RFR: 8325448: Hybrid Public Key Encryption [v10]
Sean Mullan
mullan at openjdk.org
Thu Mar 13 20:18:00 UTC 2025
On Thu, 13 Mar 2025 20:04:13 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 195:
>>
>>> 193: * <a href="https://www.rfc-editor.org/rfc/rfc9180.html#name-key-encapsulation-mechanism">Section 7.1 of RFC 9180</a>.
>>> 194: */
>>> 195: public static final int KEM_DHKEM_P_256_HKDF_SHA256 = 0x10;
>>
>> Do we really need `KEM_` at the beginning? Seems redundant since `DHKEM` has "KEM" in it. Same comment for the KDF constants.
>
> I was hoping that IDE auto-completion would eliminate the need to type the full name. Adding `KEM` at the beginning could amend the type-unsafety of current algorithm identifiers -- it somehow prevents putting a KDF id as the first argument of an `of` call accidentally. Maybe that is just my wishful thinking?
>
> Also, there will be KEM names like "X_WING" in the future.
>
> I've also thought about defining `enum`s for the three types of algorithm identifiers to finally solve the type-unsafety issue. However, I hesitate to add them since it's such a think layer and users who need it can easily create their own.
Makes sense. Copy and paste is easy enough as well.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r1994242648
More information about the security-dev
mailing list