Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8289163

Updating Java Security Standard Algorithm Names

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 20
    • security-libs
    • None
    • minimal
    • No behavior change.
    • Other
    • SE

      Summary

      Add and remove several items from the Java Security Standard Algorithm Names document to reflect the current algorithms we provided.

      Problem

      Some new algorithms are provided but not documented yet.

      On the other hand, we mistakenly added "XDH", "X25519", and "X448" into the AlgorithmParameters section but in fact no parameters have been defined for these algorithms and we have provided none in our security providers. Therefore they should be removed. As RFC 8410 where these algorithms are defined points out, "For all of the OIDs, the parameters MUST be absent."

      Solution

      1. Add "GCM" to AlgorithmParamers.
      2. Remove "XDH", "X25519", and "X448" from AlgorithmParamers.
      3. Add "HmacSHA512/224" and "HmacSHA512/256" to Mac.
      4. Add "Ed25519" and "Ed448" to NamedParametersSpec.

      Specification

      In the AlgorithmParameters table:

      +GCM                                 Parameters for use with the Galois/Counter Mode (GCM)
+                                    cipher mode, as defined in [RFC 5084](https://tools.ietf.org/html/rfc5084).
-
-XDH                                 Parameters for Diffie-Hellman key agreement with
-                                    elliptic curves as defined in
-                                    [RFC 7748](https://tools.ietf.org/html/rfc7748).
-
-X25519                              Parameters for Diffie-Hellman key agreement with
-                                    Curve25519 as defined in
-                                    [RFC 7748](https://tools.ietf.org/html/rfc7748).
-
-X448                                Parameters for Diffie-Hellman key agreement with
-                                    Curve448 as defined in
-                                    [RFC 7748](https://tools.ietf.org/html/rfc7748).

      In the Mac section:

       HmacMD5          Key generator for use with the HmacMD5 algorithm.

 HmacSHA1 \       Key generator for use with the various flavors of the HmacSHA
 HmacSHA224 \     algorithms.
 HmacSHA256 \
 HmacSHA384 \
 HmacSHA512 \
+HmacSHA512/224 \
+HmacSHA512/256 \
 HmacSHA3-224 \
 HmacSHA3-256 \
 HmacSHA3-384 \

      In the NamedParameterSpec table:

      +
+Ed25519 Elliptic curve signature scheme using the edwards25519 curve defined
+        in [RFC 8032](https://tools.ietf.org/html/rfc8032).
+
+Ed448   Elliptic curve signature scheme using the edwards448 curve defined
+        in [RFC 8032](https://tools.ietf.org/html/rfc8032).

            weijun Weijun Wang
            weijun Weijun Wang
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: