RFR: 8346129: Simplify EdDSA & XDH curve name usage [v4]
Weijun Wang
weijun at openjdk.org
Fri Mar 7 19:20:55 UTC 2025
On Wed, 5 Mar 2025 20:20:10 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Hi,
>>
>> I need a review for the following change. Naming conventions for EdDSA and XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator. These internal changes help make it more consistent when parsing the actual curve being used vs the broader algorithm name.
>>
>> thanks
>>
>> Tony
>
> Anthony Scarpino has updated the pull request incrementally with one additional commit since the last revision:
>
> rename getNamedCurveFromKey
test/jdk/sun/security/util/AlgorithmConstraints/DisabledAlgorithmPermits.java line 86:
> 84: Arrays.asList(
> 85: new TestCase("EdDSA", false),
> 86: new TestCase("Ed25519", true),
Why should the above pass? If you disable `EdDSA` and you are still allowed `Signature.getInstance("Ed25519")`? If this is because it will reject whatever EdDSA key later? Why both check `CryptoPrimitive.SIGNATURE` at all?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1985568746
More information about the security-dev
mailing list