RFR: 8325448: Hybrid Public Key Encryption [v46]
Anthony Scarpino
ascarpino at openjdk.org
Fri Nov 7 19:58:14 UTC 2025
On Wed, 5 Nov 2025 18:27:51 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>> <img alt="image" src="https://github.com/user-attachments/assets/df3b454d-2161-4036-9930-c4f84d887b31" />
>
> Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 62 commits:
>
> - merge
> - Merge branch 'master' into 8325448
> - Tony's comment
> - more key checks; some small spec change
> - Merge branch 'master' into 8325448
> - about transformation
> - cannot reset with withMethods
> - algorithm identifier
> - withMethods
> - duplicated "value" words
> - ... and 52 more: https://git.openjdk.org/jdk/compare/cf45e09c...b5112151
src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 137:
> 135: throws InvalidKeyException, InvalidAlgorithmParameterException {
> 136: impl = new Impl(opmode);
> 137: if (!(key instanceof AsymmetricKey ak)) {
Is a null check needed for `key` and `params`? It appears Cipher leaves that to the SPI to accept or reject.
src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 318:
> 316: }
> 317:
> 318: SecretKey ExportKey(String algorithm, byte[] exporter_context, int L) {
Why are the methods in this class capitalized?
src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 540:
> 538: // thw builder are just byte arrays. Any KDF impl can handle this.
> 539: var kdf = KDF.getInstance(kdfAlg);
> 540: var key_schedule_context = concat(new byte[]{(byte) mode},
Is `key_sechedule_context` worth zero'ing?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2495870196
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2496532422
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2496764265
More information about the security-dev
mailing list