RFR: 8298127: HSS/LMS Signature Verification

Weijun Wang weijun at openjdk.org
Thu Apr 27 23:06:31 UTC 2023 

On Thu, 27 Apr 2023 14:16:34 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:

> Implement support for Leighton-Micali Signatures (LMS) as described in RFC 8554. LMS is an approved software signing algorithm for CNSA 2.0, with SHA-256/192 parameters recommended.

src/java.base/share/classes/sun/security/provider/HSS.java line 43:

> 41: public class HSS extends SignatureSpi {
> 42:     private HSSPublicKey pubKey;
> 43:     private byte[] message;

How about using a `ByteArrayOutputStream` to store the message? Then we don't need to take care of memory management.

src/java.base/share/classes/sun/security/provider/HSS.java line 56:

> 54: 
> 55:     protected void engineInitSign(PrivateKey publicKey) {
> 56:         throw new UnsupportedOperationException();

Sean suggested we change this to throw an `InvalidKeyException`. Otherwise, we might need to update the `Signature` spec on this.

Also, `s/publicKey/privateKey/`.

src/java.base/share/classes/sun/security/provider/HSS.java line 66:

> 64:         if (!(publicKey instanceof HSSPublicKey pub)) {
> 65:             throw new InvalidKeyException("Not an HSS public key: ");
> 66:         }

If not, we can try translating it using our `KeyFactory`.

src/java.base/share/classes/sun/security/provider/HSS.java line 758:

> 756:             if (key instanceof HSSPublicKey) {
> 757:                 return key;
> 758:             }

We need to be able to translate other HSS/LMS public keys into our own type as long as the algorithm and format are OK.

You can try this out by duplicating your implementation with a different provider name in a different package.

src/java.base/share/classes/sun/security/provider/SunEntries.java line 190:

> 188: 
> 189:         add(p, "Signature", "HSS/LMS", "sun.security.provider.HSS");
> 190:         add(p, "KeyFactory", "HSS/LMS", "sun.security.provider.HSS$KeyFactoryImpl");

Use `addWithAlias` so we have OID has alias too. This is mentioned in the CSR. You can even add a test to ensure this.

src/java.base/share/classes/sun/security/x509/AlgorithmId.java line 651:

> 649: 
> 650:     public static final ObjectIdentifier hsslms_oid =
> 651:             ObjectIdentifier.of(KnownOIDs.HSSLMS);

You probably don't need to define this if it's not used anywhere.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1179500780
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1179508433
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1179497232
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1179496323
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1179503653
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1179520002

More information about the security-dev mailing list