Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8346684

Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 25
    • security-libs
    • None
    • behavioral
    • minimal
    • Java API
    • SE

      Summary

      Add more cryptographic algorithms and protocols to the SE implementation requirements as specified in the security APIs and Standard Algorithm Names Specification.

      Problem

      Periodically, the algorithm requirements are reviewed to see if new algorithms should be added or existing ones should be removed. The requirements are intended to improve interoperability across different SE implementations by requiring a set of commonly used algorithms. The algorithms are not always based on the strength of the algorithm; the requirements are also based on how common the algorithms are, so some weaker algorithms are still on the list in order to support legacy use cases.

      Solution

      Add TLSv1.3 to the list of requirements. TLSv1.3 is the most secure protocol version and is in wide use. Add all cryptographic algorithms that are needed to implement the TLSv1.3 cipher suites and signature mechanisms that are defined by https://www.rfc-editor.org/rfc/rfc8446 as MUST or SHOULD requirements. Finally, add algorithms that are required by CNSA 1.0 which was added in JDK 19: https://bugs.openjdk.org/browse/JDK-8267319.

      No required algorithms or protocols are being removed at this time.

      Specification

      The following requirements will be added to the Security Algorithm Implementation Requirements section of the Java Security Standard Algorithm Names specification and to the class summary of each of the APIs below. See also the attached patches (standard-names.md.patch and api.patch) for a precise set of differences that will be applied. A screenshot of the updated requirements section is also attached (standard-names.screenshot.png).

      • AlgorithmParameters

        • ChaCha20-Poly1305
        • EC with secp256r1 or secp384r1 curves
        • RSASSA-PSS with MGF1 mask generation function and SHA-256 or SHA-384 hash algorithm

      • Cipher

        • AES/GCM/NoPadding with 256 bit key size
        • ChaCha20-Poly1305

      • KeyAgreement

        • ECDH with secp256r1 or secp384r1 curves
        • X25519

      • KeyFactory

        • EC
        • RSASSA-PSS
        • X25519

      • KeyGenerator

        • AES with 256 bit key size
        • ChaCha20

      • KeyPairGenerator

        • DH with 3072 bit key size
        • EC with secp256r1 or secp384r1 curves
        • RSA with 3072 bit key size
        • RSASSA-PSS with 2048, 3072, 4096 bit key sizes
        • X25519

      • MessageDigest

        • SHA-384

      • Signature

        • RSASSA-PSS with MGF1 mask generation function and SHA-256 or SHA-384 hash algorithm
        • SHA256WithECDSA with secp256r1 curve
        • SHA384WithECDSA with secp384r1 curve
        • SHA384WithRSA

      • SSLContext

        • TLSv1.3

        1. api.patch
          9 kB
          Sean Mullan
        2. standard-names.md.patch
          6 kB
          Sean Mullan
        3. standard-names.screenshot.png
          257 kB
          Sean Mullan

            mullan Sean Mullan
            mullan Sean Mullan
            Jamil Nimeh
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: