JDK-8172680 : Support SHA-3 based Hmac algorithms
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2017-01-12
  • Updated: 2020-12-04
  • Resolved: 2020-04-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 15
15 b19Fixed
Related Reports
CSR :  
Relates :  
Sub Tasks
JDK-8241326 :  
JDK-8241328 :  
Enhance default JDK providers with SHA-3 based MACs such as HmacSHA3-256, etc.
URL: https://hg.openjdk.java.net/jdk/jdk/rev/2cd3a8f8be61 User: valeriep Date: 2020-04-14 22:32:29 +0000

Adjusting due date per CSR status...

The proposed changes included KAT test vectors to existing Hmac regression tests already. I will double check other Hmac regression tests and update them to test Hmac SHA-3 also if applicable. Thanks for the suggestion.

To summarize, this RFE will enhance SunJCE provider w/ - KeyGenerator and MAC impls for HmacSHA3-x algorithms - oid aliases and KeyGenerator impls for HmacSHA512/224 and HmacSHA512/256 algorithms (MAC impls are already done under JDK-8051408 )

Per feedback from Michael StJohns, OASIS PKCS11 is working on updating to include SHA-3: https://github.com/oasis-tcs/pkcs11/blob/master/working/identifier_db/sha3.result

It seems that SunMSCAPI provider does not provide any HMAC implementation. So, will not cover SunMSCAPI provider under this RFE.

PKCS11 v2.40 does not include any algorithms with SHA-3 family of digest, so no changes needed for SunPKCS11 provider (yet).

Due to Solaris support being removed, OracleUcrypto provider will not be covered for this RFE.

NIST defined SHA3 relevant algorithm oids here: https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration

Add Hmac w/ SHA-3 digests to SunJCE provider and check for native support for SunPKCS11, OracleUcrypto, SunMSCAPI providers.