RFR: 8346129: Simplify EdDSA & XDH curve name usage
Weijun Wang
weijun at openjdk.org
Fri Feb 21 20:37:53 UTC 2025
On Fri, 14 Feb 2025 18:44:38 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
> Hi,
>
> I need a review for the following change. Naming conventions for EdDSA and XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator. These internal changes help make it more consistent when parsing the actual curve being used vs the broader algorithm name.
>
> thanks
>
> Tony
test/jdk/sun/security/util/AlgorithmConstraints/DisabledAlgorithmPermits.java line 61:
> 59: case "Ed25519" ->
> 60: Arrays.asList(
> 61: new TestCase("EdDSA", false),
As Sean mentioned in another comment, disabling "Ed25519" does not imply all EdDSA keys are not permitted. This means the result of `permits(primitives, algorithmName, parameters)` cannot be determined. That said, I noticed you've used `KeyUtil::getAlgorithm` in a lot of places. Can we guarantee that this `permits` method is never called on a family algorithm name? If so, we can get a definitive result.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1966138673
More information about the security-dev
mailing list