RFR: 8298127: HSS/LMS Signature Verification [v17]

Ferenc Rakoczi duke at openjdk.org
Thu May 25 14:10:26 UTC 2023


On Wed, 24 May 2023 16:22:55 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Ferenc Rakoczi has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Removed dead code, accepted code style suggestions.
>
> src/java.base/share/classes/sun/security/provider/HSS.java line 58:
> 
>> 56: 
>> 57:     @Override
>> 58:     protected void engineInitSign(PrivateKey privateKey)
> 
> I think you should also override `engineInitSign(PrivateKey, SecureRandom)` even though the default impl. calls `engineInitSign(PrivateKey)`. It also assigns the `SecureRandom` to the protected `appRandom` field, which is probably best avoided.

Done.

> src/java.base/share/classes/sun/security/provider/HSS.java line 156:
> 
>> 154:             if ((inLen < (24 + m)) || (checkExactLength && (inLen != (24 + m))) ||
>> 155:                     !lmsParams.hasSameHash(lmotsParams)) {
>> 156:                 throw new InvalidKeyException("Wrong LMS public Key length");
> 
> s/Key/key/

Changed.

> src/java.base/share/classes/sun/security/provider/HSS.java line 664:
> 
>> 662:         protected PublicKey engineGeneratePublic(KeySpec keySpec)
>> 663:                 throws InvalidKeySpecException {
>> 664:             if (keySpec instanceof X509EncodedKeySpec) {
> 
> Can you also use `instanceof x` here and avoid the cast on line 666?

Done.

> src/java.base/share/classes/sun/security/provider/HSS.java line 700:
> 
>> 698:                     return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
>> 699:                 }
>> 700:                 throw new InvalidKeySpecException("keySpec is not an X509 one");
> 
> Suggest saying name of class: "keySpec is not an X509EncodedKeySpec"

Said.

> src/java.base/share/classes/sun/security/provider/HSS.java line 787:
> 
>> 785: 
>> 786:         @java.io.Serial
>> 787:         protected Object writeReplace() throws java.io.ObjectStreamException {
> 
> Make this `private` instead of `protected`. Also, add an overridden private `readObject` method that simply throws an exception, ex: 
> 
> `throw new InvalidObjectException("HSS public keys are not directly deserializable");
> `

Privatized writeReplaced() and added readObject().

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1205575050
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1205574950
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1205575467
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1205575343
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1205575158


More information about the security-dev mailing list