On Thu, 13 Apr 2023 02:51:28 GMT, Xue-Lei Andrew Fan <[email protected]> wrote:
>> If the interface is only in `KEM`, then it needs a `provider()` method, but
>> an implementation actually does not know what the provider is. An
>> implementation can be registered in any (or even multiple) providers.
>
>> If the interface is only in `KEM`, then it needs a `provider()` method, but
>> an implementation actually does not know what the provider is.
>
> With "implementation", do you mean the javax/crypto/KEPSpi.java or
> src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java?
>
> If it is refer to KEPSpi.java, why KEPSpi.java need to know what the provider
> is? Is it sufficient to use engineNewEncapsulator() to get the provider
> implementation?
>
> If it is refer to DHKEM.java, I did not get the idea why the provider is
> unknown.
>
>> An implementation can be registered in any (or even multiple) providers.
>
> I did not get the idea. Why it is not registered in SunJCE?
>
> I think you may have evaluated the following idea, but I'm not why it is not
> work. I may missed something. Would you mind explain in more details?
>
>
> public final class KEM {
> interface Encapsulator {
> ...
> KEM.Encapsulated encapsulate(...);
> ...
> }
>
> public static KEM getInstance(String algorithm) {
> ...
> }
>
> // Search for the registered providers, return the 1st non-null
> provider.newEncapsulator() or throw exception.
> public Encapsulator newEncapsulator(PublicKey pk,
> AlgorithmParameterSpec spec, SecureRandom secureRandom)
> ...
> }
> }
>
> public interface KEMSpi {
> // A provider implementation will implement the KEM.Encapsulator
> // interface internally. If a provider does not support the parameters,
> // null or nil object will be returned.
> public KEM.Encapsulator newEncapsulator(PublicKey pk,
> AlgorithmParameterSpec spec, SecureRandom secureRandom);
> }
>
> Use case:
> KEM.getInstance(DHKEM).newEncapsulator(...);
`DHKEM.java` is the implementation, and it does not know which provider it will
be put into. It's inside the provider that calls `putService` or `put` to add
an implementation there, not that the implementation registered itself in a
provider.
If `getProvider()` is implemented inside the implementation, then it can only
be attached to one provider. Also, do you expect it to return `new SunJCE()`?
This means the `p` in `getInstance("DHKEM", p)` will be a different instance
from the value returned by `getProvider()`. There is no specification talking
about if the instances must be the same or not, but it's probably not a good
idea to have 2 objects for the same provider.
In fact, I can create a new provider and simply call `putService` to add
existing implementations (that were already provided by other providers) inside
it, and I can `getInstance` from this provider and its `getProvider()` returns
this provider.
For this reason, the base `Encapsulator` interface cannot be defined inside
`KEM`. As I said earlier, it can be defined inside `KEMSpi` and then we add an
extra `provider()` method to its implementation in `KEM`. I just don't think
this is worth doing.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13256#discussion_r1165815968
