RFR: 8347938: Switch to latest ML-KEM private key encoding
Weijun Wang
weijun at openjdk.org
Thu Jan 30 23:52:27 UTC 2025
The private key encoding formats of ML-KEM and ML-DSA are updated to match the latest IERTF drafts at: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-06 and https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-07. Most importantly, the seed used to generate a key pair is now stored in the private key.
Both the seed and the expanded format are stored inside a `NamedPKCS8Key` now. When loading from a PKCS #8 key that contains the seed, both fields will be filled. If the PKCS #8 encoding only contains the expanded key (which does not conform to the current drafts but might have been created earlier), the expanded key will be read and used in KEM and signature operations.
-------------
Commit messages:
- clean executable bits
- the fix
Changes: https://git.openjdk.org/jdk/pull/23376/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=23376&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8347938
Stats: 1744 lines in 19 files changed: 1375 ins; 302 del; 67 mod
Patch: https://git.openjdk.org/jdk/pull/23376.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/23376/head:pull/23376
PR: https://git.openjdk.org/jdk/pull/23376
More information about the security-dev
mailing list