Re: RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v9]

Mon, 01 Dec 2025 12:50:27 -0800 

On Mon, 24 Nov 2025 07:51:40 GMT, Hai-May Chao <[email protected]> wrote:

>> Implement hybrid key exchange support for TLS 1.3 by adding three 
>> post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and 
>> SecP384r1MLKEM1024.
>> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this 
>> change.
>
> Hai-May Chao has updated the pull request incrementally with three additional 
> commits since the last revision:
> 
>  - Update names to uppercase
>  - Remove fallback in engineGeneratePublic
>  - Change default named group list to have only X25519MLKEM768

src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java line 54:

> 52:     private final PublicKey peerPublicKey;
> 53:     private final byte[] keyshare;
> 54:     private final java.security.Provider provider;

Add `java.security.Provider` to imports.

src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java line 162:

> 160:      * to encapsulate a shared secret and returns the encapsulated 
> message.
> 161:      */
> 162:     public KEM.Encapsulated encapsulate(String algorithm)

Can this be package-private?

src/java.base/share/classes/sun/security/util/Hybrid.java line 55:

> 53: import java.util.Locale;
> 54: 
> 55: public class Hybrid {

Add a few comments describing this class.

src/java.base/share/classes/sun/security/util/Hybrid.java line 60:

> 58:         @Override
> 59:         public String getAlgorithm() {
> 60:             return "Hybrid";

Should we just return "Generic" here to align with the KEM spec?

src/java.base/share/classes/sun/security/util/Hybrid.java line 430:

> 428:         @Override
> 429:         public byte[] getEncoded() {
> 430:             return new byte[0];

Should return `null` instead (according to `Key.getEncoded` spec).

src/java.base/share/classes/sun/security/util/Hybrid.java line 444:

> 442:     }
> 443: 
> 444:     public static final NamedParameterSpec X25519_MLKEM768 =

Move these constants to the top of the class so they are more prominent.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2578565565
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2578581181
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2577981590
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2578538775
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2578037823
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2578026970

Reply via email to