From 3d76802c6af04d2664a048a2ce234e9af97d7634 Mon Sep 17 00:00:00 2001 From: wetmore Date: Tue, 1 Aug 2017 15:30:13 -0700 Subject: [PATCH] 8169080: Improve documentation examples for crypto applications Reviewed-by: mullan --- .../classes/java/security/MessageDigest.java | 4 +-- .../classes/java/security/Signature.java | 9 +++--- .../classes/java/security/SignedObject.java | 13 ++++---- .../share/classes/javax/crypto/Cipher.java | 30 ++++++++++--------- .../share/classes/javax/crypto/CipherSpi.java | 26 ++++++++-------- .../share/classes/javax/crypto/Mac.java | 2 +- .../classes/javax/crypto/SealedObject.java | 4 +-- 7 files changed, 44 insertions(+), 44 deletions(-) diff --git a/jdk/src/java.base/share/classes/java/security/MessageDigest.java b/jdk/src/java.base/share/classes/java/security/MessageDigest.java index be163c179f..4f4987ceb4 100644 --- a/jdk/src/java.base/share/classes/java/security/MessageDigest.java +++ b/jdk/src/java.base/share/classes/java/security/MessageDigest.java @@ -57,7 +57,7 @@ import javax.crypto.SecretKey; * and catching the CloneNotSupportedException: * *
{@code
- * MessageDigest md = MessageDigest.getInstance("SHA");
+ * MessageDigest md = MessageDigest.getInstance("SHA-256");
  *
  * try {
  *     md.update(toChapter1);
@@ -496,7 +496,7 @@ public abstract class MessageDigest extends MessageDigestSpi {
     /**
      * Returns a string that identifies the algorithm, independent of
      * implementation details. The name should be a standard
-     * Java Security name (such as "SHA", "MD5", and so on).
+     * Java Security name (such as "SHA-256").
      * See the MessageDigest section in the 
      * Java Security Standard Algorithm Names Specification
diff --git a/jdk/src/java.base/share/classes/java/security/Signature.java b/jdk/src/java.base/share/classes/java/security/Signature.java
index c7c25831a3..3f0a9d9677 100644
--- a/jdk/src/java.base/share/classes/java/security/Signature.java
+++ b/jdk/src/java.base/share/classes/java/security/Signature.java
@@ -51,11 +51,10 @@ import sun.security.jca.GetInstance.Instance;
  * authentication and integrity assurance of digital data.
  *
  * 

The signature algorithm can be, among others, the NIST standard - * DSA, using DSA and SHA-1. The DSA algorithm using the - * SHA-1 message digest algorithm can be specified as {@code SHA1withDSA}. - * In the case of RSA, there are multiple choices for the message digest - * algorithm, so the signing algorithm could be specified as, for example, - * {@code MD2withRSA}, {@code MD5withRSA}, or {@code SHA1withRSA}. + * DSA, using DSA and SHA-256. The DSA algorithm using the + * SHA-256 message digest algorithm can be specified as {@code SHA256withDSA}. + * In the case of RSA the signing algorithm could be specified as, for example, + * {@code SHA256withRSA}. * The algorithm name must be specified, as there is no default. * *

A Signature object can be used to generate and verify digital diff --git a/jdk/src/java.base/share/classes/java/security/SignedObject.java b/jdk/src/java.base/share/classes/java/security/SignedObject.java index 810c570657..7ef3eca558 100644 --- a/jdk/src/java.base/share/classes/java/security/SignedObject.java +++ b/jdk/src/java.base/share/classes/java/security/SignedObject.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -81,13 +81,12 @@ import java.io.*; * verification in an attempt to bypass a security check. * *

The signature algorithm can be, among others, the NIST standard - * DSA, using DSA and SHA-1. The algorithm is specified using the + * DSA, using DSA and SHA-256. The algorithm is specified using the * same convention as that for signatures. The DSA algorithm using the - * SHA-1 message digest algorithm can be specified, for example, as - * "SHA/DSA" or "SHA-1/DSA" (they are equivalent). In the case of - * RSA, there are multiple choices for the message digest algorithm, - * so the signing algorithm could be specified as, for example, - * "MD2/RSA", "MD5/RSA" or "SHA-1/RSA". The algorithm name must be + * SHA-256 message digest algorithm can be specified, for example, as + * "SHA256withDSA". In the case of + * RSA the signing algorithm could be specified as, for example, + * "SHA256withRSA". The algorithm name must be * specified, as there is no default. * *

The name of the Cryptography Package Provider is designated diff --git a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java index 4982a87bbe..cd603f2231 100644 --- a/jdk/src/java.base/share/classes/javax/crypto/Cipher.java +++ b/jdk/src/java.base/share/classes/javax/crypto/Cipher.java @@ -59,7 +59,7 @@ import sun.security.jca.*; *

A transformation is a string that describes the operation (or * set of operations) to be performed on the given input, to produce some * output. A transformation always includes the name of a cryptographic - * algorithm (e.g., DES), and may be followed by a feedback mode and + * algorithm (e.g., AES), and may be followed by a feedback mode and * padding scheme. * *

A transformation is of the form: @@ -75,17 +75,19 @@ import sun.security.jca.*; * For example, the following is a valid transformation: * *

- *     Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
+ *     Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
  * 
* * Using modes such as {@code CFB} and {@code OFB}, block * ciphers can encrypt data in units smaller than the cipher's actual * block size. When requesting such a mode, you may optionally specify * the number of bits to be processed at a time by appending this number - * to the mode name as shown in the "{@code DES/CFB8/NoPadding}" and - * "{@code DES/OFB32/PKCS5Padding}" transformations. If no such - * number is specified, a provider-specific default is used. (For - * example, the SunJCE provider uses a default of 64 bits for DES.) + * to the mode name as shown in the "{@code AES/CFB8/NoPadding}" and + * "{@code AES/OFB32/PKCS5Padding}" transformations. If no such + * number is specified, a provider-specific default is used. + * (See the + * {@extLink security_guide_jdk_providers JDK Providers Documentation} + * for the JDK Providers default values.) * Thus, block ciphers can be turned into byte-oriented stream ciphers by * using an 8 bit mode such as CFB8 or OFB8. *

@@ -308,7 +310,7 @@ public class Cipher { /* * array containing the components of a Cipher transformation: * - * index 0: algorithm component (e.g., DES) + * index 0: algorithm component (e.g., AES) * index 1: feedback component (e.g., CFB) * index 2: padding component (e.g., PKCS5Padding) */ @@ -354,8 +356,8 @@ public class Cipher { // transform string to lookup in the provider final String transform; // the mode/padding suffix in upper case. for example, if the algorithm - // to lookup is "DES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING" - // if loopup is "DES", suffix is the empty string + // to lookup is "AES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING" + // if lookup is "AES", suffix is the empty string // needed because aliases prevent straight transform.equals() final String suffix; // value to pass to setMode() or null if no such call required @@ -440,11 +442,11 @@ public class Cipher { } if ((mode == null) && (pad == null)) { - // DES + // AES Transform tr = new Transform(alg, "", null, null); return Collections.singletonList(tr); } else { // if ((mode != null) && (pad != null)) { - // DES/CBC/PKCS5Padding + // AES/CBC/PKCS5Padding List list = new ArrayList<>(4); list.add(new Transform(alg, "/" + mode + "/" + pad, null, null)); list.add(new Transform(alg, "/" + mode, null, pad)); @@ -488,7 +490,7 @@ public class Cipher { * {@link Security#getProviders() Security.getProviders()}. * * @param transformation the name of the transformation, e.g., - * DES/CBC/PKCS5Padding. + * AES/CBC/PKCS5Padding. * See the Cipher section in the * Java Security Standard Algorithm Names Specification @@ -566,7 +568,7 @@ public class Cipher { * the {@link Security#getProviders() Security.getProviders()} method. * * @param transformation the name of the transformation, - * e.g., DES/CBC/PKCS5Padding. + * e.g., AES/CBC/PKCS5Padding. * See the Cipher section in the * Java Security Standard Algorithm Names Specification @@ -626,7 +628,7 @@ public class Cipher { * does not have to be registered in the provider list. * * @param transformation the name of the transformation, - * e.g., DES/CBC/PKCS5Padding. + * e.g., AES/CBC/PKCS5Padding. * See the Cipher section in the * Java Security Standard Algorithm Names Specification diff --git a/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java b/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java index ce7258157d..72bfa803bd 100644 --- a/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java +++ b/jdk/src/java.base/share/classes/javax/crypto/CipherSpi.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,7 +59,7 @@ import java.nio.ByteBuffer; *

A transformation is a string that describes the operation (or * set of operations) to be performed on the given input, to produce some * output. A transformation always includes the name of a cryptographic - * algorithm (e.g., DES), and may be followed by a feedback mode and + * algorithm (e.g., AES), and may be followed by a feedback mode and * padding scheme. * *

A transformation is of the form: @@ -75,7 +75,7 @@ import java.nio.ByteBuffer; * For example, the following is a valid transformation: * *

- *     Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
+ *     Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
  * 
* *

A provider may supply a separate class for each combination @@ -125,32 +125,32 @@ import java.nio.ByteBuffer; * * *

For example, a provider may supply a subclass of CipherSpi - * that implements DES/ECB/PKCS5Padding, one that implements - * DES/CBC/PKCS5Padding, one that implements - * DES/CFB/PKCS5Padding, and yet another one that implements - * DES/OFB/PKCS5Padding. That provider would have the following + * that implements AES/ECB/PKCS5Padding, one that implements + * AES/CBC/PKCS5Padding, one that implements + * AES/CFB/PKCS5Padding, and yet another one that implements + * AES/OFB/PKCS5Padding. That provider would have the following * Cipher properties in its master class: * *

@@ -158,7 +158,7 @@ import java.nio.ByteBuffer; *

Another provider may implement a class for each of the above modes * (i.e., one class for ECB, one for CBC, one for CFB, * and one for OFB), one class for PKCS5Padding, - * and a generic DES class that subclasses from CipherSpi. + * and a generic AES class that subclasses from CipherSpi. * That provider would have the following * Cipher properties in its master class: * @@ -166,7 +166,7 @@ import java.nio.ByteBuffer; * *

  • *
    - *     Cipher.DES
    + *     Cipher.AES
      * 
    * * diff --git a/jdk/src/java.base/share/classes/javax/crypto/Mac.java b/jdk/src/java.base/share/classes/javax/crypto/Mac.java index 245f12f693..ad7dae8891 100644 --- a/jdk/src/java.base/share/classes/javax/crypto/Mac.java +++ b/jdk/src/java.base/share/classes/javax/crypto/Mac.java @@ -50,7 +50,7 @@ import sun.security.jca.GetInstance.Instance; * *

    A MAC mechanism that is based on cryptographic hash functions is * referred to as HMAC. HMAC can be used with any cryptographic hash function, - * e.g., MD5 or SHA-1, in combination with a secret shared key. HMAC is + * e.g., SHA256 or SHA384, in combination with a secret shared key. HMAC is * specified in RFC 2104. * *

    Every implementation of the Java platform is required to support diff --git a/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java b/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java index 743125bf0f..3d657423aa 100644 --- a/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java +++ b/jdk/src/java.base/share/classes/javax/crypto/SealedObject.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -40,7 +40,7 @@ import java.security.NoSuchProviderException; *

    Given any Serializable object, one can create a SealedObject * that encapsulates the original object, in serialized * format (i.e., a "deep copy"), and seals (encrypts) its serialized contents, - * using a cryptographic algorithm such as DES, to protect its + * using a cryptographic algorithm such as AES, to protect its * confidentiality. The encrypted content can later be decrypted (with * the corresponding algorithm using the correct decryption key) and * de-serialized, yielding the original object. -- GitLab