Start of changes for service refresh 6 fix pack 10

XEC curves for ECDH key agreement

XEC curves are supported for elliptic curve Diffie-Hellman (ECDH) key agreement.

Available curves

The following curves are supported.

Note: These curves are not yet NIST-approved and therefore are not part the IBMJCEPlusFIPS provider.

Elliptic curves as specified in RFC 7748

X25519
X448

Key pair generation and key agreement

The IBMJCEPlus provider supports these curves through the KeyPairGeneration and KeyAgreement APIs.

Key pair generation is achieved as usual, except that you must specify the algorithm parameter (the NamedParamaterSpec object) after the getInstance call, not before it. Here is an example of how to create a key pair for the X448 curve:

NamedParameterSpec nps = new NamedParameterSpec("X448");
KeyPairGenerator kpg = KeyPairGenerator.getInstance("XDH", "IBMJCEPlus");
kpg.initialize(nps);
KeyPair keyPair = kpg.generateKeyPair();

(XDH is a high-level alias for services, such as KeyGeneration, KeyFactory, and KeyAgreement, that are related to these curves, as defined in JEP 324: Key Agreement with Curve25519 and Curve448.)

Key agreement is also achieved as usual; the only difference is the algorithm that you specify in the getInstance call. Here is an example of a getInstance call for using these curves:

KeyAgreement keyAgree = KeyAgreement.getInstance(XDH, providerName);

End of changes for service refresh 6 fix pack 10