On Thu, 18 May 2023 19:11:32 GMT, Ferenc Rakoczi <d...@openjdk.org> wrote:
>> Implement support for Leighton-Micali Signatures (LMS) as described in RFC
>> 8554. LMS is an approved software signing algorithm for CNSA 2.0, with
>> SHA-256/192 parameters recommended.
>
> Ferenc Rakoczi has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Removed dead code, accepted code style suggestions.
src/java.base/share/classes/sun/security/provider/HSS.java line 664:
> 662: protected PublicKey engineGeneratePublic(KeySpec keySpec)
> 663: throws InvalidKeySpecException {
> 664: if (keySpec instanceof X509EncodedKeySpec) {
Can you also use `instanceof x` here and avoid the cast on line 666?
src/java.base/share/classes/sun/security/provider/HSS.java line 695:
> 693: throw new InvalidKeySpecException("key should not be
> null");
> 694: }
> 695: if (key.getFormat().equals("X.509") &&
Would it make sense to also check if `key` is an instance of `HSSPublicKey`?
src/java.base/share/classes/sun/security/provider/HSS.java line 700:
> 698: return keySpec.cast(new
> X509EncodedKeySpec(key.getEncoded()));
> 699: }
> 700: throw new InvalidKeySpecException("keySpec is not an
> X509 one");
Suggest saying name of class: "keySpec is not an X509EncodedKeySpec"
src/java.base/share/classes/sun/security/provider/HSS.java line 787:
> 785:
> 786: @java.io.Serial
> 787: protected Object writeReplace() throws
> java.io.ObjectStreamException {
Make this `private` instead of `protected`. Also, add an overridden private
`readObject` method that simply throws an exception, ex:
`throw new InvalidObjectException("HSS public keys are not directly
deserializable");
`
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204336773
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204361545
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204353785
PR Review Comment: https://git.openjdk.org/jdk/pull/13691#discussion_r1204415763
