8347938: Switch to latest ML-KEM private key encoding

[wangweij]

The private key encoding formats of ML-KEM and ML-DSA are updated to match the latest IERTF drafts at: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-dilithium-certificates-06 and https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-certificates-07. Most importantly, the seed used to generate a key pair is now stored in the private key.

Both the seed and the expanded format are stored inside a NamedPKCS8Key now. When loading from a PKCS #8 key that contains the seed, both fields will be filled. If the PKCS #8 encoding only contains the expanded key (which does not conform to the current drafts but might have been created earlier), the expanded key will be read and used in KEM and signature operations.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change requires CSR request JDK-8349163 to be approved
• Change requires CSR request JDK-8349164 to be approved

Issues

• JDK-8347938: Switch to latest ML-KEM private key encoding (Bug - P2)
• JDK-8347941: Switch to latest ML-DSA private key encoding (Bug - P2)
• JDK-8349164: Switch to latest ML-DSA private key encoding (CSR)
• JDK-8349163: Switch to latest ML-KEM private key encoding (CSR)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/23376/head:pull/23376
$ git checkout pull/23376

Update a local copy of the PR:
$ git checkout pull/23376
$ git pull https://git.openjdk.org/jdk.git pull/23376/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 23376

View PR using the GUI difftool:
$ git pr show -t 23376

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/23376.diff

Using Webrev

Link to Webrev Comment

[wangweij]

/issue add JDK-8347941

[bridgekeeper]

👋 Welcome back weijun! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@wangweij
Adding additional issue to issue list: 8347941: Switch to latest ML-DSA private key encoding.

[openjdk]

@wangweij The following labels will be automatically applied to this pull request:

• core-libs
• hotspot-runtime
• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

[wangweij]

/label remove core-libs
/label remove hotspot-runtime

[openjdk]

@wangweij
The core-libs label was successfully removed.

[openjdk]

@wangweij
The hotspot-runtime label was successfully removed.

[mlbridge]

Webrevs

• 05: Full - Incremental (d4e19614)
• 04: Full - Incremental (77deb7ce)
• 03: Full - Incremental (2568238d)
• 02: Full - Incremental (b24065d0)
• 01: Full - Incremental (4ce726b5)
• 00: Full (cab4fc16)

[wangweij]

A new commit has been pushed. The most significant change is renaming alt to transformed, along with extensive comment updates and some minor behavior modifications:

1. Added support for JDK 24 private key encodings, i.e. transformed format wrapped in an OCTET STRING.
2. Fixed a bug in NamedPKCS8Key::getTransformed, which no longer compares lengths.
3. Fixed a bug in ML_DSA_Impls::seedToTransformed, ensuring sk is cleaned up in a finally block.
4. NamedKeyFactory::implTransform now has a default implementation, assuming encoding and computations use the same format. While this is not the case for ML-KEM and ML-DSA, it serves as a reasonable default.

[bridgekeeper]

@wangweij This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@wangweij This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.