8172366: Support SHA-3 based signatures

Enhance default JDK providers including SUN, SunRsaSign, and SunEC, with signatures using SHA-3 family of digests.

Reviewed-by: xuelei

Author: Valerie Peng

src/java.base/share/classes/java/security/spec/MGF1ParameterSpec.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -108,6 +108,34 @@ public class MGF1ParameterSpec implements AlgorithmParameterSpec {
     public static final MGF1ParameterSpec SHA512_256 =
         new MGF1ParameterSpec("SHA-512/256");
 
+    /**
+     * The MGF1ParameterSpec which uses SHA3-224 message digest
+     * @since 16
+     */
+    public static final MGF1ParameterSpec SHA3_224 =
+        new MGF1ParameterSpec("SHA3-224");
+
+    /**
+     * The MGF1ParameterSpec which uses SHA3-256 message digest
+     * @since 16
+     */
+    public static final MGF1ParameterSpec SHA3_256 =
+        new MGF1ParameterSpec("SHA3-256");
+
+    /**
+     * The MGF1ParameterSpec which uses SHA3-384 message digest
+     * @since 16
+     */
+    public static final MGF1ParameterSpec SHA3_384 =
+        new MGF1ParameterSpec("SHA3-384");
+
+    /**
+     * The MGF1ParameterSpec which uses SHA3-512 message digest
+     * @since 16
+     */
+    public static final MGF1ParameterSpec SHA3_512 =
+        new MGF1ParameterSpec("SHA3-512");
+
     private String mdName;
 
     /**

src/java.base/share/classes/sun/security/provider/DSA.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,11 +47,16 @@
  * Standards and Technology (NIST), using SHA digest algorithms
  * from FIPS180-3.
  *
- * This file contains both the signature implementation for the
- * commonly used SHA1withDSA (DSS), SHA224withDSA, SHA256withDSA,
- * as well as RawDSA, used by TLS among others. RawDSA expects
- * the 20 byte SHA-1 digest as input via update rather than the
- * original data like other signature implementations.
+ * This file contains the signature implementation for the
+ * SHA1withDSA (DSS), SHA224withDSA, SHA256withDSA, SHA384withDSA,
+ * SHA512withDSA, SHA3-224withDSA, SHA3-256withDSA, SHA3-384withDSA,
+ * SHA3-512withDSA, as well as RawDSA, used by TLS among others.
+ * RawDSA expects the 20 byte SHA-1 digest as input via update rather
+ * than the original data like other signature implementations.
+ *
+ * In addition, IEEE P1363 signature format is supported. The
+ * corresponding implementation is registered under <sig>inP1363Format,
+ * e.g. SHA256withDSAinP1363Format.
  *
  * @author Benjamin Renaud
  *
@@ -504,6 +509,78 @@ public String toString() {
         return printable;
     }
 
+    /**
+     * SHA3-224withDSA implementation.
+     */
+    public static final class SHA3_224withDSA extends DSA {
+        public SHA3_224withDSA() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA3-224"));
+        }
+    }
+
+    /**
+     * SHA3-224withDSA implementation that uses the IEEE P1363 format.
+     */
+    public static final class SHA3_224withDSAinP1363Format extends DSA {
+        public SHA3_224withDSAinP1363Format() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA3-224"), true);
+        }
+    }
+
+    /**
+     * Standard SHA3-256withDSA implementation.
+     */
+    public static final class SHA3_256withDSA extends DSA {
+        public SHA3_256withDSA() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA3-256"));
+        }
+    }
+
+    /**
+     * Standard SHA3-256withDSA implementation that uses the IEEE P1363 format.
+     */
+    public static final class SHA3_256withDSAinP1363Format extends DSA {
+        public SHA3_256withDSAinP1363Format() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA3-256"), true);
+        }
+    }
+
+    /**
+     * Standard SHA3-384withDSA implementation.
+     */
+    public static final class SHA3_384withDSA extends DSA {
+        public SHA3_384withDSA() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA3-384"));
+        }
+    }
+
+    /**
+     * Standard SHA3-384withDSA implementation that uses the IEEE P1363 format.
+     */
+    public static final class SHA3_384withDSAinP1363Format extends DSA {
+        public SHA3_384withDSAinP1363Format() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA3-384"), true);
+        }
+    }
+
+    /**
+     * Standard SHA3-512withDSA implementation.
+     */
+    public static final class SHA3_512withDSA extends DSA {
+        public SHA3_512withDSA() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA3-512"));
+        }
+    }
+
+    /**
+     * Standard SHA3-512withDSA implementation that uses the IEEE P1363 format.
+     */
+    public static final class SHA3_512withDSAinP1363Format extends DSA {
+        public SHA3_512withDSAinP1363Format() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA3-512"), true);
+        }
+    }
+
     /**
      * Standard SHA224withDSA implementation as defined in FIPS186-3.
      */
@@ -540,6 +617,42 @@ public SHA256withDSAinP1363Format() throws NoSuchAlgorithmException {
         }
     }
 
+    /**
+     * Standard SHA384withDSA implementation as defined in FIPS186-3.
+     */
+    public static final class SHA384withDSA extends DSA {
+        public SHA384withDSA() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA-384"));
+        }
+    }
+
+    /**
+     * SHA384withDSA implementation that uses the IEEE P1363 format.
+     */
+    public static final class SHA384withDSAinP1363Format extends DSA {
+        public SHA384withDSAinP1363Format() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA-384"), true);
+        }
+    }
+
+    /**
+     * Standard SHA512withDSA implementation as defined in FIPS186-3.
+     */
+    public static final class SHA512withDSA extends DSA {
+        public SHA512withDSA() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA-512"));
+        }
+    }
+
+    /**
+     * SHA512withDSA implementation that uses the IEEE P1363 format.
+     */
+    public static final class SHA512withDSAinP1363Format extends DSA {
+        public SHA512withDSAinP1363Format() throws NoSuchAlgorithmException {
+            super(MessageDigest.getInstance("SHA-512"), true);
+        }
+    }
+
     /**
      * Standard SHA1withDSA implementation.
      */

src/java.base/share/classes/sun/security/provider/SunEntries.java

@@ -54,9 +54,13 @@
  *   SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
  *   and SHA-512.
  *
- * - SHA-224withDSA/SHA-256withDSA are the signature schemes
+ * - [SHA-224|SHA-256|SHA-384|SHA-512]withDSA are the signature schemes
  *   described in FIPS 186-3. The associated object identifiers are
- *   "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2".
+ *   "OID.2.16.840.1.101.3.4.3.[1|2|3|4]" respectively.
+ *
+ * - [SHA3-224|SHA3-256|SHA3-384|SHA3-512]withDSA are the signature schemes
+ *   using SHA-3 family of digests with DSA. The associated object identifiers
+ *   are "OID.2.16.840.1.101.3.4.3.[5|6|7|8]" respectively.
  *
  * - DSA is the key generation scheme as described in FIPS 186.
  *   Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
@@ -127,13 +131,30 @@ public final class SunEntries {
         addWithAlias(p, "Signature", "NONEwithDSA",
                 "sun.security.provider.DSA$RawDSA", attrs);
 
-        attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures
+        // for DSA signatures with 224/256-bit digests
+        attrs.put("KeySize", "2048");
 
         addWithAlias(p, "Signature", "SHA224withDSA",
                 "sun.security.provider.DSA$SHA224withDSA", attrs);
         addWithAlias(p, "Signature", "SHA256withDSA",
                 "sun.security.provider.DSA$SHA256withDSA", attrs);
 
+        addWithAlias(p, "Signature", "SHA3-224withDSA",
+                "sun.security.provider.DSA$SHA3_224withDSA", attrs);
+        addWithAlias(p, "Signature", "SHA3-256withDSA",
+                "sun.security.provider.DSA$SHA3_256withDSA", attrs);
+
+        attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
+
+        addWithAlias(p, "Signature", "SHA384withDSA",
+                "sun.security.provider.DSA$SHA384withDSA", attrs);
+        addWithAlias(p, "Signature", "SHA512withDSA",
+                "sun.security.provider.DSA$SHA512withDSA", attrs);
+        addWithAlias(p, "Signature", "SHA3-384withDSA",
+                "sun.security.provider.DSA$SHA3_384withDSA", attrs);
+        addWithAlias(p, "Signature", "SHA3-512withDSA",
+                "sun.security.provider.DSA$SHA3_512withDSA", attrs);
+
         attrs.remove("KeySize");
 
         add(p, "Signature", "SHA1withDSAinP1363Format",
@@ -144,7 +165,18 @@ public final class SunEntries {
                 "sun.security.provider.DSA$SHA224withDSAinP1363Format");
         add(p, "Signature", "SHA256withDSAinP1363Format",
                 "sun.security.provider.DSA$SHA256withDSAinP1363Format");
-
+        add(p, "Signature", "SHA384withDSAinP1363Format",
+                "sun.security.provider.DSA$SHA384withDSAinP1363Format");
+        add(p, "Signature", "SHA512withDSAinP1363Format",
+                "sun.security.provider.DSA$SHA512withDSAinP1363Format");
+        add(p, "Signature", "SHA3-224withDSAinP1363Format",
+                "sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
+        add(p, "Signature", "SHA3-256withDSAinP1363Format",
+                "sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
+        add(p, "Signature", "SHA3-384withDSAinP1363Format",
+                "sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
+        add(p, "Signature", "SHA3-512withDSAinP1363Format",
+                "sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
         /*
          *  Key Pair Generator engines
          */

src/java.base/share/classes/sun/security/rsa/PSSParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -103,7 +103,7 @@ protected void engineInit(byte[] encoded) throws IOException {
                     throw new IOException("Only MGF1 mgf is supported");
                 }
                 AlgorithmId params = AlgorithmId.parse(
-                    new DerValue(val.getEncodedParams()));
+                        new DerValue(val.getEncodedParams()));
                 String mgfDigestName = params.getName();
                 switch (mgfDigestName) {
                 case "SHA-1":
@@ -127,6 +127,18 @@ protected void engineInit(byte[] encoded) throws IOException {
                 case "SHA-512/256":
                     mgfSpec = MGF1ParameterSpec.SHA512_256;
                     break;
+                case "SHA3-224":
+                    mgfSpec = MGF1ParameterSpec.SHA3_224;
+                    break;
+                case "SHA3-256":
+                    mgfSpec = MGF1ParameterSpec.SHA3_256;
+                    break;
+                case "SHA3-384":
+                    mgfSpec = MGF1ParameterSpec.SHA3_384;
+                    break;
+                case "SHA3-512":
+                    mgfSpec = MGF1ParameterSpec.SHA3_512;
+                    break;
                 default:
                     throw new IOException
                         ("Unrecognized message digest algorithm " +