[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-core-libs-dev
Subject:    Re: Please review EdDSA API
From:       Adam Petcher <adam.petcher () oracle ! com>
Date:       2018-07-25 15:07:53
Message-ID: 3801e4b5-8df4-6201-6d3f-6689fdb7f00d () oracle ! com
[Download RAW message or body]

+core-libs-dev for additional API expertise.


On 7/25/2018 10:29 AM, Adam Petcher wrote:
> The draft CSR[1] for the EdDSA API[2] is ready for review. Please take 
> a look and send me any feedback you may have. Here are a few 
> high-level notes to explain the API:
>
> 1) Where possible, this API is similar to the API for X25519/X448. To 
> get the complete background/motivation for the API design, you can 
> review the discussion[3] on this topic.
> 2) Similar to X25519/X448, private keys are byte arrays, and public 
> keys coordinates. Though we can't get by with a single BigInteger 
> coordinate for EdDSA, so I am using the new EdPoint class to hold the 
> coordinates.
> 3) EdDSA has multiple signature modes defined in the RFC[4], including 
> some that "prehash" the input before signing. The draft API uses the 
> EdDSAParameterSpec class to specify parameters of these modes. The 
> standard does not allow an arbitrary choice of prehash function, so 
> the API for EdDSA does not support algorithm names like 
> "SHA256withEdDSA".
>
> [1] https://wiki.openjdk.java.net/display/csr/Main
> [2] https://bugs.openjdk.java.net/browse/JDK-8190219
> [3] 
> http://mail.openjdk.java.net/pipermail/security-dev/2017-September/016325.html
> [4] https://tools.ietf.org/html/rfc8032
>

[prev in list] [next in list] [prev in thread] [next in thread]