RFR: 8346129: Simplify EdDSA & XDH curve name usage
Anthony Scarpino
ascarpino at openjdk.org
Fri Feb 21 21:14:54 UTC 2025
On Fri, 21 Feb 2025 19:15:21 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Hi,
>>
>> I need a review for the following change. Naming conventions for EdDSA and XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator. These internal changes help make it more consistent when parsing the actual curve being used vs the broader algorithm name.
>>
>> thanks
>>
>> Tony
>
> src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java line 95:
>
>> 93: case "Ed25519" -> {
>> 94: if (aliasEd25519 == null) {
>> 95: aliasEd25519 = List.of("EdDSA", "Ed25519");
>
> Hmm. Should disabling Ed25519 also disable EdDSA? I can see the reverse, but isn't Ed25519 meant to be a specific curve for EdDSA?
This is complicated by `KeyPairGenerator.getInstance("EdDSA")` returning an Ed25519 key
If someone were to check permits() with "EdDSA" the above code recognizes that "Ed25519" on the disabled algorithm list overlaps with "EdDSA". This is the first test in the test coded included in the PR.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1966171536
More information about the security-dev
mailing list