RFR: 8325448: Hybrid Public Key Encryption [v15]

Sean Mullan mullan at openjdk.org
Mon Apr 14 17:56:53 UTC 2025 

On Fri, 11 Apr 2025 20:41:13 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>> ![hpke](https://github.com/user-attachments/assets/4edc5d08-ef52-44c5-b5d5-e8890c2d2fce)
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   toString, exportData, spec in HPKEParameters must have algorithm identifiers specified

src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 78:

> 76:  * {@link #info(byte[])} method by both sides.
> 77:  * <li>
> 78:  * If HPKE modes {@code mode_auth} or {@code mode_auth_psk} are used,

This could be reworded as: "To use the HPKE modes {@code mode_auth} ..."

src/java.base/share/classes/javax/crypto/spec/snippet-files/PackageSnippets.java line 35:

> 33:     public static void main(String[] args) throws Exception {
> 34:         // @start region="hpke-spec-example"
> 35:         // Key pair generation

Comment should note this is the recipient's key pair.

src/java.base/share/classes/javax/crypto/spec/snippet-files/PackageSnippets.java line 46:

> 44:         sender.init(Cipher.ENCRYPT_MODE, kp.getPublic(), ps);
> 45: 
> 46:         // Retrieve the actual parameters used from the sender.

I think it would be more clear if you didn't name the cipher objects `sender` and `recipient` because there can be confusion as to whether you mean the cipher objects or the sender/receiver entities.

src/java.base/share/classes/javax/crypto/spec/snippet-files/PackageSnippets.java line 64:

> 62:         recipient.init(Cipher.DECRYPT_MODE, kp.getPrivate(), pr);
> 63: 
> 64:         // Secure communication between the 2 sides

There is no secure communication in the code below. I would remove/change this comment.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2042597344
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2042605774
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2042611506
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2042620693

More information about the security-dev mailing list