RFR: 8298390: Implementing ML-KEM key encapsulation mechanism [v15]
Kevin Driver
kdriver at openjdk.org
Thu Nov 7 16:56:46 UTC 2024
On Thu, 7 Nov 2024 00:47:33 GMT, Ben Perez <bperez at openjdk.org> wrote:
>> Java implementation of ML-KEM, the [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) post-quantum KEM scheme. Depends on https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request incrementally with two additional commits since the last revision:
>
> - default random for encaps, supported alg in SunJCE
> - copyright header
src/java.base/share/classes/com/sun/crypto/provider/ML_KEM.java line 515:
> 513: mlKemH.update(encapsKey);
> 514: mlKemH.digest(decapsKey, kPkePrivateKey.length + encapsKey.length, 32);
> 515: System.arraycopy(kem_z, 0, decapsKey, kPkePrivateKey.length + encapsKey.length + 32, 32);
Should values be zeroed after this line/before return?
src/java.base/share/classes/com/sun/crypto/provider/ML_KEM.java line 568:
> 566: var kAndCoins = mlKemG.digest();
> 567: var realResult = Arrays.copyOfRange(kAndCoins, 0, 32);
> 568: var coins = Arrays.copyOfRange(kAndCoins, 32, 64);
Several copies take place here. Should anything be zeroed?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21478#discussion_r1833027678
PR Review Comment: https://git.openjdk.org/jdk/pull/21478#discussion_r1833030686
More information about the security-dev
mailing list