RFR: 8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and PBES2 impls in SunJCE provider [v5]
Bernd
duke at openjdk.org
Sat Jan 28 07:44:25 UTC 2023
On Wed, 25 Jan 2023 22:33:59 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> This RFE enhances existing PBE algorithms with the "SHA512/224" and "SHA512/256" support.
>> Current transformation parsing in javax.crypto.Cipher class is re-written to handle the additional "/" in the "SHA512/224" and "SHA512/256" algorithm names. Existing tests are updated with the additional new algorithms.
>
> Valerie Peng has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:
>
> - Merge branch 'master' of https://github.com/openjdk/jdk into JDK-8288050
> so bot can find the CSR for JDK21 and mark the PR complete.
> - address review feedbacks
> - handle the "SHA512/2" lookup of the cipher transformation in a case-insensitive way.
> - remove extra whitespace
> - remove trailing whitespace
> - 8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and PBES2 impls in SunJCE provider
Another question, the cipher/keyfactlry PBEWithHmacSHA512/224AndAES_256 algorithm looks a bit strange, that would require two rounds of the iterations - I mean it might not be much work to implement it anyway, but I wonder if it is a good combination?
On the other hand PBEWithHmacSHA512/224AndAES_192 might be a good combo. (Or generally the AES192 variants are missing?)
-------------
PR: https://git.openjdk.org/jdk/pull/11339
More information about the security-dev
mailing list