Re: RFR: 8343232: PKCS#12 KeyStore support for RFC 9579: Use of Password-Based Message Authentication Code 1 (PBMAC1) [v3]

Fri, 19 Sep 2025 02:23:23 -0700 

On Tue, 16 Sep 2025 23:03:00 GMT, Mark Powers <[email protected]> wrote:

>> [JDK-8343232](https://bugs.openjdk.org/browse/JDK-8343232)
>
> Mark Powers has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   a few more comments

Some comments on `PKC12KeyStore`.

src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 180:

> 178:     private int macSaltLength = -1;
> 179:     private byte[] extraSalt = null;
> 180:     private int extraIterationCount = -1;

I don't think it's necessary to break the user-provided mac algorithm like 
"PBEWithHmacSHA256" into `macAlgorithm == "PBMAC1"` and `pbmac1Hmac == 
"HmacSHA256"`. Keep a single one no matter what kind of mac algorithm it is.

src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1490:

> 1488: 
> 1489:         if (macAlgorithm.equals("PBMAC1") ||
> 1490:                 defaultMacAlgorithm().startsWith("PBEWith")) {

`calculateMac` is called when keystore is read from an existing file and 
`defaultMacAlgorithm` should not be used. Otherwise, algorithm will be 
modified. Try these:

keytool -keystore ks -keyalg ec -storepass changeit -genkeypair -alias a -dname 
CN=a -J-Dkeystore.pkcs12.macAlgorithm=PBEWithHmacSHA512
keytool -keystore ks -keyalg ec -storepass changeit -genkeypair -alias b -dname 
CN=b -J-Dkeystore.pkcs12.macAlgorithm=PBEWithHmacSHA256

src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1495:

> 1493:             } else if 
> (defaultMacAlgorithm().equals("PBEWithHmacSHA256")) {
> 1494:                 kdfHmac = "HmacSHA256";
> 1495:             } else {

Why don't we support `PBEWithHmacSHA384` etc?

src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 1509:

> 1507: 
> 1508:         var skf = 
> SecretKeyFactory.getInstance(kdfHmac.equals("HmacSHA512") ?
> 1509:                 "PBKDF2WithHmacSHA512" : "PBKDF2WithHmacSHA256");

Why is PBKDF2 used for non-PBMAC1 algorithms as well?

-------------

PR Review: https://git.openjdk.org/jdk/pull/24429#pullrequestreview-3234719221
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2355693464
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2355758215
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2355761701
PR Review Comment: https://git.openjdk.org/jdk/pull/24429#discussion_r2355763431

Reply via email to