openjdk · wangweij · Mar 20, 2024 · May 17, 2024 · May 17, 2024 · Jun 4, 2024
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java b/src/java.base/share/classes/com/sun/crypto/provider/DHKEM.java
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/HPKE.java b/src/java.base/share/classes/com/sun/crypto/provider/HPKE.java
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -371,6 +371,8 @@ void putEntries() {
         ps("Cipher", "PBEWithHmacSHA512/256AndAES_256",
                 "com.sun.crypto.provider.PBES2Core$HmacSHA512_256AndAES_256");
 
+        ps("Cipher", "HPKE", "com.sun.crypto.provider.HPKE");
+
         /*
          * Key(pair) Generator engines
          */

diff --git a/src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java b/src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java
diff --git a/src/java.base/share/classes/javax/crypto/spec/snippet-files/PackageSnippets.java b/src/java.base/share/classes/javax/crypto/spec/snippet-files/PackageSnippets.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+import javax.crypto.Cipher;
+import javax.crypto.spec.HPKEParameterSpec;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.util.Arrays;
+import java.util.HexFormat;
+
+class PackageSnippets {
+    public static void main(String[] args) throws Exception {
+
+        // @start region="hpke-spec-example"
+        // Recipient key pair generation
+        KeyPairGenerator g = KeyPairGenerator.getInstance("X25519");
+        KeyPair kp = g.generateKeyPair();
+
+        // The HPKE sender cipher is initialized with the recipient's public
+        // key and an HPKEParameterSpec using specified algorithm identifiers
+        // and application-supplied info.
+        Cipher senderCipher = Cipher.getInstance("HPKE");
+        HPKEParameterSpec ps = HPKEParameterSpec.of(
+                        HPKEParameterSpec.KEM_DHKEM_X25519_HKDF_SHA256,
+                        HPKEParameterSpec.KDF_HKDF_SHA256,
+                        HPKEParameterSpec.AEAD_AES_128_GCM)
+                .withInfo(HexFormat.of().parseHex("010203040506"));
+        senderCipher.init(Cipher.ENCRYPT_MODE, kp.getPublic(), ps);
+
+        // Retrieve the key encapsulation message (from the KEM step) from
+        // the sender.
+        byte[] kemEncap = senderCipher.getIV();
+
+        // The HPKE recipient cipher is initialized with its own private key,
+        // an HPKEParameterSpec using the same algorithm identifiers as used by
+        // the sender, and the key encapsulation message from the sender.
+        Cipher recipientCipher = Cipher.getInstance("HPKE");
+        HPKEParameterSpec pr = HPKEParameterSpec.of(
+                        HPKEParameterSpec.KEM_DHKEM_X25519_HKDF_SHA256,
+                        HPKEParameterSpec.KDF_HKDF_SHA256,
+                        HPKEParameterSpec.AEAD_AES_128_GCM)
+                .withInfo(HexFormat.of().parseHex("010203040506"))
+                .withEncapsulation(kemEncap);
+        recipientCipher.init(Cipher.DECRYPT_MODE, kp.getPrivate(), pr);
+
+        // Encryption and decryption
+        byte[] msg = "Hello World".getBytes(StandardCharsets.UTF_8);
+        byte[] ct = senderCipher.doFinal(msg);
+        byte[] pt = recipientCipher.doFinal(ct);
+
+        assert Arrays.equals(msg, pt);
+        // @end
+    }
+}
diff --git a/src/java.base/share/classes/sun/security/util/SliceableSecretKey.java b/src/java.base/share/classes/sun/security/util/SliceableSecretKey.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package sun.security.util;
+
+import javax.crypto.SecretKey;
+
+/**
+ * An interface for <code>SecretKey</code>s that support using its slice as a new
+ * <code>SecretKey</code>.
+ * <p>
+ * This is mainly used by PKCS #11 implementations that support the
+ * EXTRACT_KEY_FROM_KEY mechanism even if the key itself is sensitive
+ * and non-extractable.
+ */
+public interface SliceableSecretKey {
+
+    /**
+     * Returns a slice as a new <code>SecretKey</code>.
+     *
+     * @param alg the new algorithm name
+     * @param from the byte offset of the new key in the full key
+     * @param to the to offset (exclusive) of the new key in the full key
+     * @return the new key
+     * @throws ArrayIndexOutOfBoundsException for improper <code>from</code>
+     *      and <code>to</code> values
+     * @throws UnsupportedOperationException if slicing is not supported
+     */
+    SecretKey slice(String alg, int from, int to);
+}