[15] RFR 8172680: Support SHA-3 based Hmac algorithms

Valerie Peng valerie.peng at oracle.com
Thu Mar 19 21:27:51 UTC 2020

Hi Mike,

Thanks for heads up. From what I can gather, SHA3 inclusion is part of 
PKCS#11 v3. Is this the next release which you are referring to? Or will 
there be an update to v2.40? Is there any schedule info for these 
update/release do you know?

Following the convention, we normally don't add something which the 
underlying library has no support yet. With the new 6-month JDK release 
cycle, it's much faster for the added functionality to be available. So, 
I'd still prefer to update SunPKCS11 provider with SHA-3 once they are 
officially included.


On 3/18/2020 4:07 PM, Michael StJohns wrote:
> On 3/18/2020 6:57 PM, Valerie Peng wrote:
>> Anyone has time to help review this straight forward RFE? It's to add 
>> SHA-3 support to Hmac.
>> RFE: https://bugs.openjdk.java.net/browse/JDK-8172680
>> Webrev: http://cr.openjdk.java.net/~valeriep/8172680/webrev.00/
>> Mach5 run is clean.
>> Thanks,
>> Valerie
> Valerie -
> I know the RFE says no PKCS11 because 2.40 doesn't include those 
> items, but OASIS PKCS11 has proposed  SHA3 identifiers at 
> https://github.com/oasis-tcs/pkcs11/blob/master/working/identifier_db/sha3.result 
> - maybe reach out and ask if these have been allocated pending the 
> next release?
> Mike
> #define CKM_SHA3_256              0x000002b0UL
>  #define CKM_SHA3_256_HMAC         0x000002b1UL
>  #define CKM_SHA3_256_HMAC_GENERAL 0x000002b2UL
>  #define CKM_SHA3_224              0x000002b5UL
>  #define CKM_SHA3_224_HMAC         0x000002b6UL
>  #define CKM_SHA3_224_HMAC_GENERAL 0x000002b7UL
>  #define CKM_SHA3_384              0x000002c0UL
>  #define CKM_SHA3_384_HMAC         0x000002c1UL
>  #define CKM_SHA3_384_HMAC_GENERAL 0x000002c2UL
>  #define CKM_SHA3_512              0x000002d0UL
>  #define CKM_SHA3_512_HMAC         0x000002d1UL
>  #define CKM_SHA3_512_HMAC_GENERAL 0x000002d2UL

More information about the security-dev mailing list