RFR: 8325448: Hybrid Public Key Encryption [v43]

Anthony Scarpino ascarpino at openjdk.org
Fri Sep 12 21:14:34 UTC 2025 

On Wed, 10 Sep 2025 23:03:49 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/.
>> <img alt="image" src="https://github.com/user-attachments/assets/366a9f3e-375a-48fb-8ee6-95cabcfeccc8" />
>
> Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 58 commits:
> 
>  - Merge branch 'master' into 8325448
>  - about transformation
>  - cannot reset with withMethods
>  - algorithm identifier
>  - withMethods
>  - duplicated "value" words
>  - receiver to recipient; different to specified
>  - use different exception type
>  - more spec change
>  - address Sean's comments
>  - ... and 48 more: https://git.openjdk.org/jdk/compare/7fcce270...1ec31cf5

src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 154:

> 152:     /**
> 153:      * KEM algorithm identifier for DHKEM(P-256, HKDF-SHA256) as defined in
> 154:      * <a href="https://www.rfc-editor.org/rfc/rfc9180.html#name-key-encapsulation-mechanism">Section 7.1 of RFC 9180</a>.

Suggestion:  It has been my impression that `@spec` was for things like this.  Might it be cleaner to remove the "as defined in <link>" and just list the RFC in an `@spec`?   It also seems overkill to refer to the RFC sections for each entry as you mention that the id's are in in Section 7 in the class javadoc.

src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 286:

> 284:      * @throws IllegalArgumentException if {@code info} is empty.
> 285:      */
> 286:     public HPKEParameterSpec withInfo(byte[] info) {

After reading your example at the class javadoc level, it left me with the impression that `withInfo()` would be used with `String`.  Does it make sense to have a `withInfo(String)` method?  Or maybe the example less String-specific?

src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 317:

> 315:             throw new IllegalArgumentException("psk_id is empty");
> 316:         }
> 317:         if ("RAW".equalsIgnoreCase(psk.getFormat())) {

What happens if the format is not RAW?  Is that allowed or should it be an IAE?
If `psk` is an  16 byte AES Secret key is that checked somewhere or at all relevant?

src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 352:

> 350:      * authentication key value.
> 351:      * <p>
> 352:      * Note: this method does not check whether the KEM supports

"the KEM supports" sounds awkward to me.  Do you mean non-DHKEM or the KEM provider implementation?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2345198777
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2345243742
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2345408266
PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r2345423554

More information about the security-dev mailing list