RFR: 8199697: FIPS 186-4 RSA Key Generation [v2]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Tue Oct 20 22:24:17 UTC 2020


On Mon, 12 Oct 2020 22:05:32 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Could someone please help review this RFE? Update existing RSA key pair generation code following the guidelines from
>> FIPS 186-4 and FIPS 186-5 (draft). Current proposed changes updates the prime generation code (for P, Q) based on FIPS
>> 186-4 B.3.3 when keysize and public exponent met the requirements set in FIPS 186-4/5.  Thanks,
>> Valerie
>
> Valerie Peng has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev
> excludes the unrelated changes brought in by the merge/rebase. The pull request contains two additional commits since
> the last revision:
>  - Merge branch 'master' into JDK-8199697
>  - 8199697: FIPS 186-4 RSA Key Generation
>    
>    Changed RSA key pair generation code following the guidelines from FIPS 186-4.

test/jdk/sun/security/rsa/SpecTest.java line 33:

> 31:  * @run main SpecTest 768
> 32:  * @run main SpecTest 1024
> 33:  * @run main SpecTest 1024 65537

65537 is the default public exponent (see the main() method).  So, the two test case is the same:
 * @run main SpecTest 1024
 * @run main SpecTest 1024 65537

Maybe, we can keep the test case for F0, and add a new public exponent number like 167971.

src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java line 200:

> 198:                 if (kp != null) {
> 199:                     return kp;
> 200:                 }

The  logic may be more clear if moving the checking of n and key generation out of the loop for q, by regenerate both p
and q if needed.

-------------

PR: https://git.openjdk.java.net/jdk/pull/420



More information about the security-dev mailing list