Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8297538

Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and PBES2 impls in SunJCE provider

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 21
    • security-libs
    • None
    • behavioral
    • minimal
    • Very low, adds new algorithms
    • Other
    • Implementation

      Summary

      Enhance the SunJCE provider with additional PBE algorithms using the SHA-512/224 and SHA-512/256 message digests as specified in RFC 8018 PKCS#5 v2.1.

      Problem

      SunJCE provider already supports most of the PBE algorithms specified in RFC 8018 except for those using SHA-512/224 and SHA-512/256 message digests.

      Solution

      Add the support of SHA-512/224 and SHA-512/256 message digests to the PBE algorithm impls of SunJCE provider.

      Specification

      Update the table 4-15 "The SunJCE Provider Algorithm Names for Engine Classes" of the SunJCE provider documentation with the new algorithms: (JDK19 version at https://docs.oracle.com/en/java/javase/19/security/oracle-providers.html#GUID-A47B1249-593C-4C38-A0D0-68FA7681E0A7 )

      1. AlgorithmParameters: PBEWithHmacSHA512/224AndAES_128, PBEWithHmacSHA512/256AndAES_128,
        PBEWithHmacSHA512/224AndAES_256, PBEWithHmacSHA512/256AndAES_256
      2. Cipher: PBEWithHmacSHA512/224AndAES_128, PBEWithHmacSHA512/256AndAES_128, PBEWithHmacSHA512/224AndAES_256, PBEWithHmacSHA512/256AndAES_256
      3. Mac: PBEWithHmacSHA512/224 PBEWithHmacSHA512/256
      4. SecretKeyFactory: PBEWithHmacSHA512/224AndAES_128, PBEWithHmacSHA512/256AndAES_128, PBEWithHmacSHA512/224AndAES_256, PBEWithHmacSHA512/256AndAES_256, PBKDF2WithHmacSHA512/224, PBKDF2WithHmacSHA512/256

            valeriep Valerie Peng
            valeriep Valerie Peng
            Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: