RFR: 8349732: Add support for JARs signed with ML-DSA

Weijun Wang weijun at openjdk.org
Thu Jul 31 14:47:13 UTC 2025 

On Wed, 30 Jul 2025 18:48:07 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Add support for ML-DSA signing of JAR files.
> 
> Note: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-ml-dsa/ is not finalized.

Just some clarification.

src/java.base/share/classes/sun/security/pkcs/PKCS7.java line 546:

> 544:      * @exception NoSuchAlgorithmException on unrecognized algorithms.
> 545:      * @exception SignatureException on signature handling errors.
> 546:      */

Verify PKCS7 with an external certificate. This is useful for testing.

src/java.base/share/classes/sun/security/pkcs/PKCS7.java line 756:

> 754:      * @param internalsf whether the content should be included in output
> 755:      * @param directsign if the content is signed directly or through authattrs
> 756:      * @param digAlgID digest alg to use; derive from other arguments if null

Some signature algorithms can be used with different digest algorithms. This is useful for testing and allow future enhancements to allow user-specified digest algorithms.

src/java.base/share/classes/sun/security/pkcs/PKCS7.java line 788:

> 786:             if (digAlgName.equals("SHAKE256-LEN")) {
> 787:                 // We don't check the LEN here. Usually it is returned
> 788:                 // by SignatureUtil.getDigestAlgInPkcs7SignerInfo

The former "SHAKE256" is already a standard digest algorithm named "SHAKE256-512". No need to treat specially.

src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 587:

> 585:     public static String makeSigAlg(AlgorithmId digAlgId, AlgorithmId encAlgId) {
> 586:         String encAlg = encAlgId.getName();
> 587:         String keyAlg = SignatureUtil.extractKeyAlgFromDwithE(encAlg);

Move the "WITH" check and special treatment for RSA, DSA, and EC to be beginning, so there is no need to update this method when more future (modern) signature algorithms are introduced.

src/java.base/share/classes/sun/security/util/SignatureUtil.java line 250:

> 248:         } else if (kAlg.toUpperCase(Locale.ENGLISH).startsWith("ML-DSA")) {
> 249:             // https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-ml-dsa-06#name-signerinfo-content
> 250:             // Just use SHA-512

Future enhancement may allow user to specify the digest algorithm here.

-------------

PR Review: https://git.openjdk.org/jdk/pull/26563#pullrequestreview-3075415268
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2245383188
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2245391529
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2245395171
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2245399832
PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2245416541

More information about the security-dev mailing list