Code Review Request for 7196805: DH Key interoperability testing between SunJCE and JsafeJCE not successful
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Wed Jun 19 13:45:55 PDT 2013
I have updated the webrev to address your comments:
As for using JDK 8 default method feature, I think maybe it's better to
delay the adoption to a later release since it's easier for sustaining
to just grab current changes and apply to earlier releases.
Thanks for the review & please let me know if you have additional comments,
On 06/17/13 22:41, Wang Weijun wrote:
>> I will also apply the same change to P11DHPrivateKey/P11DHPublicKey then. Equality check using ASN.1 encoding is fine for non-DH algorithms but not for DH.
> I cannot read the source codes now, but is it possible to implement the equals method right in the base interface using the JDK 8 default method feature?
>>> For DHKeyPairGenerator.java, it looks like you don't want the first octet being zero. Is this related to this bug? Is that required in the "Handbook of Applied Cryptography" book? I understand it could be necessary for interop.
>> The change is for conforming to the description under section 7.1 "Private-value generation" of PKCS#3 DH Key Agreement Standard ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc , i.e.
>> An integer x, the private value, shall be generated
>> privately and randomly. This integer shall satisfy 0< x<
>> p-1, unless the central authority specifies a private-value
>> length l, in which case the integer shall satisfy 2^(l-1)<=
>> x< 2^l.
> Great. I think you can add a reference to pkcs3. The current wording seems to say it's suggested by the Handbook.
More information about the security-dev