Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for PBKDF2 algorithms #432

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add support for PBKDF2 algorithms #432

wants to merge 2 commits into from
+1,317 −16

Conversation

jasonkatonica
Copy link
Member

@jasonkatonica jasonkatonica commented Jan 22, 2025
edited
Loading

The following algorithms will be added to the OpenJCEPlusFIPS provider:

  • PBKDF2WithHmacSHA224
  • PBKDF2WithHmacSHA256
  • PBKDF2WithHmacSHA384
  • PBKDF2WithHmacSHA512

The following algorithms will be added to the OpenJCEPlus provider:

  • PBKDF2WithHmacSHA1
  • PBKDF2WithHmacSHA224
  • PBKDF2WithHmacSHA256
  • PBKDF2WithHmacSHA384
  • PBKDF2WithHmacSHA512

Updates required include:

  • Adding a new PBKDF2Core class based on OpenJDK.
  • Adding a new PBKDF2KeyImpl class based on OpenJDK yet modified to make use of the OCKC library to perform PBKDF2 key derivations.
  • New JNI code to call a new native method to derive a key using PBKDF2 from a given password, salt, iteration count, and desired key length.
  • Updates in makefiles to allow the new PBKDF.c file to be built into the JNI dll.
  • A new set of interoperability test was created to enforce that we get the same results from SunJCE, OpenJCEPlus, OpenJCEPlusFIPS for the KeyFactory methods generateSecret, translateKey, and getKeySpec.
  • A new test was introduce to drive various KAT and error paths.

Signed-off-by: Jason Katonica [email protected]

KostasTsiounis
KostasTsiounis requested changes Jan 24, 2025
View reviewed changes
src/main/java/com/ibm/crypto/plus/provider/PBKDF2KeyImpl.java Outdated Show resolved Hide resolved
src/main/java/com/ibm/crypto/plus/provider/PBKDF2KeyImpl.java Show resolved Hide resolved
src/main/java/com/ibm/crypto/plus/provider/PBKDF2KeyImpl.java Outdated Show resolved Hide resolved
src/main/native/PBKDF.c Outdated Show resolved Hide resolved
src/main/native/PBKDF.c Outdated Show resolved Hide resolved
src/test/java/ibm/jceplus/junit/base/BaseTestPBKDF2.java Outdated Show resolved Hide resolved
src/test/java/ibm/jceplus/junit/base/BaseTestPBKDF2.java Outdated Show resolved Hide resolved
KostasTsiounis
KostasTsiounis approved these changes Jan 28, 2025
View reviewed changes
Copy link
Member

@KostasTsiounis KostasTsiounis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jasonkatonica
Add support for PBKDF2 algorithms
7b14023 
The following algorithms will be added to the OpenJCEPlusFIPS provider:
- PBKDF2WithHmacSHA224
- PBKDF2WithHmacSHA256
- PBKDF2WithHmacSHA384
- PBKDF2WithHmacSHA512

The following algorithms will be added to the OpenJCEPlus provider:
- PBKDF2WithHmacSHA1
- PBKDF2WithHmacSHA224
- PBKDF2WithHmacSHA256
- PBKDF2WithHmacSHA384
- PBKDF2WithHmacSHA512

Updates required include:
- Adding a new PBKDF2Core class based on OpenJDK.
- Adding a new PBKDF2KeyImpl class based on OpenJDK yet modified to
make use of the OCKC library to perform PBKDF2 key derivations.
- New JNI code to call a new native method to derive a key using PBKDF2
from a given password, salt, iteration count, and desired key length.
- Updates in makefiles to allow the new PBKDF.c file to be built into
the JNI dll.
- A new set of interoperability test was created to enforce that we get the same
results from SunJCE, OpenJCEPlus, OpenJCEPlusFIPS for the KeyFactory
methods `generateSecret`, `translateKey`, and `getKeySpec`.
- A new test was introduce to drive various KAT and error paths.

Signed-off-by: Jason Katonica <[email protected]>
@jasonkatonica jasonkatonica force-pushed the katonica/feature600/PBKDF2 branch from 081d06d to 7b14023 Compare January 28, 2025 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johnpeck-us-ibm johnpeck-us-ibm johnpeck-us-ibm approved these changes

@KostasTsiounis KostasTsiounis KostasTsiounis approved these changes

@taoliult taoliult Awaiting requested review from taoliult

@JinhangZhang JinhangZhang Awaiting requested review from JinhangZhang

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jasonkatonica @KostasTsiounis @johnpeck-us-ibm