8340327: A common framework to support public key algorithms with standard parameter sets#2946
Draft
GoeLin wants to merge 4 commits into
Draft
8340327: A common framework to support public key algorithms with standard parameter sets#2946GoeLin wants to merge 4 commits into
GoeLin wants to merge 4 commits into
Conversation
|
👋 Welcome back goetz! A progress list of the required criteria for merging this PR into |
|
❗ This change is not yet ready to be integrated. |
|
This backport pull request has now been updated with issue from the original commit. |
… getParams method
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is needed to backport the new Quantum-Resistant [1] algorithms.
Patching the original change to 21 first causes two issues:
It does not apply clean to SignatureUtil as
https://bugs.openjdk.org/browse/JDK-8302233: "HSS/LMS: keytool and jarsigner changes"
is not in 21.
I omit the patch to getDefaultSigAlgForKey() that modifies the
default entry of a switch.
The omitted patch just undoes the change of 8302233 for KEM.
Thus the patch is not necessary in 21 as long as 8302233 is not backported.
Further I had to adapt the @modules in test NamedEdDSA.java.
After 21 ec has been moved into java.base.
Then, the change needs a larger rework as https://bugs.openjdk.org/browse/JDK-8318096: "Introduce AsymmetricKey interface with a getParams method" is not in 21. This has a CSR and has not been backported by Oracle, so I don't want to backport it as prereq change.
Thus I check for the new classes wherever this change uses AsymmetricKey, and reworked some more places. The second commit contains these changes.
I ran the new tests and all tests in test/jdk/sun/security/provider succesfully. It also passes SAP's nightly testing.
AddOn: check one more key. Found this backporting 8342002: "sun/security/tools/keytool/GenKeyPairSigner.java failed due to missing certificate output" on top.
AddOn2: The new quantum resistant keys[1] can be backported on top of this clean. sun/security/provider tests pass. ([2] is needed, too.)
[1]
8298390: Implement JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism
8298387: Implement JEP 497: Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm
[2]
8342442: "Static ACVP sample tests", backport pending: 2945
Progress
Issue
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk21u-dev.git pull/2946/head:pull/2946$ git checkout pull/2946Update a local copy of the PR:
$ git checkout pull/2946$ git pull https://git.openjdk.org/jdk21u-dev.git pull/2946/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 2946View PR using the GUI difftool:
$ git pr show -t 2946Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk21u-dev/pull/2946.diff