JDK-8172680 : Support SHA-3 based Hmac algorithms
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2017-01-12
  • Updated: 2020-12-04
  • Resolved: 2020-04-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 15
15 b19Fixed
Related Reports
CSR :  
JDK-8241325 - Enhance SunJCE provider to support SHA-3 based Hmac algorithms
Relates :  
JDK-8257734 - Extraneous output in HmacSHA3_512 constructor
Sub Tasks
JDK-8241326 :  
Release Note: SunJCE Provider Supports SHA-3 Based Hmac Algorithms - Closed
JDK-8241328 :  
Need to update security providers guide for SunJCE provider for new support - Resolved
Description
Enhance default JDK providers with SHA-3 based MACs such as HmacSHA3-256, etc.
Comments
URL: https://hg.openjdk.java.net/jdk/jdk/rev/2cd3a8f8be61 User: valeriep Date: 2020-04-14 22:32:29 +0000
14-04-2020
Adjusting due date per CSR status...
31-03-2020
The proposed changes included KAT test vectors to existing Hmac regression tests already. I will double check other Hmac regression tests and update them to test Hmac SHA-3 also if applicable. Thanks for the suggestion.
24-03-2020
To summarize, this RFE will enhance SunJCE provider w/ - KeyGenerator and MAC impls for HmacSHA3-x algorithms - oid aliases and KeyGenerator impls for HmacSHA512/224 and HmacSHA512/256 algorithms (MAC impls are already done under JDK-8051408 )
19-03-2020
Per feedback from Michael StJohns, OASIS PKCS11 is working on updating to include SHA-3: https://github.com/oasis-tcs/pkcs11/blob/master/working/identifier_db/sha3.result
19-03-2020
It seems that SunMSCAPI provider does not provide any HMAC implementation. So, will not cover SunMSCAPI provider under this RFE.
17-03-2020
PKCS11 v2.40 does not include any algorithms with SHA-3 family of digest, so no changes needed for SunPKCS11 provider (yet).
17-03-2020
Due to Solaris support being removed, OracleUcrypto provider will not be covered for this RFE.
16-03-2020
NIST defined SHA3 relevant algorithm oids here: https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
26-09-2019
Add Hmac w/ SHA-3 digests to SunJCE provider and check for native support for SunPKCS11, OracleUcrypto, SunMSCAPI providers.
25-01-2017