target, if you have comments please state if they 
>> must be fixed as part of the initial putback.
>>
>> https://cr.openjdk.java.net/~ascarpino/8166597/webrev.05/
> 
> Javadoc issues remain throughout java.security.*.
> 
> e.g. EdDCPoint
> @param y the y-coordinate, represented using a BigInteger
> ->
> @param y the y-coordinate, represented using a @{code BigInteger}
> 
> a boolean indicating whether the x-coordinate is odd.
> ->
> a boolean indicating whether the x-coordinate is odd
> 
> src/java.base/share/classes/sun/security/provider/SHA3.java
> ----------
> 114:  Is this comment about the 2-bit suffix still correct?
> 
> src/java.base/share/classes/sun/security/util/KeyUtil.java
> ----------
> 2:  Copyright date.
> 
> 110:  Do you want to go with the hardcoded values, or fix the commented 
> out code?
> 
> src/java.base/share/classes/java/security/interfaces/EdECPrivateKey.java
> ----------
> 38:  Very minor nit: EdEC reads a bit awkward to my eye: that term isn't 
> used in the RFC.  Change or keep.  Maybe:
> 
> An EdEC private key
> ->
> An Edwards-Curve private key ...
> or
> An {@code EdECPrivateKey} ...
> 
> Noticed some new typos, or you could do a minor replacement and reduce 
> some of the duplicate wording.
> 
> 51:
> the an {@code Optional}
> ->
> an {@code Optional}
> 
> 52:
> Ff
> ->
> If
> 
> Alternate idea:  You could take out the second sentence in the method
> description above and replace the @return with:
> 
>      * @return the private key byte array, or an empty {@code Optional} 
> if the
>      *     key cannot be extracted (e.g. if the provider is a hardware 
> token
>      *     and the private key is not allowed to leave the crypto 
> boundary).
> 
> This was based on the XEC wording.  Your call/choice.
> 
> src/java.base/share/classes/java/security/interfaces/EdECPublicKey.java
> ----------
> 37:  Same comment about EdEC.  Change or keep.
> 
> src/java.base/share/classes/java/security/spec/EdDSAParameterSpec.java
> ----------
> 92:  Repeat of previous comment from last week.   You replied "Ok" but 
> didn't
> see a change yet.
> 
> "...bound to the signature" sounds premature.  This is the context bound
> to the EdDSAParameteerSpec, which hasn't been yet bound to the signature.
> 
> src/java.base/share/classes/java/security/spec/EdECPoint.java
> ----------
> 38:  Same comment about EdEC.  Change or keep.
> 
> test/jdk/sun/security/ec/ed/TestEdDSA.java
> ----------
> Nits:
> 
> 211-212:  Indention problem
> 
> 159/257/258/301:  Extra whitespace.
> 
> 313:  The context value was set correctly from a previous test, but
> wouldn't hurt to reiterate it here.
> 
> Brad
>

More information about the security-dev mailing list