<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>On 12/21/2017 3:10 PM, Bernd Eckenfels wrote:<br>
</p>
<blockquote type="cite"
cite="mid:5a3c151c.14121c0a.a2b60.f6f1@mx.google.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"DejaVu Sans";
panose-1:2 11 6 3 3 8 4 2 2 4;}
@font-face
{font-family:"DejaVu Sans Mono";
panose-1:2 11 6 9 3 8 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
code
{mso-style-priority:99;
font-family:"Courier New";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1424766266;
mso-list-type:hybrid;
mso-list-template-ids:1124511696 67567617 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1950237536;
mso-list-type:hybrid;
mso-list-template-ids:-93155230 -1 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"DejaVu Sans Mono";
mso-fareast-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style>
<div class="WordSection1">
<p class="MsoNormal">Hello and Yeah!</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Some minor questions (maybe not relevant
for the JEP but the Api):</p>
</div>
</blockquote>
<br>
Good timing. We will be finalizing the API next.<br>
<br>
<blockquote type="cite"
cite="mid:5a3c151c.14121c0a.a2b60.f6f1@mx.google.com">
<div class="WordSection1">
<p class="MsoNormal"><o:p> </o:p></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph"
style="color:black;margin-left:0cm;mso-list:l0 level1 lfo2"><span
style="color:windowtext">would </span><span
style="font-size:10.0pt;font-family:"DejaVu
Sans",sans-serif"> </span><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono"">XDHPublicKeySpec then also be used for EdDSA
and if so, is it really the proper Name?</span></code></li>
</ul>
</div>
</blockquote>
<br>
No. EdDSA keys use a different representation, so they will have
different classes and interfaces in order to minimize the risk of
misinterpretation. <br>
<br>
But the more general form of your question is still valid. We should
consider the possibility that these keys may used for things other
than Diffie-Hellman in the future (e.g. XEdDSA [1]). In that case, a
more general name may be appropriate (e.g. XPublicKeySpec,
XECPublicKeySpec). I like the idea of having different types for
different uses---this reduces the risk of accidentally using
signature keys in Diffie-Hellman, for instance. But I understand
that this may be limiting, and adding new types to the API may not
be practical. I'm not sure what the right balance is here, and I'm
definitely open to suggestions. If anyone has an opinion on what
these types should be named, and how general they should be, please
share. <br>
<br>
[1] <a class="moz-txt-link-freetext" href="https://signal.org/docs/specifications/xeddsa/">https://signal.org/docs/specifications/xeddsa/</a><br>
<br>
<blockquote type="cite"
cite="mid:5a3c151c.14121c0a.a2b60.f6f1@mx.google.com">
<div class="WordSection1">
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph"
style="color:black;margin-left:0cm;mso-list:l0 level1 lfo2"><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono""><o:p></o:p></span></code><br>
</li>
<li class="MsoListParagraph"
style="color:black;margin-left:0cm;mso-list:l0 level1 lfo2"><span
style="color:windowtext">For the </span><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono"">XDHPublicKeySpec(paramSpec, u)<o:p></o:p></span></code></li>
<ul style="margin-top:0cm" type="circle">
<li class="MsoListParagraph"
style="color:black;margin-left:0cm;mso-list:l0 level2
lfo2"><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono"">do you plan also a `byte[32] u`Version and</span></code></li>
</ul>
</ul>
</div>
</blockquote>
<br>
<br>
We had a discussion earlier on how to represent keys (using either
byte[] or BigInteger). If you haven't done so already, you may want
to review that discussion[2]. If you have a preference on which
representation we should use, now is the time to share it.<br>
<br>
I wasn't planning on adding a constructor that takes a byte[]. I
think we could do it, but it would be somewhat complicated because
the parameter spec doesn't have all the information required to
convert the byte[] to a BigInteger. It is missing the number of bits
used in the key. We could also pass that information to the
constructor, but then you have the problem that it may not agree
with the parameter spec. Still, this may be a reasonable thing to
add if people think it is worthwhile. Another option is to add
utility methods that convert u-coordinates between byte[] and
BigInteger.<br>
<br>
[2]
<a class="moz-txt-link-freetext" href="http://mail.openjdk.java.net/pipermail/security-dev/2017-August/016227.html">http://mail.openjdk.java.net/pipermail/security-dev/2017-August/016227.html</a><br>
<br>
<blockquote type="cite"
cite="mid:5a3c151c.14121c0a.a2b60.f6f1@mx.google.com">
<div class="WordSection1">
<ul style="margin-top:0cm" type="disc">
<ul style="margin-top:0cm" type="circle">
<li class="MsoListParagraph"
style="color:black;margin-left:0cm;mso-list:l0 level2
lfo2"><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono""><o:p></o:p></span></code></li>
<li class="MsoListParagraph"
style="color:black;margin-left:0cm;mso-list:l0 level2
lfo2"><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono"">do you require to clamp the secret key in
this construct beforehand. (If not is there an
accessor to get the clamped key?)</span></code></li>
</ul>
</ul>
</div>
</blockquote>
<br>
For public keys, the client (starting from a byte[]) must clear the
unused bits and then convert to a BigInteger that is passed to the
constructor. For private keys, the spec holds unclamped values. So
the client does not need to clamp before passing the array to the
constructor. The implementation must clamp the private key value
returned by XDHPrivateKeySpec.getScalar() before using it for key
agreement. <br>
<br>
Adding a method that returns the clamped key is difficult because
the spec doesn't have all the information necessary to do the
clamping. I could add a clamping method that takes the required
parameters (the number of bits in the key and the log of the
cofactor), but I don't know if the spec is the best place for this.
It seems like it would be more appropriate to add it to some utility
class that can be used by XDH implementations, but I don't know if a
suitable place exists. As usual, I'm open to suggestions. <br>
<br>
<br>
<blockquote type="cite"
cite="mid:5a3c151c.14121c0a.a2b60.f6f1@mx.google.com">
<div class="WordSection1">
<ul style="margin-top:0cm" type="disc">
<ul style="margin-top:0cm" type="circle">
<li class="MsoListParagraph"
style="color:black;margin-left:0cm;mso-list:l0 level2
lfo2"><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono""><o:p></o:p></span></code></li>
</ul>
</ul>
<div>
<p class="MsoNormal"><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono";color:black"><o:p> </o:p></span></code></p>
<p class="MsoNormal"><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono";color:black">Gruss<o:p></o:p></span></code></p>
<p class="MsoNormal"><code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono";color:black">Bernd</span></code><span
style="font-size:10.0pt;font-family:"DejaVu Sans
Mono";color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal">-- <br>
<a class="moz-txt-link-freetext" href="http://bernd.eckenfels.net">http://bernd.eckenfels.net</a></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div
style="mso-element:para-border-div;border:none;border-top:solid
#E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="border:none;padding:0cm"><b>Von: </b><a
href="mailto:mark.reinhold@oracle.com"
moz-do-not-send="true">mark.reinhold@oracle.com</a><br>
<b>Gesendet: </b>Donnerstag, 21. Dezember 2017 20:50<br>
<b>An: </b><a href="mailto:adam.petcher@oracle.com"
moz-do-not-send="true">adam.petcher@oracle.com</a><br>
<b>Cc: </b><a href="mailto:security-dev@openjdk.java.net"
moz-do-not-send="true">security-dev@openjdk.java.net</a><br>
<b>Betreff: </b>JEP 324: Key Agreement with Curve25519 and
Curve448</p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">New JEP Candidate:
<a class="moz-txt-link-freetext" href="http://openjdk.java.net/jeps/324">http://openjdk.java.net/jeps/324</a></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">- Mark</p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>