RFR: 8325448: Hybrid Public Key Encryption [v44]

Anthony Scarpino ascarpino at openjdk.org
Fri Oct 3 20:30:03 UTC 2025 

On Tue, 16 Sep 2025 14:58:05 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>> <img alt="image" src="https://github.com/user-attachments/assets/df3b454d-2161-4036-9930-c4f84d887b31" />
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   more key checks; some small spec change

src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java line 31:

> 29: import java.io.Serial;
> 30: import java.math.BigInteger;
> 31: import java.security.AsymmetricKey;

Since your original putback used import java.security.* and others below, was it your intent to specify 11 java.security class instead of using a wildcard, or did the IDE do this?

src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 225:

> 223:     }
> 224: 
> 225:     //@Override

Do you need this comment here and the next method below?

src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 452:

> 450:         private static void checkMatch(boolean inSpec, AsymmetricKey k, int kem_id)
> 451:                 throws InvalidKeyException, InvalidAlgorithmParameterException {
> 452:             var p = k.getParams();

nit: It looks like you could have used a `switch (k.params())` here.

src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 499:

> 497:                     DHKEM.I2OSP(params.kdf_id(), 2),
> 498:                     DHKEM.I2OSP(params.aead_id(), 2));
> 499:             kdfAlg = switch (params.kdf_id()) {

I think it would be more efficient to have one switch that sets both values instead of two identical switches to set each.  Similar to what you did in `AEAD()`.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2395233573
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2402601153
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2402807458
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2402688988

More information about the security-dev mailing list