-
CSR
-
Resolution: Approved
-
P3
-
None
-
behavioral
-
minimal
-
Other
-
JDK
Summary
Enhance SunPKCS11 provider to support various SHA-3 related crypto algorithms when supported by underlying native PKCS11 library.
Problem
With PKCS#11 v3.0, additional mechanisms are added including SHA-3 message digests and other crypto algorithms utilizing SHA-3. SunPKCS11 provider should be enhanced accordingly.
Solution
Enhance SunPKCS11 provider to support the SHA-3 related crypto services. For completeness, this RFE also adds support for Hmac key generator for all supported message digest algorithms.
- Message Digest: SHA3-224, SHA3-256, SHA3-384, SHA3-512
- Mac: HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512
- Signature: SHA3-224withDSA, SHA3-256withDSA, SHA3-384withDSA, SHA3-512withDSA, SHA3-224withDSAinP1363Format, SHA3-256withDSAinP1363Format, SHA3-384withDSAinP1363Format, SHA3-512withDSAinP1363Format, SHA3-224withECDSA, SHA3-256withECDSA, SHA3-384withECDSA, SHA3-512withECDSA, SHA3-224withECDSAinP1363Format, SHA3-256withECDSAinP1363Format, SHA3-384withECDSAinP1363Format, SHA3-512withECDSAinP1363Format, SHA3-224withRSA, SHA3-256withRSA, SHA3-384withRSA, SHA3-512withRSA, SHA3-224withRSASSA-PSS, SHA3-256withRSASSA-PSS, SHA3-384withRSASSA-PSS, SHA3-512withRSASSA-PSS.
- KeyGenerator: HmacMD5, HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512, HmacSHA512/224, HmacSHA512/256, HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512.
Specification
1) Update the table 5.3 "Java Algorithms Supported by the SunPKCS11 Provider" of "PKCS#11 Reference Guide" with the following changes (new additions are highlighted in bold):
| Java Algorithm | PKCS#11 Mechanisms |
|---|---|
| MessageDigest.SHA3-224 | CKM_SHA3_224 |
| MessageDigest.SHA3-256 | CKM_SHA3_256 |
| MessageDigest.SHA3-384 | CKM_SHA3_384 |
| MessageDigest.SHA3-512 | CKM_SHA3_512 |
| Mac.SHA3-224 | CKM_SHA3_224_HMAC |
| Mac.SHA3-256 | CKM_SHA3_256_HMAC |
| Mac.SHA3-384 | CKM_SHA3_384_HMAC |
| Mac.SHA3-512 | CKM_SHA3_512_HMAC |
| Signature.SHA3-224withDSA | CKM_DSA_SHA3_224 |
| Signature.SHA3-256withDSA | CKM_DSA_SHA3_256 |
| Signature.SHA3-384withDSA | CKM_DSA_SHA3_384 |
| Signature.SHA3-512withDSA | CKM_DSA_SHA3_512 |
| Signature.SHA224withDSAinP1363Format | CKM_DSA_SHA224 |
| Signature.SHA256withDSAinP1363Format | CKM_DSA_SHA256 |
| Signature.SHA384withDSAinP1363Format | CKM_DSA_SHA384 |
| Signature.SHA512withDSAinP1363Format | CKM_DSA_SHA512 |
| Signature.SHA3-224withDSAinP1363Format | CKM_DSA_SHA3_224 |
| Signature.SHA3-256withDSAinP1363Format | CKM_DSA_SHA3_256 |
| Signature.SHA3-384withDSAinP1363Format | CKM_DSA_SHA3_384 |
| Signature.SHA3-512withDSAinP1363Format | CKM_DSA_SHA3_512 |
| Signature.SHA224withECDSA | CKM_ECDSA_SHA224, CKM_ECDSA |
| Signature.SHA256withECDSA | CKM_ECDSA_SHA256, CKM_ECDSA |
| Signature.SHA384withECDSA | CKM_ECDSA_SHA384, CKM_ECDSA |
| Signature.SHA512withECDSA | CKM_ECDSA_SHA512, CKM_ECDSA |
| Signature.SHA3-224withECDSA | CKM_ECDSA_SHA3_224, CKM_ECDSA |
| Signature.SHA3-256withECDSA | CKM_ECDSA_SHA3_256, CKM_ECDSA |
| Signature.SHA3-384withECDSA | CKM_ECDSA_SHA3_384, CKM_ECDSA |
| Signature.SHA3-512withECDSA | CKM_ECDSA_SHA3_512, CKM_ECDSA |
| Signature.SHA224withECDSAinP1363Format | CKM_ECDSA_SHA224, CKM_ECDSA |
| Signature.SHA256withECDSAinP1363Format | CKM_ECDSA_SHA256, CKM_ECDSA |
| Signature.SHA384withECDSAinP1363Format | CKM_ECDSA_SHA384, CKM_ECDSA |
| Signature.SHA512withECDSAinP1363Format | CKM_ECDSA_SHA512, CKM_ECDSA |
| Signature.SHA3-224withECDSAinP1363Format | CKM_ECDSA_SHA3_224, CKM_ECDSA |
| Signature.SHA3-256withECDSAinP1363Format | CKM_ECDSA_SHA3_256, CKM_ECDSA |
| Signature.SHA3-384withECDSAinP1363Format | CKM_ECDSA_SHA3_384, CKM_ECDSA |
| Signature.SHA3-512withECDSAinP1363Format | CKM_ECDSA_SHA3_512, CKM_ECDSA |
| Signature.SHA3-224withRSA | CKM_SHA3_224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509 |
| Signature.SHA3-256withRSA | CKM_SHA3_256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509 |
| Signature.SHA3-384withRSA | CKM_SHA3_384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509 |
| Signature.SHA3-512withRSA | CKM_SHA3_512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509 |
| Signature.SHA3-224withRSASSA-PSS | CKM_SHA3_224_RSA_PKCS_PSS |
| Signature.SHA3-256withRSASSA-PSS | CKM_SHA3_256_RSA_PKCS_PSS |
| Signature.SHA3-384withRSASSA-PSS | CKM_SHA3_384_RSA_PKCS_PSS |
| Signature.SHA3-512withRSASSA-PSS | CKM_SHA3_512_RSA_PKCS_PSS |
| KeyGenerator.HmacMD5 | CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA1 | CKM_SHA_1_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA224 | CKM_SHA224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA256 | CKM_SHA256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA384 | CKM_SHA384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA512 | CKM_SHA512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA512/224 | CKM_SHA512_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA512/256 | CKM_SHA512_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA3-224 | CKM_SHA3_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA3-256 | CKM_SHA3_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA3-384 | CKM_SHA3_384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
| KeyGenerator.HmacSHA3-512 | CKM_SHA3_512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN |
- csr of
-
JDK-8242332 Add SHA3 support to SunPKCS11 provider
-
- Resolved
-