RFR: 8298127: HSS/LMS Signature Verification [v7]

Sean Mullan mullan at openjdk.org
Mon May 8 16:19:34 UTC 2023


On Mon, 8 May 2023 14:58:00 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:

>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC 8554. LMS is an approved software signing algorithm for CNSA 2.0, with SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Addressing more review comments from @wangweij and @seanjmullan

src/java.base/share/classes/sun/security/provider/HSS.java line 99:

> 97:             result &= lmsVerify(lmsPubKey, sig.siglist[sig.Nspk], messageStream.toByteArray());
> 98:             return result;
> 99:         } catch (Exception e) {

Do we need this `catch`? I think only `SignatureException` can be thrown inside the `try` block.

src/java.base/share/classes/sun/security/provider/HSS.java line 172:

> 170:         private final byte[] T1;
> 171: 
> 172:         public static LMSPublicKey of(byte[] keyArray) throws InvalidKeyException {

The methods of `LMSPublicKey` can be package-private.

src/java.base/share/classes/sun/security/provider/HSS.java line 383:

> 381:         final byte[] sigArr;
> 382: 
> 383:         public LMSignature(byte[] sigArray, int offset, boolean checkExactLen) throws SignatureException {

The methods of `LMSignature` can be package-private.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187628502
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187624026
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187624515


More information about the security-dev mailing list