Re: Code Review Request: TLS 1.3 Implementation

Wed, 20 Jun 2018 09:59:13 -0700 

On 6/19/2018 7:07 PM, Valerie Peng wrote:

Hi Xuelei,


<src/java.base/share/classes/sun/security/ssl/SSLCredentials.java>
<src/java.base/share/classes/sun/security/ssl/SSLPossessionGenerator.java>
<src/java.base/share/classes/sun/security/ssl/SSLPossession.java>
<src/java.base/share/classes/sun/security/ssl/SSLKeyDerivationGenerator.java> 
These look fine.

<src/java.base/share/classes/sun/security/ssl/SSLKeyAgreement.java>
- kind of strange to see SSLKeyAgreement extends SSLKeyAgreementGenerator... Normally, the naming convention implies one generates the other.
The name should be more like SSLKeyAgreementKeyDerivationGenerator. It is too long, so I used a short one, SSLKeyAgreementGenerator. But yes, it is confusing. Maybe, SSLKAKDGenerator?
<src/java.base/share/classes/sun/security/ssl/SSLKeyAgreementGenerator.java> - same method name as in SSLKeyDerivationGenerator. I assume that this is intentional as both are meant to derive keys, but with different parameters?
Yes. SSLKeyAgreementGenerator is used for key agreement key generation for public keys (DHE/ECDHE/RSA). While SSLKeyDerivationGenerator is used for secret key derivation with shared secrets (with an additional 'secretKey' parameter). Two classes are defined just in case the two different functions are mixed. 

Xuelei


Still have a few more left to review.
Valerie

On 5/25/2018 4:45 PM, Xuelei Fan wrote:

Hi,
I'd like to invite you to review the TLS 1.3 implementation.  I appreciate it if I could have compatibility and specification feedback before May 31, 2018, and implementation feedback before June 7, 2018. 

Here is the webrev:
    http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
The formal TLS 1.3 specification is not finalized yet, although it had been approved to be a standard.  The implementation is based on the draft version 28: 
    https://tools.ietf.org/html/draft-ietf-tls-tls13-28

For the overall description of this enhancement, please refer to JEP 332:
    http://openjdk.java.net/jeps/332
For the compatibility and specification update, please refer to CSR 8202625: 
    https://bugs.openjdk.java.net/browse/JDK-8202625
Note that we are using the sandbox for the development right now. For more information, please refer to Bradford's previous email: 

http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html

Thanks & Regards,
Xuelei

Reply via email to