RFR: 8298127: HSS/LMS Signature Verification [v8]

Weijun Wang weijun at openjdk.org
Tue May 9 14:06:34 UTC 2023


On Tue, 9 May 2023 12:45:27 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:

>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC 8554. LMS is an approved software signing algorithm for CNSA 2.0, with SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
> 
>   agreeing with the newest review comments

src/java.base/share/classes/sun/security/provider/HSS.java line 114:

> 112:         }
> 113: 
> 114:         public LMSPublicKey(byte[] keyArray, int offset, boolean checkExactLength) throws InvalidKeyException {

Two methods are still public.

src/java.base/share/classes/sun/security/provider/HSS.java line 255:

> 253:         final int otSigType;
> 254:         final LMOTSParams lmotsParams;
> 255:         final int n;

`n` and `p` can be private.

src/java.base/share/classes/sun/security/provider/HSS.java line 291:

> 289: 
> 290:     static class LMSParams {
> 291:         final int type;

`type` is actually used nowhere.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1188651785
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1188648524
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1188652844



More information about the security-dev mailing list