Details

    • Author:
      Valerie Peng
    • JEP Type:
      Feature
    • Exposure:
      Open
    • Subcomponent:
    • Scope:
      Implementation
    • Discussion:
      security dash dev at openjdk dot java dot net
    • Effort:
      S
    • Duration:
      M
    • Alert Status:
       Green
    • JEP Number:
      287

      Description

      Summary

      Implement the SHA-3 cryptographic hash functions (BYTE-only) specified in NIST FIPS 202.

      Non-Goals

      This JEP will not implement the SHAKE128 and SHAKE256 extendable-output functions (XOFs) because they are not approved as hash functions. The latest PKCS11 v2.40 draft does not contain SHA-3 support. Thus, there is no change to the "SunPKCS11" provider. Also, this JEP will not implement SHA-3 based algorithms for other cryptographic functions such as Signatures, MACs, and Ciphers since there are no standards for them yet. Those will be covered in subsequent enhancements and/or JEPs.

      Motivation

      SHA-2 was published over 10 years ago, and although no significant attack on SHA-2 has been demonstrated, NIST perceived a need for a dissimilar cryptographic hash function as an alternative to SHA-2. Nine years in the making, SHA-3 is the first cryptographic hash algorithm NIST has developed using a public competition and vetting process. FIPS 202 "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions" was finalized as a standard in August 2015. Cryptographic vendors such as BouncyCastle started supporting SHA-3 when FIPS 202 was still a draft. Solaris will also support SHA-3 in the coming Solaris 12.0 release. Since hash functions are used extensively in security applications and SHA-3 implementations are already being added by other vendors, it is important to provide support for SHA-3 in the JDK.

      Description

      FIPS 202 defines four new hash functions: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. These can be implemented as new algorithms of the java.security.MessageDigest API under the standard names "SHA3-224", "SHA3-256", "SHA3-384", and "SHA3-512". No new APIs are necessary, since there are no parameters required.

      Here is the list of providers and the corresponding algorithm enhancements:

      • "SUN" provider: SHA3-224, SHA3-256, SHA3-384, and SHA3-512
      • "OracleUcrypto" provider: SHA-3 digests supported by Solaris 12.0

      Testing

      The implementation must pass the relevant known-answer tests provided by NIST where the input size is multiple of 8-bits and existing regression and unit tests.

        Issue Links

          Activity

          Hide
          valeriep Valerie Peng added a comment - - edited
          Security doc for SHA-3 names update is tracked under https://bugs.openjdk.java.net/browse/JDK-8004078

          JDK src/test changes is tracked under https://bugs.openjdk.java.net/browse/JDK-8000415
          Show
          valeriep Valerie Peng added a comment - - edited Security doc for SHA-3 names update is tracked under https://bugs.openjdk.java.net/browse/JDK-8004078 JDK src/test changes is tracked under https://bugs.openjdk.java.net/browse/JDK-8000415
          Hide
          valeriep Valerie Peng added a comment - - edited
          FC Extension Request
          Performance, SQE, JVT security assessment have been completed on June 22 under the earlier FC exception approval. Only doc work remains.
          Risk Level: Minimum
          Justification: Needed to support SHA-3 and majority of the work has been completed already.
          Proposed Complete Date: July 23
          Show
          valeriep Valerie Peng added a comment - - edited FC Extension Request Performance, SQE, JVT security assessment have been completed on June 22 under the earlier FC exception approval. Only doc work remains. Risk Level: Minimum Justification: Needed to support SHA-3 and majority of the work has been completed already. Proposed Complete Date: July 23
          Hide
          valeriep Valerie Peng added a comment -
          Due date has been updated to be consistent.
          Show
          valeriep Valerie Peng added a comment - Due date has been updated to be consistent.
          Hide
          ostuart Owen Stuart added a comment -
          TOI no longer needed - confirmed by Sustaining
          Show
          ostuart Owen Stuart added a comment - TOI no longer needed - confirmed by Sustaining

            People

            • Assignee:
              valeriep Valerie Peng
              Reporter:
              valeriep Valerie Peng
              Owner:
              Valerie Peng
              Reviewed By:
              Sean Mullan
              Endorsed By:
              Brian Goetz
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved:
                Integration Due: