RFR: 8340327: A common framework to support public key algorithms with standard parameter sets [v9]
Sean Mullan
mullan at openjdk.org
Mon Oct 7 20:27:36 UTC 2024
On Mon, 7 Oct 2024 18:07:19 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/provider/NamedKEM.java line 72:
>>
>>> 70: throws InvalidAlgorithmParameterException, InvalidKeyException {
>>> 71: if (spec != null) {
>>> 72: throw new InvalidAlgorithmParameterException("No params needed");
>>
>> Could you make this message more helpful? Ex: "The ML-KEM-768 algorithm does not take any parameters", where "ML-KEM-768" is the alg+param name in use (may need a new protected method to obtain that).
>
> I think we can just say "ML-KEM does not take any parameters". Otherwise it gives out a false hint that ML-KEM-768 does not because it already has a parameter set. The parameters in this method is not the parameters for the key but for the KEM algorithm itself. This is also the same for `NamedSignature::engineSetParameter`. It's even important there because one day when we decide to support PreHash ML-DSA we will need parameters.
Ok, makes sense.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21167#discussion_r1790829841
More information about the security-dev
mailing list