+core-libs-dev for additional API expertise.
On 7/25/2018 10:29 AM, Adam Petcher wrote:
The draft CSR[1] for the EdDSA API[2] is ready for review. Please take
a look and send me any feedback you may have. Here are a few
high-level notes to explain the API:
1) Where possible, this API is similar to the API for X25519/X448. To
get the complete background/motivation for the API design, you can
review the discussion[3] on this topic.
2) Similar to X25519/X448, private keys are byte arrays, and public
keys coordinates. Though we can't get by with a single BigInteger
coordinate for EdDSA, so I am using the new EdPoint class to hold the
coordinates.
3) EdDSA has multiple signature modes defined in the RFC[4], including
some that "prehash" the input before signing. The draft API uses the
EdDSAParameterSpec class to specify parameters of these modes. The
standard does not allow an arbitrary choice of prehash function, so
the API for EdDSA does not support algorithm names like
"SHA256withEdDSA".
[1] https://wiki.openjdk.java.net/display/csr/Main
[2] https://bugs.openjdk.java.net/browse/JDK-8190219
[3]
http://mail.openjdk.java.net/pipermail/security-dev/2017-September/016325.html
[4] https://tools.ietf.org/html/rfc8032
