RFR: 8298127: HSS/LMS Signature Verification [v2]
Ferenc Rakoczi
duke at openjdk.org
Fri Apr 28 11:37:24 UTC 2023
On Thu, 27 Apr 2023 17:43:02 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
>>
>> review comments addressed
>
> src/java.base/share/classes/sun/security/provider/HSS.java line 43:
>
>> 41: public class HSS extends SignatureSpi {
>> 42: private HSSPublicKey pubKey;
>> 43: private byte[] message;
>
> How about using a `ByteArrayOutputStream` to store the message? Then we don't need to take care of memory management.
Done.
> src/java.base/share/classes/sun/security/provider/HSS.java line 56:
>
>> 54:
>> 55: protected void engineInitSign(PrivateKey publicKey) {
>> 56: throw new UnsupportedOperationException();
>
> Sean suggested we change this to throw an `InvalidKeyException`. Otherwise, we might need to update the `Signature` spec on this.
>
> Also, `s/publicKey/privateKey/`.
Done.
> src/java.base/share/classes/sun/security/provider/SunEntries.java line 190:
>
>> 188:
>> 189: add(p, "Signature", "HSS/LMS", "sun.security.provider.HSS");
>> 190: add(p, "KeyFactory", "HSS/LMS", "sun.security.provider.HSS$KeyFactoryImpl");
>
> Use `addWithAlias` so we have OID has alias too. This is mentioned in the CSR. You can even add a test to ensure this.
Done.
> src/java.base/share/classes/sun/security/x509/AlgorithmId.java line 651:
>
>> 649:
>> 650: public static final ObjectIdentifier hsslms_oid =
>> 651: ObjectIdentifier.of(KnownOIDs.HSSLMS);
>
> You probably don't need to define this if it's not used anywhere.
I need it now, with the addWithAlias() change.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1180274992
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1180275120
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1180275054
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1180275220
More information about the security-dev
mailing list