RFR: 8298390: Implementing ML-KEM key encapsulation mechanism [v15]
Ben Perez
bperez at openjdk.org
Thu Nov 7 18:03:24 UTC 2024
On Thu, 7 Nov 2024 16:47:47 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Ben Perez has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - default random for encaps, supported alg in SunJCE
>> - copyright header
>
> src/java.base/share/classes/com/sun/crypto/provider/ML_KEM.java line 500:
>
>> 498: byte[] kem_d, byte[] kem_z)
>> 499: throws NoSuchAlgorithmException, DigestException {
>> 500: var mlKemH = MessageDigest.getInstance("SHA3-256");
>
> Should this algorithm be pulled out into a constant? Keccak is new-ish, but it may not be this forever and/or the output size may change from 256.
Made both SHA3-256 and SHA3-512 constants named `HASH_H_ NAME` and `HASH_G_NAME` respectively
> src/java.base/share/classes/com/sun/crypto/provider/ML_KEM_Provider.java line 129:
>
>> 127: @Override
>> 128: public byte[][] implEncapsulate(String name, byte[] encapsulationKey, Object ek, SecureRandom secureRandom) {
>> 129: byte[] randomBytes = new byte[32];
>
> Constant for `32`?
This is now `SEED_LENGTH`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21478#discussion_r1833138156
PR Review Comment: https://git.openjdk.org/jdk/pull/21478#discussion_r1833137234
More information about the security-dev
mailing list