Code review request JDK-8006935: Need to take care of long secret keys in HMAC/PRF compuation
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Wed Apr 17 01:00:00 UTC 2013
The fixes look fine.
Thanks,
Valerie
On 04/16/13 05:30, Xuelei Fan wrote:
> Hi Valerie,
>
> Are you available to review the HAMC impl update in JCE/TLS?
>
> Webrev: http://cr.openjdk.java.net./~xuelei/8006935/webrev.00/
>
> The issue comes from the practice that the industry starts to use large
> Diffie-Hellman keys in DH key exchanging.
>
> Per HMAC (RFC 2104) spec, if the secret key is longer than the block
> size of the HMAC algorithm, it is required to digest the key, and the
> hash value will be used as the actual secret key to HMAC.
>
> However, in the implementation of HMAC for TLS at SunJCE provider
> (TlsPrfGenerator), we don't consider the case that the secret key size
> may be longer than the block size. It does not matter in the past
> because the industry does not use large DH keys. But now it is a
> serious interoperability issue for those who use large DH keys.
>
> In the update, this fix will digest large secret key if it is longer
> than the block size per RFC 2104.
>
> SunPKCS11 provider does not have the problem.
>
> No new regression test (noreg-hard). The fix can be tested by manually
> running the attached test case in the bug.
>
> Thanks,
> Xuelei
More information about the security-dev
mailing list