[15] RFR 8172680: Support SHA-3 based Hmac algorithms
Valerie Peng
valerie.peng at oracle.com
Thu Mar 19 21:27:51 UTC 2020
Hi Mike,
Thanks for heads up. From what I can gather, SHA3 inclusion is part of
PKCS#11 v3. Is this the next release which you are referring to? Or will
there be an update to v2.40? Is there any schedule info for these
update/release do you know?
Following the convention, we normally don't add something which the
underlying library has no support yet. With the new 6-month JDK release
cycle, it's much faster for the added functionality to be available. So,
I'd still prefer to update SunPKCS11 provider with SHA-3 once they are
officially included.
Valerie
On 3/18/2020 4:07 PM, Michael StJohns wrote:
> On 3/18/2020 6:57 PM, Valerie Peng wrote:
>>
>> Anyone has time to help review this straight forward RFE? It's to add
>> SHA-3 support to Hmac.
>>
>> RFE: https://bugs.openjdk.java.net/browse/JDK-8172680
>>
>> Webrev: http://cr.openjdk.java.net/~valeriep/8172680/webrev.00/
>>
>> Mach5 run is clean.
>>
>> Thanks,
>> Valerie
>
> Valerie -
>
> I know the RFE says no PKCS11 because 2.40 doesn't include those
> items, but OASIS PKCS11 has proposed SHA3 identifiers at
> https://github.com/oasis-tcs/pkcs11/blob/master/working/identifier_db/sha3.result
> - maybe reach out and ask if these have been allocated pending the
> next release?
>
> Mike
>
>
> #define CKM_SHA3_256 0x000002b0UL
> #define CKM_SHA3_256_HMAC 0x000002b1UL
> #define CKM_SHA3_256_HMAC_GENERAL 0x000002b2UL
> #define CKM_SHA3_224 0x000002b5UL
> #define CKM_SHA3_224_HMAC 0x000002b6UL
> #define CKM_SHA3_224_HMAC_GENERAL 0x000002b7UL
> #define CKM_SHA3_384 0x000002c0UL
> #define CKM_SHA3_384_HMAC 0x000002c1UL
> #define CKM_SHA3_384_HMAC_GENERAL 0x000002c2UL
> #define CKM_SHA3_512 0x000002d0UL
> #define CKM_SHA3_512_HMAC 0x000002d1UL
> #define CKM_SHA3_512_HMAC_GENERAL 0x000002d2UL
>
>
More information about the security-dev
mailing list