RFR: 8298127: HSS/LMS Signature Verification [v16]

Andrey Turbanov aturbanov at openjdk.org
Thu May 18 16:12:12 UTC 2023


On Wed, 17 May 2023 20:01:26 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:

>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC 8554. LMS is an approved software signing algorithm for CNSA 2.0, with SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
> 
>   More input checks.

src/java.base/share/classes/sun/security/provider/HSS.java line 191:

> 189: 
> 190:     static class LMSUtils {
> 191:         final static int LMS_RESERVED = 0;

use blessed modifiers order
Suggestion:

        static final int LMS_RESERVED = 0;

src/java.base/share/classes/sun/security/provider/HSS.java line 216:

> 214:         final static int LMOTS_SHA256_N32_W2 = 2;
> 215:         final static int LMOTS_SHA256_N32_W4 = 3;
> 216:         final static int LMOTS_SHA256_N32_W8 = 4;

Suggestion:

        static final int LMOTS_RESERVED = 0;
        static final int LMOTS_SHA256_N32_W1 = 1;
        static final int LMOTS_SHA256_N32_W2 = 2;
        static final int LMOTS_SHA256_N32_W4 = 3;
        static final int LMOTS_SHA256_N32_W8 = 4;

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1198008506
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1198009083



More information about the security-dev mailing list