Bug ID: JDK-8064399 JEP 287: SHA-3 Hash Algorithms

Type: JEP
Component: security-libs
Sub-Component: java.security

Priority: P2
Status: Closed
Resolution: Delivered
Fix Versions: 9

Submitted: 2014-11-08
Updated: 2017-03-06
Resolved: 2017-01-04

Summary
-------

Implement the SHA-3 cryptographic hash functions (BYTE-only) specified in [NIST FIPS 202][1].

Non-Goals
---------

This JEP will not implement the SHAKE128 and SHAKE256 extendable-output functions (XOFs) because they are not approved as hash functions. The latest PKCS11 v2.40 draft does not contain SHA-3 support. Thus, there is no change to the "SunPKCS11" provider. Also, this JEP will not implement SHA-3 based algorithms for other cryptographic functions such as Signatures, MACs, and Ciphers since there are no standards for them yet. Those will be covered in subsequent enhancements and/or JEPs.

Motivation
----------

SHA-2 was published over 10 years ago, and although no significant attack on SHA-2 has been demonstrated, NIST perceived a need for a dissimilar cryptographic hash function as an alternative to SHA-2. Nine years in the making, SHA-3 is the first cryptographic hash algorithm NIST has developed using a public competition and vetting process. FIPS 202 "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions" was finalized as a standard in August 2015. Cryptographic vendors such as BouncyCastle started supporting SHA-3 when FIPS 202 was still a draft. Solaris will also support SHA-3 in the coming Solaris 12.0 release. Since hash functions are used extensively in security applications and SHA-3 implementations are already being added by other vendors, it is important to provide support for SHA-3 in the JDK.

Description
-----------

FIPS 202 defines four new hash functions: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. These can be implemented as new algorithms of the `java.security.MessageDigest` API under the standard names "SHA3-224", "SHA3-256", "SHA3-384", and "SHA3-512". No new APIs are necessary, since there are no parameters required.

Here is the list of providers and the corresponding algorithm enhancements:

- "SUN" provider: SHA3-224, SHA3-256, SHA3-384, and SHA3-512
- "OracleUcrypto" provider: SHA-3 digests supported by Solaris 12.0

Testing
-------
The implementation must pass the relevant [known-answer tests provided by NIST][2] where the input size is multiple of 8-bits and existing regression and unit tests.

[1]: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
[2]: http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing

TOI no longer needed - confirmed by Sustaining
06-03-2017
Due date has been updated to be consistent.
30-06-2016
FC Extension Request Performance, SQE, JVT security assessment have been completed on June 22 under the earlier FC exception approval. Only doc work remains. Risk Level: Minimum Justification: Needed to support SHA-3 and majority of the work has been completed already. Proposed Complete Date: July 23
30-06-2016
Security doc for SHA-3 names update is tracked under https://bugs.openjdk.java.net/browse/JDK-8004078 JDK src/test changes is tracked under https://bugs.openjdk.java.net/browse/JDK-8000415
03-02-2016

Relates :	JDK-8004078 - [docs] Create Standard Names for SHA-3 algorithms.
Relates :	JDK-8159438 - java/security/MessageDigest/UnsupportedProvider.java failed with "SHA-3 should be supported by OracleUcrypto provider"
Relates :	JDK-8157495 - SHA-3 Hash algorithm performance improvements (~12x speedup)
Relates :	JDK-8000415 - Add support for SHA-3

JDK-8152611 :	Dev task: Enhance SUN provider with SHA-3 MessageDigest implementations - Resolved
JDK-8152612 :	Dev task: Enhance OracleUcrypto provider with SHA-3 MessageDigest implementations - Resolved
JDK-8152613 :	Dev task: Update regression tests for SHA-3 MessageDigests - Resolved
JDK-8156059 :	Test Task: Update/Develop new tests for JEP 287: SHA-3 Hash Algorithms - Resolved
JDK-8156060 :	Test Task: Update existing tests for JEP 287: SHA-3 Hash Algorithms - Resolved