RFR: 8314323: TLS 1.3 Hybrid Key Exchange [v2]
Hai-May Chao
hchao at openjdk.org
Sun Oct 5 12:27:26 UTC 2025
On Fri, 3 Oct 2025 17:10:01 GMT, Bernd <duke at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Updates with review comments
>
> src/java.base/share/classes/com/sun/crypto/provider/DH.java line 224:
>
>> 222: } else if (k instanceof XECKey xkey
>> 223: && xkey.getParams() instanceof NamedParameterSpec ns) {
>> 224: if (ns.getName().equalsIgnoreCase("X25519")) {
>
> Maybe use NamedParameterSpec.X25519?
Updated.
> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 218:
>
>> 216: PredefinedDHParameterSpecs.ffdheParams.get(8192)),
>> 217:
>> 218: ML_KEM_512(0x0200, "MLKEM512",
>
> Are they needed for this Jep?
We added ML-KEM NamedGroups with null AlgorithmParameterSpec, and they won’t appear as negotiable named groups. They were added to support debug display and recognition of MLKEM named groups when used in the key share, so we can see them in debug and know if they are used. It'd help for interop debugging/testing.
> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 653:
>
>> 651: NAMED_GROUP_XDH("XDH", XDHScheme.instance),
>> 652:
>> 653: NAMED_GROUP_KEM("PQC", KEMScheme.instance),
>
> That Choice of Name needs probably an explaining comment if it is for pure PQC and/ormhybrid?
Comment added.
> src/java.base/share/classes/sun/security/util/Hybrid.java line 290:
>
>> 288: private static byte[] concat(byte[]... inputs) {
>> 289: ByteArrayOutputStream o = new ByteArrayOutputStream();
>> 290: Arrays.stream(inputs).forEach(o::writeBytes);
>
> Do we really want a non presized buffer and a stream in the handshake hot path?
Updated to use presized buffer.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2404458870
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2404459083
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2404459100
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2404459855
More information about the security-dev
mailing list