RFR: 8267319: Use larger default key sizes and algorithms based on CNSA

Valerie Peng valeriep at openjdk.java.net
Wed Mar 2 22:30:07 UTC 2022


On Wed, 2 Mar 2022 04:02:45 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

> I have some compatibility concerns about the AES change breaking code that expects a SecretKeySpec of 16 bytes. I can see situations where '.getEncoded()' returns a byte[32] when user code expects a byte[16]. Also, I'm pretty sure passing a 32 byte SecretKeySpec into an AES_128_GCM op will throw an exception. I haven't looked at other modes.

Well, I am not sure how specifying a 32-byte SecretKeySpec (instance of a SecretKey) with AES Cipher would trigger AES_128_GCM op? Shouldn't the keysize be detected when Cipher.init() is called and then invoking the right op? 
True that this default key size change would impact callers who do not specify key size but then made the assumption of key being 16-byte. Well, the key generator javadoc did warn about not setting a default, i.e. different providers may have different default key size and that the default key size may change later for the same provider. So, it's not like we have not warned about it...

-------------

PR: https://git.openjdk.java.net/jdk/pull/7652



More information about the security-dev mailing list