From just a quick skimming across a few FIPS specs, it looks like DSA
with SHA-3 seems worth including. FIPS 202 is designed to supplement
the hash algs in 180-4, and Section 2.3 of 186-4 indicates that SHAx(M)
is intended for those algs specified in 180 (and I assume by extension
202). Since there are OIDs in the NIST arc for dsa-with-sha3-nnn it
seems like all the pieces have specification support. Seems like a good
thing to do.
--Jamil
On 8/18/2020 1:11 PM, Valerie Peng wrote:
Can someone help review this SHA-3 based signature support? Note that
changes to SunPKCS11 provider will be covered by a separate RFE
(JDK-8244154). Current webrev adds SHA-3 digest support to DSA, RSA,
ECDSA signature algorithms. I am a bit on the fence for the DSA
signature and am including it here mostly for completeness sake. Can
remove it if that's preferred. Comments?
Will file a CSR for this once we reached consensus on whether to add
SHA-3 support to DSA signature.
RFE: https://bugs.openjdk.java.net/browse/JDK-8172366
Webrev: http://cr.openjdk.java.net/~valeriep/8172366/webrev.00/
Thanks,
Valerie
