Code Review Request for 7196805: DH Key interoperability testing between SunJCE and JsafeJCE not successful

Valerie (Yu-Ching) Peng valerie.peng at
Tue Jun 25 15:51:24 PDT 2013

It's covered by SQE interoperability tests.
In terms of regression tests, I think we should not put any 3rd party 
provider-related stuff.
I can add a regression test to make sure that optional component doesn't 
affect the equals check if you see value in doing this kind of test.

On 06/24/13 21:20, Weijun Wang wrote:
> Code change looks fine. No regression test?
> --Max
> On 6/20/13 4:45 AM, Valerie (Yu-Ching) Peng wrote:
>> I have updated the webrev to address your comments:
>> As for using JDK 8 default method feature, I think maybe it's better to
>> delay the adoption to a later release since it's easier for sustaining
>> to just grab current changes and apply to earlier releases.
>> Thanks for the review & please let me know if you have additional 
>> comments,
>> Valerie
>> On 06/17/13 22:41, Wang Weijun wrote:
>>>> I will also apply the same change to P11DHPrivateKey/P11DHPublicKey
>>>> then. Equality check using ASN.1 encoding is fine for non-DH
>>>> algorithms but not for DH.
>>> I cannot read the source codes now, but is it possible to implement
>>> the equals method right in the base interface using the JDK 8 default
>>> method feature?
>>>>> For, it looks like you don't want the first
>>>>> octet being zero. Is this related to this bug? Is that required in
>>>>> the "Handbook of Applied Cryptography" book? I understand it could
>>>>> be necessary for interop.
>>>> The change is for conforming to the description under section 7.1
>>>> "Private-value generation" of PKCS#3 DH Key Agreement Standard
>>>> , i.e.
>>>> An integer x, the private value, shall be generated
>>>> privately and randomly. This integer shall satisfy 0<   x<
>>>> p-1, unless the central authority specifies a private-value
>>>> length l, in which case the integer shall satisfy 2^(l-1)<=
>>>> x<   2^l.
>>> Great. I think you can add a reference to pkcs3. The current wording
>>> seems to say it's suggested by the Handbook.
>>> Thanks
>>> Max

More information about the security-dev mailing list