Tencent Kona SM Suite contains a set of Java security providers, which support algorithms SM2, SM3 and SM4, and protocols TLCP/GMSSL, TLS 1.3 (with RFC 8998) and TLS 1.2.
Improve RSA key implementations
SharedSecretsUtil is not flexible Constants should not depend on CryptoUtils KonaSSLProvider should not define TlcpKeyMaterial SM2E key exchange should not call SM2PublicKey directly TLCP should not be restricted by the named group and signature scheme constraints Better certificate key usage checking on TLCP
JDK-8308204: Enhanced certificate processing
EC infinite point is not (0, 0) Re-implement SM3HMac with HmacCore SM2 public key should start with 0x04 Enhance SM2PrivateKey and SM2PublicKey SM2KeyAgreement instance should allow to be reused after re-init SM2KeyAgreement should check peer public key SM2 private key would not be order - 1 Remove SM4KeySpec Rewrite SM2KeyPairGenerator with ECKeyPairGenerator SM2KeyAgreementParamSpec should check ID length SM2KeyAgreement should check private key KonaCrypto should not support RSA and RSASSA-PSS Use default ID value directly Enhance store entry cache in PKCS12KeyStore PKCS12KeyStore should clear storeEntryCache
CVE-2023-22081/JDK-8309966: Enhanced TLS connections JDK-8286503: Enhance security classes
The key in PBEKey should be cleaned SM2Ciphertext should check uncompressed flag No need to counter chosen-plaintext issue on TLCP Use HmacSM3 as the standard name for SM3 HMAC algorithm SM3MessageDigest must check the input bounds SM3 HMAC supports clone Deprecate SM4KeySpec SM2 cipher should accept empty input Declare SM3withSM2 as an alias of SM2 signature AlgorithmParameterSpecs would not depend on internal Keys SM2KeyAgreementParamSpec should not expose fields directly SM2 KeySpecs should not copy a part of a byte array as keys
PKCS#12 keystore supports PBEWithHmacSM3AndSM4 and HmacPBESM3 KeyTool for creating generating key pairs, certificates and keystores with ShangMi algorithms KeyStoreTool for adding the existing private keys and certificates to keystores Enhance SM3 performance Enhance SM4-CTR performance
Enable useSharedSecrets by default on JDK 8