RFR: 8346129: Simplify EdDSA & XDH curve name usage
Anthony Scarpino
ascarpino at openjdk.org
Fri Feb 21 21:14:53 UTC 2025
On Fri, 21 Feb 2025 20:25:59 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hi,
>>
>> I need a review for the following change. Naming conventions for EdDSA and XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator. These internal changes help make it more consistent when parsing the actual curve being used vs the broader algorithm name.
>>
>> thanks
>>
>> Tony
>
> src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java line 78:
>
>> 76: private static List<String> aliasEd25519 = null;
>> 77: private static List<String> aliasXDH = null;
>> 78: private static List<String> aliasX25519 = null;
>
> I am a little suspicious in this approach. At least this means for each "family" algorithm name like "EdDSA", we need to hardcode all its parameter set names here. Sounds not very sustainable.
>
> An EdDSA key always has its `getAlgorithm` being "EdDSA" (at least inside SunEC) and its `getParams()` being the parameter set name. So it looks like it's enough if we do a name comparison on both.
>
> Also, why no `aliasEd448` and `aliasX448` here?
I have to give more thought on checking the algorithm and the `getParams()` against the list. That may eliminate the need for the hardcoded list..
As to why 448 curves didn't need an alias, there is no other way to specify those curves other than their given name, like mentioned with the KPG/Ed25519 example in my comment to Sean
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1966173549
More information about the security-dev
mailing list