RFR JDK-8000415: Add support for SHA-3

Valerie Peng valerie.peng at oracle.com
Fri May 13 19:50:02 UTC 2016 

Sean,

I have added the values to the exception message as u suggested.
As for the test vectors, I already put them (some of them) in separate 
internal tests for SUN and OracleUcrypto provider respectively.
PKCS11 provider is not yet updated with the SHA-3 support, when it does, 
it will has its own test for covering the test vectors.
Also Amanda from SQE will cover quite some more test vectors in her putback.

Thanks,
Valerie

On 5/13/2016 9:00 AM, Seán Coffey wrote:
> Valerie,
>
> some comments on supportability of the new code. Some handling could 
> be improved to contain context perhaps :
>
> sun/security/provider/SHA3.java
> +        if (numOfPadding < 1) {
> +            throw new ProviderException("Incorrect pad size");
>
> Can we print the numOfPadding value ?
>
>
> +    private static long[][] bytes2Lanes(byte[] s) {
> +        if (s.length != WIDTH) {
> +            throw new ProviderException("Error: incorrect input size");
>
> can we print the relevant values of interest ?
>
> On the test front, are you planning to update these tests to cater for 
> the new SHA-3 algorithms ?
>
> ./pkcs11/MessageDigest/DigestKAT.java
> ./provider/MessageDigest/DigestKAT.java
>
> Regards,
> Sean.
>
> On 05/05/16 03:08, Valerie Peng wrote:
>> Hi,
>>
>> Can someone help reviewing the changes for SHA-3?
>>
>> The result has been validated against the NIST test vectors (for 
>> BYTE-ONLY impls, i.g. input which are multiples of bytes).
>> The feature complete date is coming up in a week or two. So, if this 
>> can be reviewed in a week or so, that'd be great.
>>
>> The changes for SUN providers are quite straight-forward, e.g. SHA-3 
>> digest impls based on FIPS PUB 202.
>> As for OracleUcrypto provider, Solaris SHA-3 support is through new 
>> libucrypto digest APIs (added in Solaris 12) instead of the libmd.
>> When running on Solaris 12, the new libucrypto APIs will be used. 
>> Otherwise, libmd will be used.
>> Changes for OracleUcrypto providers:
>> - add JNI code for the new libucrypto digest APIs
>> - code refactoring, e.g. move the libmd-related code to classes with 
>> MD suffix
>> - run-time mechanism number assignment (used to be hardcoded values)
>> - better error reporting
>>
>> RFE: https://bugs.openjdk.java.net/browse/JDK-8000415
>> Webrev: http://cr.openjdk.java.net/~valeriep/8000415/webrev.00/
>>
>> Thanks,
>> Valerie
>

More information about the security-dev mailing list