RFR: 8298127: HSS/LMS Signature Verification [v7]

Weijun Wang weijun at openjdk.org
Mon May 8 16:27:36 UTC 2023


On Mon, 8 May 2023 14:58:00 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:

>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC 8554. LMS is an approved software signing algorithm for CNSA 2.0, with SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Addressing more review comments from @wangweij and @seanjmullan

src/java.base/share/classes/sun/security/provider/HSS.java line 158:

> 156:             }
> 157:             return lmsPublicKey.isT1(tmpMsg, 22 + m);
> 158:         } catch (Exception e) {

Avoid using `catch (Exception e)` because that's too wide. In fact, here it seems the only checked exceptions that can be caught is `NoSuchAlgorithmException | DigestException`. I think we've agreed to throw `ProviderException` for them.

src/java.base/share/classes/sun/security/provider/HSS.java line 240:

> 238:         public final static int LMS_SHA256_M32_H20 = 8;
> 239:         public final static int LMS_SHA256_M32_H25 = 9;
> 240:         public final static int LMS_SHA256_M24_H5 = 10;

Shall we remove the SHA256_M24 and SHAKE constants at the moment?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187637375
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1187639689



More information about the security-dev mailing list