RFR: 8325448: Hybrid Public Key Encryption [v15]
Weijun Wang
weijun at openjdk.org
Mon Apr 21 15:02:55 UTC 2025
On Tue, 15 Apr 2025 13:04:58 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> toString, exportData, spec in HPKEParameters must have algorithm identifiers specified
>
> src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 103:
>
>> 101: return impl.aead.cipher.getBlockSize();
>> 102: } else {
>> 103: throw new IllegalStateException("No AEAD cipher");
>
> Should this return 0 instead per spec? The spec is not defined to throw `IllegalStateException`.
It's totally OK to return 0 for the `EXPORT_ONLY` case, but before the cipher is initialized, there is no way to know if AES/GCM or ChaCha20-Poly1305 is used.
Existing ciphers know the block size even there is no key.
> src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 156:
>
>> 154: impl = new Impl(opmode);
>> 155: if (!(key instanceof AsymmetricKey ak)) {
>> 156: throw new InvalidKeyException("Not asymmetric key");
>
> Nit: "Not an asymmetric key"
OK.
> src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 178:
>
>> 176: AlgorithmParameters params, SecureRandom random)
>> 177: throws InvalidAlgorithmParameterException {
>> 178: throw new InvalidAlgorithmParameterException(
>
> Could you support this method by extracting the `HKDFParameterSpec` from the `AlgorithmParameters`?
Yes, I can do that now.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2052540825
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2052541307
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2052542330
More information about the security-dev
mailing list