RFR: 8346129: Simplify EdDSA & XDH curve name usage
Weijun Wang
weijun at openjdk.org
Fri Feb 21 20:28:52 UTC 2025
On Fri, 14 Feb 2025 18:44:38 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
> Hi,
>
> I need a review for the following change. Naming conventions for EdDSA and XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator. These internal changes help make it more consistent when parsing the actual curve being used vs the broader algorithm name.
>
> thanks
>
> Tony
src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java line 78:
> 76: private static List<String> aliasEd25519 = null;
> 77: private static List<String> aliasXDH = null;
> 78: private static List<String> aliasX25519 = null;
I am a little suspicious in this approach. At least this means for each "family" algorithm name like "EdDSA", we need to hardcode all its parameter set names here. Sounds not very sustainable.
An EdDSA key always has its `getAlgorithm` being "EdDSA" (at least inside SunEC) and its `getParams()` being the parameter set name. So it looks like it's enough if we do a name comparison on both.
Also, why no `aliasEd448` and `aliasX448` here?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1966129144
More information about the security-dev
mailing list