RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v5]

Weijun Wang weijun at openjdk.java.net
Mon Mar 14 21:30:46 UTC 2022


On Mon, 14 Mar 2022 20:08:31 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> It's been several years since we increased the default key sizes. Before shifting to PQC, NSA replaced its Suite B cryptography recommendations with the Commercial National Security Algorithm Suite which suggests:
>> 
>> - SHA-384 for secure hashing
>> - AES-256 for symmetric encryption
>> - RSA with 3072 bit keys for digital signatures and for key exchange
>> - Diffie Hellman (DH) with 3072 bit keys for key exchange
>> - Elliptic curve [P-384] for key exchange (ECDH) and for digital signatures (ECDSA)
>> 
>> So, this proposed changes made the suggested key size and algorithm changes. The changes are mostly in keytool, jarsigner and their regression tests, so @wangweij Could you please take a look?
>> 
>> Thanks!
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update again and undo DSA changes

Some small comments. Otherwise looks fine.

src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java line 121:

> 119:                     v = max;
> 120:                 }
> 121:             } catch (NullPointerException | NoSuchAlgorithmException ne) {

There is no need to mention NPE.

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java line 101:

> 99:         // set default key sizes and apply our own algorithm-specific limits
> 100:         // override lower limit to disallow unsecure keys being generated
> 101:         // override upper limit to deter DOS attack

No a P11 expert, but I assume `algorithm` here is already guaranteed to be in uppercase?

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java line 122:

> 120:             default -> {
> 121:                 throw new ProviderException
> 122:                         ("Unrecognized algorithm for checking key size");

If it's an unknown key algorithm, is it possible we just ignore it and keep using `minKeyLen` and `maxKeyLen`?

-------------

PR: https://git.openjdk.java.net/jdk/pull/7652



More information about the security-dev mailing list