-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8199697: FIPS 186-4 RSA Key Generation #420
Conversation
Changed RSA key pair generation code following the guidelines from FIPS 186-4.
/label security |
👋 Welcome back valeriep! A progress list of the required criteria for merging this PR into |
@valeriepeng |
Webrevs
|
/issue 8199697 |
@valeriepeng The issue |
/issue 8199697 |
@valeriepeng This issue is referenced in the PR title - it will now be updated. |
/test |
Could not create test job |
/test tier1 |
Could not create test job |
* @run main SpecTest 1024 | ||
* @run main SpecTest 1024 3 | ||
* @run main SpecTest 1024 65537 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want to stop using F0 since it's no longer deemed valid for FIPS 186-4. For backward compatibility, we don't reject F0, but perhaps we should stop using it so people will start shifting to use F4. I can replace 3 with 167971.
BigInteger n = p.multiply(q); | ||
if (!useNew && n.bitLength() != keySize) { | ||
// regenerate Q if n is not the right length | ||
continue; | ||
} | ||
KeyPair kp = createKeyPair(type, keyParams, n, e, p, q); | ||
if (kp != null) { | ||
return kp; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The logic may be more clear if moving the checking of n and key generation out of the loop for q, by regenerate both p and q if needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, will add an outer while-loop as in the existing code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
@valeriepeng This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 5 new commits pushed to the
Please see this link for an up-to-date comparison between the source branch of this pull request and the ➡️ To integrate this PR with the above commit message to the |
/integrate |
@valeriepeng Since your change was applied there have been 27 commits pushed to the
Your commit was automatically rebased without conflicts. Pushed as commit 1191a63. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
Could someone please help review this RFE? Update existing RSA key pair generation code following the guidelines from FIPS 186-4 and FIPS 186-5 (draft). Current proposed changes updates the prime generation code (for P, Q) based on FIPS 186-4 B.3.3 when keysize and public exponent met the requirements set in FIPS 186-4/5.
Thanks,
Valerie
Progress
Testing
Failed test task
Issue
Reviewers
Download
$ git fetch https://git.openjdk.java.net/jdk pull/420/head:pull/420
$ git checkout pull/420