RFR: 8298127: HSS/LMS Signature Verification [v17]
Sean Mullan
mullan at openjdk.org
Wed May 24 15:46:24 UTC 2023
On Thu, 18 May 2023 19:11:32 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC 8554. LMS is an approved software signing algorithm for CNSA 2.0, with SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
>
> Removed dead code, accepted code style suggestions.
src/java.base/share/classes/sun/security/provider/HSS.java line 664:
> 662: protected PublicKey engineGeneratePublic(KeySpec keySpec)
> 663: throws InvalidKeySpecException {
> 664: if (keySpec instanceof X509EncodedKeySpec) {
Can you also use `instanceof x` here and avoid the cast on line 666?
src/java.base/share/classes/sun/security/provider/HSS.java line 695:
> 693: throw new InvalidKeySpecException("key should not be null");
> 694: }
> 695: if (key.getFormat().equals("X.509") &&
Would it make sense to also check if `key` is an instance of `HSSPublicKey`?
src/java.base/share/classes/sun/security/provider/HSS.java line 700:
> 698: return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
> 699: }
> 700: throw new InvalidKeySpecException("keySpec is not an X509 one");
Suggest saying name of class: "keySpec is not an X509EncodedKeySpec"
src/java.base/share/classes/sun/security/provider/HSS.java line 787:
> 785:
> 786: @java.io.Serial
> 787: protected Object writeReplace() throws java.io.ObjectStreamException {
Make this `private` instead of `protected`. Also, add an overridden private `readObject` method that simply throws an exception, ex:
`throw new InvalidObjectException("HSS public keys are not directly deserializable");
`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204336773
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204361545
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204353785
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204415763
More information about the security-dev
mailing list