RFR: 8343232: PKCS#12 KeyStore support for RFC 9579: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v3]
Mark Powers
mpowers at openjdk.org
Thu Sep 18 17:16:26 UTC 2025
On Fri, 5 Sep 2025 13:02:24 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Mark Powers has updated the pull request incrementally with one additional commit since the last revision:
>>
>> a few more comments
>
> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1518:
>
>> 1516: macData = new MacData(algName, macResult, params,
>> 1517: defaultMacAlgorithm().replace("PBE", ""),
>> 1518: extraSalt, extraIterationCount);
>
> I'm not sure why you need the additional parameters (`params`, `extraSalt`, `extraIterationCount`). I think you can use the existing constructor and inside `MacData`, detect if PBMAC1 is being used by checking the algorithm name, and then encode the salt and iteration count in the PBMAC1 algorithm parameters as per RFC 7292/9579.
I took your suggestion about detecting PBMAC1 via the algorithm name. Thanks. It works.
The `extra*` parameters are necessary because RFC 9579 says they have to be present.
| c. If the PBMAC1 algorithm is used, the macSalt value MUST be
| ignored. For backwards compatibility, it SHOULD NOT be empty.
|
| d. If the PBMAC1 algorithm is used, the iterations value MUST be
| ignored. For backwards compatibility, it SHOULD have a non-
| zero positive value.
Basically a PBMAC1 protected keystore contains an unused old style MAC at the end. If upgrading an old keystore to a PBMAC1 protected keystore, then it seems better to use values from the old MAC rather than make them up.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2360372932
More information about the security-dev
mailing list