JDK-8252260 : Enhance JDK providers to support SHA3 based signatures
  • Type: CSR
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 16
  • Submitted: 2020-08-25
  • Updated: 2020-09-15
  • Resolved: 2020-09-15
Related Reports
CSR :  
Description
Summary
-------
Enhance JDK providers to support SHA3 based Signature algorithms.

Problem
-------
No support for SHA3 based Signature algorithms in default JDK providers.

Solution
--------

Enhance JDK providers to support SHA3 based Signature algorithms. In particular, list of provider and their enhancements are as below:

SUN provider:

 - add SHA3 support to DSA signature, i.e.
   [SHA3-224/SHA3-256/SHA3-384/SHA3-512]withDSA
 - add SHA384 and SHA512 from SHA2 family to DSA signature, i.e. [SHA384/SHA512]withDSA, and
 - add P1363 signature format support for the above 6 DSA signatures, i.e.
   [SHA3-224/SHA3-256/SHA3-384/SHA3-512/SHA384/SHA512]withDSAinP1363Format.

SunRsaSign provider:

 - add SHA3 support to RSA signature, i.e. [SHA3-224/SHA3-256/SHA3-384/SHA3-512]withRSA signatures, and
 - enhance RSASSA-PSS signature to accept PSS parameters using SHA3 digests. 

SunEC provider:

 - add SHA3 support to ECDSA signature, i.e. [SHA3-224/SHA3-256/SHA3-384/SHA3-512]withECDSA, and
 - add P1363 signature format support for the above 4 ECDSA signatures, i.e. [SHA3-224/SHA3-256/SHA3-384/SHA3-512]withECDSAinP1363Format.

Specification
-------------
1) Add 4 static constants to java.security.spec.MGF1ParameterSpec class for convenience sake. No other changes to existing public APIs. 

    --- a/src/java.base/share/classes/java/security/spec/MGF1ParameterSpec.java
    +++ b/src/java.base/share/classes/java/security/spec/MGF1ParameterSpec.java
    @@ -1,5 +1,5 @@
     /*
    - * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
    + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
      * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
      *
      * This code is free software; you can redistribute it and/or modify it
    @@ -108,6 +108,30 @@ public class MGF1ParameterSpec implements AlgorithmParameterSpec {
         public static final MGF1ParameterSpec SHA512_256 =
             new MGF1ParameterSpec("SHA-512/256");
    
    +    /**
    +     * The MGF1ParameterSpec which uses SHA3-224 message digest
    +     */
    +    public static final MGF1ParameterSpec SHA3_224 =
    +        new MGF1ParameterSpec("SHA3-224");
    +
    +    /**
    +     * The MGF1ParameterSpec which uses SHA3-256 message digest
    +     */
    +    public static final MGF1ParameterSpec SHA3_256 =
    +        new MGF1ParameterSpec("SHA3-256");
    +
    +    /**
    +     * The MGF1ParameterSpec which uses SHA3-384 message digest
    +     */
    +    public static final MGF1ParameterSpec SHA3_384 =
    +        new MGF1ParameterSpec("SHA3-384");
    +
    +    /**
    +     * The MGF1ParameterSpec which uses SHA3-512 message digest
    +     */
    +    public static final MGF1ParameterSpec SHA3_512 =
    +        new MGF1ParameterSpec("SHA3-512");
    +
         private String mdName;
    
         /**


2) Update "JDK Providers Documentation" guide to add these algorithms as available algorithms for the forementioned JDK providers. In particular, 

2.1) The "Signature" row of the table "Algorithms in SUN provider" will be updated to add: SHA3-224withDSA, SHA3-256withDSA, SHA3-384withDSA, SHA3-512withDSA, SHA384withDSA, SHA512withDSA, and their P1363 signature format counterparts, i.e. <sigAlgo>inP1363Format where sigAlg is one of these 6 DSA signature algorithms.

2.2) The table "OIDs associated with DSA Signatures" will be updated with 6 additional rows listing the OID mapping for the 6 new DSA signatures, i.e. SHA3-224withDSA, SHA3-256withDSA, SHA3-384withDSA, SHA3-512withDSA, SHA384withDSA, SHA512withDSA.

2.3) The "Signature" row of table "SunRsaSign Provider Algorithm Names for Engine Classes" will be updated to add: SHA3-224withRSA, SHA3-256withRSA, SHA3-384withRSA, SHA3-512withRSA.

2.4) The "Signature" row of table "SunEC Provider Names for Engine Classes" will be updated to add: SHA3-224withECDSA, SHA3-256withECDSA, SHA3-384withECDSA, SHA3-512withECDSA, and their P1363 signature format counterparts, i.e. <sigAlgo>inP1363Format where sigAlg is one of these 4 ECDSA signature algorithms.

3) Update "Java Security Standard Algorithm Names" guide with missing SHA3-related algorithms. Some of these SHA3 based signature algorithms are already documented. Thus, just add the missing SHA3-related algorithms for consistency as below:

 - HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512
 - SHA384withDSAinP1363Format, SHA512withDSAinP1363Format, SHA3-224withDSAinP1363Format, SHA3-256withDSAinP1363Format, SHA3-384withDSAinP1363Format, SHA3-512withDSAinP1363Format
 - SHA3-224withECDSAinP1363Format, SHA3-256withECDSAinP1363Format, SHA3-384withECDSAinP1363Format, SHA3-512withECDSAinP1363Format
Comments
Moving to Approved.
15-09-2020

I see a release note is already planned for this change. Moving to Provisional.
02-09-2020