On Mon, 7 Mar 2022 14:22:58 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Okay, I'll double check that. I haven't found any server implementations of >> this feature to test with yet, > > 2nd test of https://datatracker.ietf.org/doc/html/rfc7616#section-3.9 is on > this algorithm, but it requires UTF-8 charset support and a way to provide a > predefined cnonce. If it's not worth modifying our implementation to create a > regression test, I think at least we can temporarily hack our own JDK and try > on it. And I think it's most likely true that this algorithm is using a > different initialization vector as Bernd pointed out. As https://www.rfc-editor.org/errata_search.php?rfc=7616&rec_status=0 shows, that 2nd test in rfc7616 was wrong in the initial version as it used a truncated version of SHA-512. The real SHA-512/256 algorithm should be used. $ jshell jshell> import java.security.MessageDigest jshell> HexFormat.of().formatHex(MessageDigest.getInstance("SHA-512").digest("J\u00e4s\u00f8n Doe:a...@example.org".getBytes("UTF-8"))) $2 ==> "488869477bf257147b804c45308cd62ac4e25eb717b12b298c79e62dcea254ec5211a6631b181289b4dd8c14890f38f04bff8a388106dabb900c6984ba592b6a" jshell> HexFormat.of().formatHex(MessageDigest.getInstance("SHA-512/256").digest("J\u00e4s\u00f8n Doe:a...@example.org".getBytes("UTF-8"))) $3 ==> "793263caabb707a56211940d90411ea4a575adeccb7e360aeb624ed06ece9b0b" ------------- PR: https://git.openjdk.java.net/jdk/pull/7688