8347938: Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings

[rm-gh-8]

Backporting JDK-8347938: Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings.

This PR updates ML-KEM and ML-DSA private key encodings to comply with draft-ietf-lamps-kyber-certificates-11 and RFC 9881, which define private keys as a DER-encoded ASN.1 CHOICE of three formats (seed, expandedKey, or both), replacing the JDK 24 implementation that only supported the FIPS 203/204 expanded format.

This PR is not clean because it skips JDK-8349732, which introduces behavioral changes which will require a new CSR. A new file ("test/lib/jdk/test/lib/security/RepositoryFileReader.java") was added in this PR from the skipped commit, and conflicts were resolved on "test/jdk/sun/security/provider/acvp/Launcher.java".

For parity with Oracle JDK.

Ran related tests on macos-aarch64 (with kyber certificates repo) :

~/github/jtreg/build/images/jtreg/bin/jtreg -jdk build/macosx-aarch64-server-release/images/jdk -Djdk.tests.repos.pattern="file:///Users/$USER/repos/lamps-wg/%n/%e" test/jdk/sun/security/provider

Results:

test result: Passed. Execution successful

PrivateKeyEncodings.jtr.txt

summary.txt (all tests)

Ran related tests on linux-x64, linux-aarch64, macos-aarch64 and windows-x64 (no kyber certificates repo):

make test TEST=test/jdk/sun/security/provider
make test TEST=test/jdk/javax/crypto/KEM

Results attached:

windows-x64-specific-test.log
windows-x64-specific-2-test.log
macos-aarch64-specific-test.log
macos-aarch64-specific-2-test.log
linux-x64-specific-test.log
linux-x64-specific-2-test.log
linux-aarch64-specific-test.log
linux-aarch64-specific-2-test.log

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change requires CSR request JDK-8349163 to be approved
• JDK-8347938 needs maintainer approval

Issues

• JDK-8347938: Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings (Bug - P2 - Approved)
• JDK-8349163: Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings (CSR)

Reviewers

• Paul Hohensee (@phohensee - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk25u-dev.git pull/446/head:pull/446
$ git checkout pull/446

Update a local copy of the PR:
$ git checkout pull/446
$ git pull https://git.openjdk.org/jdk25u-dev.git pull/446/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 446

View PR using the GUI difftool:
$ git pr show -t 446

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk25u-dev/pull/446.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back rmesde! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@rm-gh-8 This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8347938: Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings

Reviewed-by: phh

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 4 new commits pushed to the master branch:

• c5b2de2: 8359433: The final modifier on Windows L&F internal UI classes prevents extending them in apps
• 44dc109: 8378878: Refactor java/nio/channels/AsynchronousSocketChannel test to use JUnit
• 7705b59: 8372851: Modify java/io/File/GetXSpace.java to print path on failure of native call
• ... and 1 more: https://git.openjdk.org/jdk25u-dev/compare/2dcae678a36c58aa3a03faf09c04405a49ec62ad...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

This backport pull request has now been updated with issue from the original commit.

[mlbridge]

Webrevs

• 00: Full (ddf4faea)

[phohensee]

Looks ok. Might be worth backporting JDK-8349732, even though it has a CSR, which looks like a pure addition.

[openjdk]

⚠️ @rm-gh-8 This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.

[rm-gh-8]

@phohensee I'll ask for maintainer approval and will act based on their feedback.

[rm-gh-8]

/approval request for backport of JDK-8347938: Add Support for the Latest ML-KEM and ML-DSA Private Key Encodings.

For parity with Oracle JDK.

Medium risk — this changes the default private key encoding from expanded to seed format. Existing serialized keys in expanded format will still be readable (all three CHOICE formats are supported on input), but newly generated keys will encode differently by default. In addition, the NamedKeyFactory becoming abstract is a source-breaking change for any external subclasses.

[openjdk]

@rm-gh-8
8347938: The approval request has been created successfully.