RFR: 8298127: HSS/LMS Signature Verification [v5]
Weijun Wang
weijun at openjdk.org
Mon May 8 16:19:38 UTC 2023
On Mon, 8 May 2023 13:32:38 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/provider/HSS.java line 823:
>>
>>> 821: index += siglist[i].sigArrayLength();
>>> 822: pubList[i] = new LMSPublicKey(sigArr, index, false);
>>> 823: if (!pubList[i].getDigestAlgorithm().equals(pubKeyHashAlg)) {
>>
>> Comparing hash algorithm is not enough. Length (`m`) should also be compared.
>
> Compared.
How about we create a dedicated method for this `hasSameHash(LMParams, LMParams)`? Looks like the `getDigestAlgorithm` methods on lines 228 and 699 have no more other usages.
We can also create a new `hasSameHash(LMOTSParams, LMParams)` for the check in `new LMSPublicKey`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187628910
More information about the security-dev
mailing list