On Fri, 21 Feb 2025 20:25:59 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Hi, >> >> I need a review for the following change. Naming conventions for EdDSA and >> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator. >> These internal changes help make it more consistent when parsing the actual >> curve being used vs the broader algorithm name. >> >> thanks >> >> Tony > > src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java > line 78: > >> 76: private static List<String> aliasEd25519 = null; >> 77: private static List<String> aliasXDH = null; >> 78: private static List<String> aliasX25519 = null; > > I am a little suspicious in this approach. At least this means for each > "family" algorithm name like "EdDSA", we need to hardcode all its parameter > set names here. Sounds not very sustainable. > > An EdDSA key always has its `getAlgorithm` being "EdDSA" (at least inside > SunEC) and its `getParams()` being the parameter set name. So it looks like > it's enough if we do a name comparison on both. > > Also, why no `aliasEd448` and `aliasX448` here? I have to give more thought on checking the algorithm and the `getParams()` against the list. That may eliminate the need for the hardcoded list.. As to why 448 curves didn't need an alias, there is no other way to specify those curves other than their given name, like mentioned with the KPG/Ed25519 example in my comment to Sean ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1966173549
