On Thu, 11 May 2023 09:36:17 GMT, Ferenc Rakoczi <d...@openjdk.org> wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
>> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
>> SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Reintroduced Length for HSSPublicKey, added more @Override annotations
src/java.base/share/classes/sun/security/provider/HSS.java line 728:
> 726: @Override
> 727: public int length() {
> 728: return getKey().length();
Debatable. `getKey` now contains 2 (OCTET STRING header) + 4 (L) + 4 (LMS type)
+ 4 (LM-OTS type) + 16 (I) + 32 (T) bytes. Should the 2 header bytes be
included in the length? Should all fields other than T be included? The length
is mainly used to compare strength and I suggest we refrain from implementing
this method unless a well-known definition is accepted for HSS/LMS. Table 2 of
[NIST SP 800-57 Part
1](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf)
and they are defined by modulus size.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1191214837
