RFR: 8298127: HSS/LMS Signature Verification [v10]
Sean Mullan
mullan at openjdk.org
Thu May 11 16:36:48 UTC 2023
On Thu, 11 May 2023 09:36:17 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC 8554. LMS is an approved software signing algorithm for CNSA 2.0, with SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
>
> Reintroduced Length for HSSPublicKey, added more @Override annotations
src/java.base/share/classes/sun/security/provider/HSS.java line 39:
> 37: /*
> 38: * This class implements the Hierarchical Signature System using the
> 39: * Leighton-Micali Signatures (LMS) as described in RFC 8554 and NIST Special publication 800-208
Nit: add period at end of sentence.
src/java.base/share/classes/sun/security/provider/HSS.java line 719:
> 717:
> 718: @java.io.Serial
> 719: protected Object writeReplace() throws java.io.ObjectStreamException {
I think the serialized form of an HSSPublicKey should also be specified in the CSR since this Key is returned from a standard API. I think you can add a simple sentence such as:
"The Keys returned by an "HSS/LMS" `KeyFactory` are `Serializable` and use `java.security.KeyRep` as its serialized representation."
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1191420316
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1191436386
More information about the security-dev
mailing list