RFR: 8199697: FIPS 186-4 RSA Key Generation [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Tue Oct 20 22:24:17 UTC 2020
On Mon, 12 Oct 2020 22:05:32 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Could someone please help review this RFE? Update existing RSA key pair generation code following the guidelines from
>> FIPS 186-4 and FIPS 186-5 (draft). Current proposed changes updates the prime generation code (for P, Q) based on FIPS
>> 186-4 B.3.3 when keysize and public exponent met the requirements set in FIPS 186-4/5. Thanks,
>> Valerie
>
> Valerie Peng has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev
> excludes the unrelated changes brought in by the merge/rebase. The pull request contains two additional commits since
> the last revision:
> - Merge branch 'master' into JDK-8199697
> - 8199697: FIPS 186-4 RSA Key Generation
>
> Changed RSA key pair generation code following the guidelines from FIPS 186-4.
test/jdk/sun/security/rsa/SpecTest.java line 33:
> 31: * @run main SpecTest 768
> 32: * @run main SpecTest 1024
> 33: * @run main SpecTest 1024 65537
65537 is the default public exponent (see the main() method). So, the two test case is the same:
* @run main SpecTest 1024
* @run main SpecTest 1024 65537
Maybe, we can keep the test case for F0, and add a new public exponent number like 167971.
src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java line 200:
> 198: if (kp != null) {
> 199: return kp;
> 200: }
The logic may be more clear if moving the checking of n and key generation out of the loop for q, by regenerate both p
and q if needed.
-------------
PR: https://git.openjdk.java.net/jdk/pull/420
More information about the security-dev
mailing list