Code review request, 7106773: 512 bits RSA key cannot work withSHA384 and SHA512

Weijun Wang weijun.wang at oracle.com
Wed Jan 11 01:50:53 PST 2012


Hi Andrew

Take a brief look at the webrev. Looks like this Lengthable thing is the
only change after your previous webrev. Please confirm.

But I want something bigger. I would like to know if it is possible to
add this keysize() method deep down into the very basic Key interface.
If Key can have a method called getEncoded() I think this means it
normally has a concrete form and surely has a publicly acceptable
keysize() attribute. In JDK 8 we have default implementation for new
interface methods. Is this issue a good candidate?

At least, in KeyLength::getKeySize(), I would like to see "if (key
instanceof Lengthable)" to be the first check, and, if possible, the
only one needed, at least for keys from providers built in JDK.

Thanks
Max


On 01/11/2012 08:57 AM, Xuelei Fan wrote:
> "Measurable" looks like a better name. I will update the name in the
> next webrev after this round of code review:
> 
> webrev: http://cr.openjdk.java.net/~xuelei/7106773/webrev.04/
> 
> Thanks,
> Xuelei
> 
> On 1/10/2012 11:47 PM, Vincent Ryan wrote:
>> On 01/10/12 03:19 PM, Xuelei Fan wrote:
>>> On 1/10/2012 11:09 PM, Weijun Wang wrote:
>>>> It's late night and I'll read it tomorrow. But can you choose another
>>>> word instead of Lengthable? Length is not a verb.
>>>>
>>> ;-) The name took me a lot of time, searching by google, dictionary, and
>>> any possible English translation. I have to agree that I failed to find
>>> a suitable name. I tried hardly to persuade myself that "lengthable" is
>>> also used by someother application code, so it might not too bad to use
>>> it here.
>>>
>>> With the word "lengthable", I want to express that the length is
>>> measurable. Any suggestion for the better one?
>>>
>>
>> Measurable ;-)
>>
>>
>>> Thanks,
>>> Xuelei
>>>
>>>> Max
>>>> ------------------------------------------------------------------------
>>>> ·¢¼þÈË: Xuelei Fan
>>>> ·¢ËÍʱ¼ä: 2012/1/10 22:51
>>>> ÊÕ¼þÈË: Weijun Wang
>>>> ³­ËÍ: OpenJDK
>>>> Ö÷Ìâ: Re: Code review request, 7106773: 512 bits RSA key cannot work
>>>> withSHA384 and SHA512
>>>>
>>>> It has been around 50 days passed since the last day we talked about the
>>>> issue. Hope you can recall it from the deep memory. ;-)
>>>>
>>>> webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7106773/webrev.04/
>>>>
>>>> In this update, as we agreed, a new Oracle private interface was
>>>> introduced: sun.security.util.Lengthable, and Lengthable.length() is
>>>> defined to get the length an object. sun.security.pkcs11.P11Key and
>>>> sun.security.mscapi.Key will implements the interface. As will easy and
>>>> speedup (comparing with reflection approach) the getting of key length
>>>> of those unextractable keys in hardware device.
>>>>
>>>> In the webrev, I should also include another two signed jars,
>>>> sunpkcs11.jar and sunmscapi.jar. I will include them when I get the
>>>> official signed jars.
>>>>
>>>> Thanks,
>>>> Xuelei
>>>>
>>>> On 11/22/2011 8:41 AM, Weijun Wang wrote:
>>>>> I really like this one.
>>>>>
>>>>> Thanks
>>>>> Max
>>>>>
>>>>> On 11/21/2011 08:05 PM, Xuelei Fan wrote:
>>>>>>>>   How about this approach? This looks very safe.
>>>>>>>>
>>>>>> I also prefer this approach, although it need more updates in PKCS11 and
>>>>>> MSCPI source code. If you vote for this approach, I will try to
>>>>>> implement it.
>>>>>>
>>>>
>>>
>>
> 



More information about the security-dev mailing list