RFR: 8358594: Misleading keyLength value captured in JFR event for ML-KEM key [v3]
Mikhail Yankelevich
myankelevich at openjdk.org
Tue Jun 17 13:11:29 UTC 2025
On Thu, 5 Jun 2025 01:26:04 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Add more comment on why `KeyUtil::getKeySize` could return -1. Add a new method `getNistCategory` to get the NIST security category.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> enhance test to be exhaustive
src/java.base/share/classes/sun/security/util/KeyUtil.java line 150:
> 148: && ak.getParams() instanceof NamedParameterSpec nps)
> 149: ? nps.getName()
> 150: : k.getAlgorithm();
This case is not covered. Could you please add something like this test? it should cover the case when this is false `k instanceof AsymmetricKey ak && ak.getParams() instanceof NamedParameterSpec nps`
static void testDummyKey() throws Exception {
Key key = new Key() {
@Override
public String getAlgorithm() {
return "";
}
@Override
public String getFormat() {
return "";
}
@Override
public byte[] getEncoded() {
return new byte[0];
}
};
Asserts.assertEQ(-1, KeyUtil.getNistCategory(key));
}
```
and `testDummyKey();` on line 52 of course.
test/jdk/sun/security/provider/all/NistCategories.java line 46:
> 44: for (var p : Security.getProviders()) {
> 45: for (var s : p.getServices()) {
> 46: switch (s.getType()) {
Minor: why not just this? I don't mind, just asking
for (var p : Security.getProviders()) {
for (var s : p.getServices()) {
if ("KeyPairGenerator".equals(s.getType())) {
test(s);
}
}
}
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/25642#discussion_r2152233592
PR Review Comment: https://git.openjdk.org/jdk/pull/25642#discussion_r2152056476
More information about the security-dev
mailing list