Code review request, 7106773: 512 bits RSA key cannot work withSHA384 and SHA512

Xuelei Fan xuelei.fan at oracle.com
Wed Jan 11 10:02:20 UTC 2012


On 1/11/2012 5:50 PM, Weijun Wang wrote:
> Hi Andrew
> 
> Take a brief look at the webrev. Looks like this Lengthable thing is the
> only change after your previous webrev. Please confirm.
> 
Yes.

> But I want something bigger. I would like to know if it is possible to
> add this keysize() method deep down into the very basic Key interface.
> If Key can have a method called getEncoded() I think this means it
> normally has a concrete form and surely has a publicly acceptable
> keysize() attribute. In JDK 8 we have default implementation for new
> interface methods. Is this issue a good candidate?
> 
As Key is an java interface, we may not be able to add one more method
for compatibility reason. We may export the "Lengthable"/"Measurable"
interface in JDK 8. It's possible to implement Lengthable in all
sub-classes of Key in Oracle provider, but as would involve too many
changes. As we need to backport this fix into JDK 7, I think we'd better
consider the big picture in the future.

> At least, in KeyLength::getKeySize(), I would like to see "if (key
> instanceof Lengthable)" to be the first check, and, if possible, the
> only one needed, at least for keys from providers built in JDK.
> 
It's OK to check it at first. But as we also need to support other
providers, I think we'd better also check other types of instance.

Thanks,
Xuelei

> Thanks
> Max
> 
> 
> On 01/11/2012 08:57 AM, Xuelei Fan wrote:
>> "Measurable" looks like a better name. I will update the name in the
>> next webrev after this round of code review:
>>
>> webrev: http://cr.openjdk.java.net/~xuelei/7106773/webrev.04/
>>
>> Thanks,
>> Xuelei
>>
>> On 1/10/2012 11:47 PM, Vincent Ryan wrote:
>>> On 01/10/12 03:19 PM, Xuelei Fan wrote:
>>>> On 1/10/2012 11:09 PM, Weijun Wang wrote:
>>>>> It's late night and I'll read it tomorrow. But can you choose another
>>>>> word instead of Lengthable? Length is not a verb.
>>>>>
>>>> ;-) The name took me a lot of time, searching by google, dictionary, and
>>>> any possible English translation. I have to agree that I failed to find
>>>> a suitable name. I tried hardly to persuade myself that "lengthable" is
>>>> also used by someother application code, so it might not too bad to use
>>>> it here.
>>>>
>>>> With the word "lengthable", I want to express that the length is
>>>> measurable. Any suggestion for the better one?
>>>>
>>>
>>> Measurable ;-)
>>>
>>>
>>>> Thanks,
>>>> Xuelei
>>>>
>>>>> Max
>>>>> ------------------------------------------------------------------------
>>>>> 发件人: Xuelei Fan
>>>>> 发送时间: 2012/1/10 22:51
>>>>> 收件人: Weijun Wang
>>>>> 抄送: OpenJDK
>>>>> 主题: Re: Code review request, 7106773: 512 bits RSA key cannot work
>>>>> withSHA384 and SHA512
>>>>>
>>>>> It has been around 50 days passed since the last day we talked about the
>>>>> issue. Hope you can recall it from the deep memory. ;-)
>>>>>
>>>>> webrev: http://javaweb.us.oracle.com/~xufan/bugbios/7106773/webrev.04/
>>>>>
>>>>> In this update, as we agreed, a new Oracle private interface was
>>>>> introduced: sun.security.util.Lengthable, and Lengthable.length() is
>>>>> defined to get the length an object. sun.security.pkcs11.P11Key and
>>>>> sun.security.mscapi.Key will implements the interface. As will easy and
>>>>> speedup (comparing with reflection approach) the getting of key length
>>>>> of those unextractable keys in hardware device.
>>>>>
>>>>> In the webrev, I should also include another two signed jars,
>>>>> sunpkcs11.jar and sunmscapi.jar. I will include them when I get the
>>>>> official signed jars.
>>>>>
>>>>> Thanks,
>>>>> Xuelei
>>>>>
>>>>> On 11/22/2011 8:41 AM, Weijun Wang wrote:
>>>>>> I really like this one.
>>>>>>
>>>>>> Thanks
>>>>>> Max
>>>>>>
>>>>>> On 11/21/2011 08:05 PM, Xuelei Fan wrote:
>>>>>>>>>   How about this approach? This looks very safe.
>>>>>>>>>
>>>>>>> I also prefer this approach, although it need more updates in PKCS11 and
>>>>>>> MSCPI source code. If you vote for this approach, I will try to
>>>>>>> implement it.
>>>>>>>
>>>>>
>>>>
>>>
>>




More information about the security-dev mailing list