RFR: 8297878: KEM: Implementation
Xue-Lei Andrew Fan
xuelei at openjdk.org
Thu Apr 13 02:54:31 UTC 2023
On Wed, 12 Apr 2023 23:23:02 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> If the interface is only in `KEM`, then it needs a `provider()` method, but an implementation actually does not know what the provider is.
With "implementation", do you mean the javax/crypto/KEPSpi.java or src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java?
If it is refer to KEPSpi.java, why KEPSpi.java need to know what the provider is? Is it sufficient to use engineNewEncapsulator() to get the provider implementation?
If it is refer to DHKEM.java, I did not get the idea why the provider is unknown.
> An implementation can be registered in any (or even multiple) providers.
I did not get the idea. Why it is not registered in SunJCE?
I think you may have evaluated the following idea, but I'm not why it is not work. I may missed something. Would you mind explain in more details?
public final class KEM {
interface Encapsulator {
...
KEM.Encapsulated encapsulate(...);
...
}
public static KEM getInstance(String algorithm) {
...
}
// Search for the registered providers, return the 1st non-null provider.newEncapsulator() or throw exception.
public Encapsulator newEncapsulator(PublicKey pk,
AlgorithmParameterSpec spec, SecureRandom secureRandom)
...
}
}
public interface KEMSpi {
// A provider implementation will implement the KEM.Encapsulator
// interface internally. If a provider does not support the parameters,
// null or nil object will be returned.
public KEM.Encapsulator newEncapsulator(PublicKey pk,
AlgorithmParameterSpec spec, SecureRandom secureRandom);
}
Use case:
KEM.getInstance(DHKEM).newEncapsulator(...);
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13256#discussion_r1164923024
More information about the security-dev
mailing list