On Fri, 14 Feb 2025 18:44:38 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
> Hi,
>
> I need a review for the following change. Naming conventions for EdDSA and
> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
> These internal changes help make it more consistent when parsing the actual
> curve being used vs the broader algorithm name.
>
> thanks
>
> Tony
test/jdk/sun/security/util/AlgorithmConstraints/DisabledAlgorithmPermits.java
line 61:
> 59: case "Ed25519" ->
> 60: Arrays.asList(
> 61: new TestCase("EdDSA", false),
As Sean mentioned in another comment, disabling "Ed25519" does not imply all
EdDSA keys are not permitted. This means the result of `permits(primitives,
algorithmName, parameters)` cannot be determined. That said, I noticed you've
used `KeyUtil::getAlgorithm` in a lot of places. Can we guarantee that this
`permits` method is never called on a family algorithm name? If so, we can get
a definitive result.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1966138673
