RFR: 8325448: Hybrid Public Key Encryption [v3]
Weijun Wang
weijun at openjdk.org
Thu Mar 13 14:42:04 UTC 2025
On Fri, 28 Feb 2025 19:32:52 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 101:
>>
>>> 99: @Override
>>> 100: protected AlgorithmParameters engineGetParameters() {
>>> 101: return null;
>>
>> In traditional JCE, wouldn't we return a representation of the `HPKEParameterSpec` which extends `AlgorithmParameters`?
>
> Usually I think `AlgorithmParameters` is used when parameters has a defined ASN.1 encoding starting with an algorithm identifier and ends with the parameters byte. In this case, I am not aware of one. We can consider adding it later if there is one.
I changed my mind. Even if there is no encoding, it's useful to retrieve the actual `HPKEParameterSpec` used by the cipher. This allows the caller to get `kem_id` and other info and pass them to the receiver. For example, [Encrypted ClientHello](https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-23#name-encrypted-clienthello-confi) requires these numbers to be put in a config block.
It's OK if `getEncoded` is not supported now. An `IOException` will be thrown.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r1993676885
More information about the security-dev
mailing list