Re: RFR: 8189441: Define algorithm names for keys derived from KeyAgreement [v12]

Wed, 08 Jan 2025 09:57:22 -0800 

On Tue, 7 Jan 2025 19:55:34 GMT, Weijun Wang <wei...@openjdk.org> wrote:

>> Allow `Generic` as an algorithm in the `KeyAgreement::generateSecret(alg)` 
>> method.
>
> Weijun Wang has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   address Sean's comments

A few more minor comments.

src/java.base/share/classes/javax/crypto/KeyAgreement.java line 675:

> 673:      *      regardless of whether the key is extractable. If {@code 
> algorithm}
> 674:      *      is specified as "Generic" and it is supported by the 
> implementation,
> 675:      *      the full shared secret will be returned.

s/will be/is/

src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java line 221:

> 219:      *      regardless of whether the key is extractable. If {@code 
> algorithm}
> 220:      *      is specified as "Generic" and it is supported by the 
> implementation,
> 221:      *      the full shared secret will be returned.

s/will be/is/

src/java.base/share/classes/sun/security/ec/XDHKeyAgreement.java line 214:

> 212:         if (!KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm)) {
> 213:             throw new NoSuchAlgorithmException(
> 214:                     "Unsupported secret key algorithm " + algorithm);

Might be clearer to add a `:` after algorithm, also more consistent with 
DHKeyAgreement.

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java 
line 273:

> 271:         if (KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm)) {
> 272:             // For now, only perform native derivation for 
> TlsPremasterSecret
> 273:             // as that is required for FIPS compliance and Generic for 
> KDF.

Suggest breaking into two sentences: "For now, only perform native derivation 
for TlsPremasterSecret and Generic algorithms. TlsPremasterSecret is required 
for FIPS compliance and Generic is required for input to KDF."

-------------

PR Review: https://git.openjdk.org/jdk/pull/22650#pullrequestreview-2537785380
PR Review Comment: https://git.openjdk.org/jdk/pull/22650#discussion_r1907571511
PR Review Comment: https://git.openjdk.org/jdk/pull/22650#discussion_r1907571698
PR Review Comment: https://git.openjdk.org/jdk/pull/22650#discussion_r1907558770
PR Review Comment: https://git.openjdk.org/jdk/pull/22650#discussion_r1907564666

Reply via email to