On Fri, 21 Feb 2025 19:15:21 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Hi,
>>
>> I need a review for the following change. Naming conventions for EdDSA and
>> XDH have inconsistencies between DisabledAlgorithms and KeyPairGenerator.
>> These internal changes help make it more consistent when parsing the actual
>> curve being used vs the broader algorithm name.
>>
>> thanks
>>
>> Tony
>
> src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
> line 95:
>
>> 93: case "Ed25519" -> {
>> 94: if (aliasEd25519 == null) {
>> 95: aliasEd25519 = List.of("EdDSA", "Ed25519");
>
> Hmm. Should disabling Ed25519 also disable EdDSA? I can see the reverse, but
> isn't Ed25519 meant to be a specific curve for EdDSA?
This is complicated by `KeyPairGenerator.getInstance("EdDSA")` returning an
Ed25519 key
If someone were to check permits() with "EdDSA" the above code recognizes that
"Ed25519" on the disabled algorithm list overlaps with "EdDSA". This is the
first test in the test coded included in the PR.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23647#discussion_r1966171536
