8283795: Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements

seanjmullan · seanjmullan · commit 3bfa9521d5b7 · 2025-01-09T17:34:20.000Z
Reviewed-by: jnimeh
diff --git a/src/java.base/share/classes/java/security/AlgorithmParameters.java b/src/java.base/share/classes/java/security/AlgorithmParameters.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,12 +48,19 @@
  * obtained via a call to {@code getEncoded}.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code AlgorithmParameters} algorithms:
+ * following standard {@code AlgorithmParameters} algorithms. For the "EC"
+ * algorithm, implementations must support the curves in parentheses. For the
+ * "RSASSA-PSS" algorithm, implementations must support the parameters in
+ * parentheses.
  * <ul>
  * <li>{@code AES}</li>
+ * <li>{@code ChaCha20-Poly1305}</li>
  * <li>{@code DESede}</li>
  * <li>{@code DiffieHellman}</li>
  * <li>{@code DSA}</li>
+ * <li>{@code EC} (secp256r1, secp384r1)</li>
+ * <li>{@code RSASSA-PSS} (MGF1 mask generation function and SHA-256 or SHA-384
+ *     hash algorithms)</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#algorithmparameters-algorithms">
diff --git a/src/java.base/share/classes/java/security/KeyFactory.java b/src/java.base/share/classes/java/security/KeyFactory.java
@@ -72,7 +72,10 @@
  * <ul>
  * <li>{@code DiffieHellman}</li>
  * <li>{@code DSA}</li>
+ * <li>{@code EC}</li>
  * <li>{@code RSA}</li>
+ * <li>{@code RSASSA-PSS}</li>
+ * <li>{@code X25519}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#keyfactory-algorithms">
diff --git a/src/java.base/share/classes/java/security/KeyPairGenerator.java b/src/java.base/share/classes/java/security/KeyPairGenerator.java
@@ -113,12 +113,16 @@
  * supply their own implementations of key pair generators.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code KeyPairGenerator} algorithms and keysizes in
- * parentheses:
+ * following standard {@code KeyPairGenerator} algorithms. For the "EC"
+ * algorithm, implementations must support the curves in parentheses. For other
+ * algorithms, implementations must support the key sizes in parentheses.
  * <ul>
- * <li>{@code DiffieHellman} (1024, 2048, 4096)</li>
+ * <li>{@code DiffieHellman} (1024, 2048, 3072, 4096)</li>
  * <li>{@code DSA} (1024, 2048)</li>
- * <li>{@code RSA} (1024, 2048, 4096)</li>
+ * <li>{@code EC} (secp256r1, secp384r1)</li>
+ * <li>{@code RSA} (1024, 2048, 3072, 4096)</li>
+ * <li>{@code RSASSA-PSS} (2048, 3072, 4096)</li>
+ * <li>{@code X25519}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#keypairgenerator-algorithms">
diff --git a/src/java.base/share/classes/java/security/MessageDigest.java b/src/java.base/share/classes/java/security/MessageDigest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -87,6 +87,7 @@
  * <ul>
  * <li>{@code SHA-1}</li>
  * <li>{@code SHA-256}</li>
+ * <li>{@code SHA-384}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#messagedigest-algorithms">
diff --git a/src/java.base/share/classes/java/security/Signature.java b/src/java.base/share/classes/java/security/Signature.java
@@ -100,12 +100,20 @@
  * supply their own implementations of digital signature algorithms.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code Signature} algorithms:
+ * following standard {@code Signature} algorithms. For the "RSASSA-PSS"
+ * algorithm, implementations must support the parameters in parentheses. For
+ * the "SHA256withECDSA" and "SHA384withECDSA" algorithms, implementations must
+ * support the curves in parentheses.
  * <ul>
+ * <li>{@code RSASSA-PSS} (MGF1 mask generation function and SHA-256 or SHA-384
+ *      hash algorithms)</li>
  * <li>{@code SHA1withDSA}</li>
  * <li>{@code SHA256withDSA}</li>
+ * <li>{@code SHA256withECDSA} (secp256r1)</li>
+ * <li>{@code SHA384withECDSA} (secp384r1)</li>
  * <li>{@code SHA1withRSA}</li>
  * <li>{@code SHA256withRSA}</li>
+ * <li>{@code SHA384withRSA}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#signature-algorithms">
diff --git a/src/java.base/share/classes/javax/crypto/Cipher.java b/src/java.base/share/classes/javax/crypto/Cipher.java
@@ -148,7 +148,8 @@
  * <li>{@code AES/CBC/PKCS5Padding} (128)</li>
  * <li>{@code AES/ECB/NoPadding} (128)</li>
  * <li>{@code AES/ECB/PKCS5Padding} (128)</li>
- * <li>{@code AES/GCM/NoPadding} (128)</li>
+ * <li>{@code AES/GCM/NoPadding} (128, 256)</li>
+ * <li>{@code ChaCha20-Poly1305}</li>
  * <li>{@code DESede/CBC/NoPadding} (168)</li>
  * <li>{@code DESede/CBC/PKCS5Padding} (168)</li>
  * <li>{@code DESede/ECB/NoPadding} (168)</li>
diff --git a/src/java.base/share/classes/javax/crypto/KeyAgreement.java b/src/java.base/share/classes/javax/crypto/KeyAgreement.java
@@ -57,11 +57,14 @@
  * specific or as specified by the standard key agreement algorithm.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code KeyAgreement} algorithm:
+ * following standard {@code KeyAgreement} algorithms. For the "ECDH"
+ * algorithm, implementations must support the curves in parentheses.
  * <ul>
  * <li>{@code DiffieHellman}</li>
+ * <li>{@code ECDH} (secp256r1, secp384r1)</li>
+ * <li>{@code X25519}</li>
  * </ul>
- * This algorithm is described in the <a href=
+ * These algorithms are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#keyagreement-algorithms">
  * KeyAgreement section</a> of the
  * Java Security Standard Algorithm Names Specification.
diff --git a/src/java.base/share/classes/javax/crypto/KeyGenerator.java b/src/java.base/share/classes/javax/crypto/KeyGenerator.java
@@ -96,7 +96,8 @@
  * following standard {@code KeyGenerator} algorithms with the keysizes in
  * parentheses:
  * <ul>
- * <li>{@code AES} (128)</li>
+ * <li>{@code AES} (128, 256)</li>
+ * <li>{@code ChaCha20}</li>
  * <li>{@code DESede} (168)</li>
  * <li>{@code HmacSHA1}</li>
  * <li>{@code HmacSHA256}</li>
diff --git a/src/java.base/share/classes/javax/net/ssl/SSLContext.java b/src/java.base/share/classes/javax/net/ssl/SSLContext.java
@@ -39,11 +39,12 @@
  * secure random bytes.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard {@code SSLContext} protocol:
+ * following standard {@code SSLContext} protocols:
  * <ul>
  * <li>{@code TLSv1.2}</li>
+ * <li>{@code TLSv1.3}</li>
  * </ul>
- * This protocol is described in the <a href=
+ * These protocols are described in the <a href=
  * "{@docRoot}/../specs/security/standard-names.html#sslcontext-algorithms">
  * SSLContext section</a> of the
  * Java Security Standard Algorithm Names Specification.
