RFR: 8298127: HSS/LMS Signature Verification [v5]

Weijun Wang weijun at openjdk.org
Thu May 4 21:57:19 UTC 2023


On Tue, 2 May 2023 21:43:19 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:

>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC 8554. LMS is an approved software signing algorithm for CNSA 2.0, with SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
> 
>   adding key translation, finally block, removing 24-byte LMOTS parameters

One more comment on exceptions.

src/java.base/share/classes/sun/security/provider/HSS.java line 467:

> 465:             qArr = Arrays.copyOfRange(sigArray, offset, offset + 4);
> 466:             sigOtsType = LMSUtils.fourBytesToInt(sigArray, offset + 4);
> 467:             LMOTSParams lmotsParams = LMOTSParams.of(sigOtsType);

Catch `IllegalArgumentException` here and rethrow a `SignatureException`. Same on line 482.

-------------

PR Review: https://git.openjdk.org/jdk/pull/13691#pullrequestreview-1413972348
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1185552104



More information about the security-dev mailing list