RFR: 8343232: PKCS#12 KeyStore support for RFC 9879: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v3]
Weijun Wang
weijun at openjdk.org
Fri Sep 19 18:08:54 UTC 2025
On Fri, 19 Sep 2025 02:22:55 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> How necessary is it to remember `macSaltLength`? Before this change, we always generate a new salt of 20 bytes without looking at the old one. Also, what about `extraSalt`, and `extraIterationCount`? Since they are useless for PBMAC1, why cannot we just always hardcode them in the encoding?
>
> Imagine reading a PBMAC1 protected keystore with a 32 byte salt. Now it's time to write it out. You have to remember the salt length of whatever PBMAC1 you just read in order to generate a new salt of the same length. It doesn't seem right to always generate 20 bytes of salt.
>
> We could hardcode the extras, but it seems better to me to return the original values if you're upgrading an old MAC protected keystore to a PBMAC1 protected keystore. It's is a nice touch but the code complexity might not be worth it.
You do have a point here, but we have always been rewriting salt with a possible different length. We can discuss this in another issue, but the change is not necessary here, especially it also affects other old Mac algorithms.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2363976542
More information about the security-dev
mailing list