RFR: 8358594: Misleading keyLength value captured in JFR event for ML-KEM key [v2]
Weijun Wang
weijun at openjdk.org
Wed Jun 4 16:52:54 UTC 2025
On Wed, 4 Jun 2025 16:08:31 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> addressing Mark's comments
>
> src/java.base/share/classes/sun/security/util/KeyUtil.java line 62:
>
>> 60: * each standardized parameter set. For example, ML-KEM-768 is assigned to
>> 61: * category 3, and ML-DSA-87 to category 5.
>> 62: *
>
> Should we consider returning whatever number is an the end of PQC algorithms as a key size? That would make things consistent and it would allow us to use existing `keySize` algorithm constraints for PQC algorithms. Key sizes for RSA and EC algorithms already differ significantly for the same security level: 3072-bit RSA corresponds to 256-bit EC. So we can return `768` for ML-KEM-768 or `87` for ML-DSA-87.
For ML-DSA-87, 87 isn’t a key size in any sense. Using it as a key size would be misleading. For algorithm constraints, we can use the parameter set name directly.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25642#discussion_r2127040718
More information about the security-dev
mailing list