JDK-8242332 : Add SHA3 support to SunPKCS11 provider
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2020-04-08
  • Updated: 2023-10-23
  • Resolved: 2020-12-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 16
16 b28Fixed
Related Reports
CSR :  
Duplicate :  
Duplicate :  
Relates :  
Relates :  
Sub Tasks
JDK-8257791 :  
JDK-8257792 :  
Description
Per feedback from Michael StJohns <mstjohns@comcast.net>:
-------------------
I've got an include file from Utimaco dated 27 March 2017 that includes the SHA3 assignments from PKCS11 - and their collateral says they implement SHA3 (this is all of the message digest, hmac and signature mechanisms, and key derivation mechanisms specified for PKCS11 3.0. 

Safenet ProtectServer has it https://data-protection-updates.gemalto.com/2018/04/27/product-release-safenet-protecttoolkit-5-6/

I can't find anything that says nCipher has it.

That's two out of three of the big ones.
 message digest, hmac and signature mechanisms, and key derivation mechanisms specified for PKCS11 3.0.  
-------------------
There are a few PKCS11 vendors already supporting SHA3 even though PKCS11 v2.40 do not have SHA3 related mechanisms. The SHA3 mechanisms are in the works and identifiers have been reserved in the working version of PKCS11 header files, thus we should consider supporting SHA3 in SunPKCS11 provider.
Comments
Changeset: 78be334c Author: Valerie Peng <valeriep@openjdk.org> Date: 2020-12-05 23:47:35 +0000 URL: https://git.openjdk.java.net/jdk/commit/78be334c
05-12-2020

PKCS#11 v3.0 header covers SHA-3 message digests and related signature algorithms.
26-10-2020

https://github.com/oasis-tcs/pkcs11/blob/master/working/identifier_db/sha3.result
08-04-2020