Webrev updated at http://cr.openjdk.java.net/~weijun/8242068/webrev.01/
Two major changes: 1. Always use the signature algorithm directly in SignerInfo::signatureAlgorithm: In PKCS7 SignerInfo SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestAlgorithm DigestAlgorithmIdentifier, signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL } We have always been putting "SHA-1" etc into DigestAlgorithmIdentifier, and "RSA", "DSA", "EC" into signatureAlgorithm. The latest https://tools.ietf.org/html/rfc5652#section-10.1.2 claims it to be The SignatureAlgorithmIdentifier type identifies a signature algorithm, and it can also identify a message digest algorithm. Examples include RSA, DSA, DSA with SHA-1, ECDSA, and ECDSA with SHA-256. It's complicated to always divide a signature algorithm into a digest algorithm and an encryption algorithm (and with the new RSASSA-PSS and EdDSA it's not easy to define it), therefore I decide to use the signature algorithm directly from now on. Fortunately Java has been able to parse this for a very long time so there is no compatibility issue. I noticed BouncyCastle has been doing the same, and OpenSSL too except for RSA. 2. Support both SHAKE256 and SHAKE256-LEN while parsing a Ed448 SignerInfo. They are both described in https://www.rfc-editor.org/rfc/rfc8419.html although it's a little complicated. To be standard compliant (https://www.rfc-editor.org/rfc/rfc8419.html#section-3.2 and we don't use Signed Attributes), by default Java will use SHAKE256 as the digestAlgorithm. However I noticed BouncyCastle does not recognize it, so if you set the system property "jdk.security.pkcs7.ed448.digalg.haslen" to "true", it will use SHAKE256-LEN (len == 512). I haven't described this system property in the CSR yet. Thanks, Max > On May 22, 2020, at 10:30 PM, Weijun Wang <weijun.w...@oracle.com> wrote: > > Please take a review at > > CSR : https://bugs.openjdk.java.net/browse/JDK-8245274 > webrev : http://cr.openjdk.java.net/~weijun/8242068/webrev.00/ > > Major points in CSR: > > - new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in > jarsigner > > - The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a > signed JAR) are reused for new signature algorithms > > major code changes: > > - Move signature related utilities methods from AlgorithmId.java to > SignatureUtil.java > > - Add new SignatureUtil methods fromKey() and fromSignature() to simplify > creating Signature and getting its AlgorithmId > > - Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing > > - Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of all > old and new signature algorithms > > - Mark all -altsign related code deprecated and they can be removed once > ContentSigner is removed > > Next I'll do some basic interop tests with openssl and BouncyCastle. > > Thanks, > Max >