Re: RFR: 8297878: KEM: Implementation

Thu, 13 Apr 2023 12:04:25 -0700 

On Thu, 13 Apr 2023 17:54:22 GMT, Weijun Wang <wei...@openjdk.org> wrote:

> Currently, `provider()` is a method of `KEM.Encapsulator`. If `KEMSpi. 
> newEncapsulator` also returns this interface, then what value should its 
> `provider()` method return? This is what I meant registering itself to a 
> provider.
> 
> When I said different instances, I was asking
> 
> ```
> var k = KEM.getInstance("DHKEM", p);
> var e = k.newEncapsulator(pk);
> // now, is p == e.provider()?
> ```
> 
> Or, are you suggesting we should define `provider()` somewhere else? It's 
> possible, but I have difficulty making every class immutable.

If the provider() method in KEM.Encapsulator is the only reason, the cost to 
support it may be too high with so many duplicated/similar specifications/names 
and code.

Option 1: Remove the KEM.Encapsulator.provider() method, and provide no access 
to the underlying provider object.

>  do you expect it to return new SunJCE()? This means the p in 
> getInstance("DHKEM", p) will be a different instance from the value returned 
> by getProvider(). 

The Provider class is mutable, we may not want to change the provider object 
asked for "DHKEM".  I think you have used a solution to pass the provider 
object in the KEM.java implementation currently.  Maybe, it could be twitted a 
little bit so that the provider can be passed to a delegated KM.Encapsulator 
interface implementation.

Option 2:

public final class KEM {
    interface Encapsulator {
        ...
        KEM.Encapsulated encapsulate(...);
        ...
        
        default Provider provider() {
            return null;
        }
    }
    
    private static class DelegatedEncapsulator implements Encapsulator {
        private final Provider p;
        private DelegatedEncapsulator(Encapsulator e, Provider p) {
            this.p = p;
            ...
        } 
        public Provider provider() {
            return this.p;
        }
    }

    ...
          KEMSpi spi = (KEMSpi) service.newInstance(null);
          return new DelegatedEncapsulator(
                       spi.engineNewEncapsulator(pk, spec, secureRandom),  // 
This is the interface implementation, use the same provider as KEM.
                service.getProvider());    // This is the provider passed to 
the delegated KEM.Encapsulator object.
    ...
}

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13256#discussion_r1165920458

Reply via email to