RFR: 8325448: Hybrid Public Key Encryption [v14]

[Sean Mullan]

On Wed, 2 Apr 2025 20:35:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>> ![hpke](https://github.com/user-attachments/assets/4edc5d08-ef52-44c5-b5d5-e8890c2d2fce)
>
> Weijun Wang has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - put encapsulation in params from getParameters
>  - receiver must specify all algorithm identifiers

src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 53:

> 51:  * <li> {@link #of()} creates an instance with unspecified KEM, KDF, and AEAD
> 52:  * algorithms, which will be determined by the implementation based on the key
> 53:  * provided to {@code init()}. This instance can only be used by the sender.

Does `Cipher.init` throw an exception if the parameters created by `HPKEParameterSpec.of()` are initialized with a cipher in decrypt mode?

src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 82:

> 80:  * public key.
> 81:  * <li>
> 82:  * If HPKE modes {@code mode_psk} or {@code mode_auth_psk} are used,

If you want to use `mode_auth_psk`, do you have to call both `authKey` and `psk` methods? If so, I think it would be more readable if you have a separate paragraph for this mode, indicating calling both methods are required.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2040102243
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2040109790