True, using HSM is one scenario that would require the key material be
directly from the underlying PKCS11 library. I've filed a RFE about this
and marked it P3.
https://bugs.openjdk.java.net/browse/JDK-8255407
Thanks for the input.
Valerie
On 10/23/2020 6:39 PM, Bernd Eckenfels wrote:
Hello,
I would agree with this request, my usecase would be to use a HSM,
where I typically don’t want to import keys but generate them safely
on the HSM so not even admins have access to the key material ever
(besides maybe having a key handle to wrap it). Isn’t that what the
KeyGen interface is all about?
Such cases are not tha easy to model with the current abstract PKCS11
Support it seems.
Gruss
Bernd
--
http://bernd.eckenfels.net
------------------------------------------------------------------------
*Von:* security-dev <security-dev-r...@openjdk.java.net> im Auftrag
von Valerie Peng <valerie.p...@oracle.com>
*Gesendet:* Saturday, October 24, 2020 3:18:56 AM
*An:* security-dev@openjdk.java.net <security-dev@openjdk.java.net>
*Betreff:* Re: Please add HMAC keygen to SunPKCS11
Hi, Justin,
Most callers just wrap the HMAC key bytes into a java SecretKey
object, e.g. new SecretKeySpec(keyBytes, "HmacSHA256"), pass that into
the HMAC impl from SunPKCS11 provider which will then convert it into
a CKK_GENERIC_SECRET key and passing that to underlying PKCS11 library.
Maybe for some very specific cases, support CKM_GENERIC_SECRET_KEY_GEN
is necessary and I can look into that. For determining the priority on
this, would the java SecretKey object address your need? Or is there
other reason requiring 3rd party utility?
Thanks,
Valerie
On 10/21/2020 8:44 PM, Justin Cranford wrote:
Compare SunPKCS11 support for AES vs HMAC
* AES => keygen is supported, and AES key can be used for encrypt
and decrypt.
* HMAC => keygen is not supported, but HMAC key can be used for MAC.
This does not make sense. A third-party utility is required for HMAC
keygen, but not for AES keygen.
Use case:
* PKCS#11 driver is v2.20.
* This means AES-256-GCM is not available for confidentiality and
integrity, because GCM supported was only added in PKCS#11 v2.40.
* Fallback to AES-256-CBC and HmacSha256 is required for
confidentiality and integrity, respectively.
* Java can trigger AES keygen, but not HMAC keygen. A third-party
utility is required to trigger HMAC keygen before running Java.
Would it be possible to add the missing GENERIC-SECRET-KEY-GEN
mechanism to SunPKCS11? Notice how that mechanism is missing from the
documented SunPKCS11 algorithms and mechanisms. It is the same in
Java 8 all the way up to 15.
*
https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ALG
<https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ALG>
To reproduce and demonstrate the missing HMAC keygen issue, here is a
small Java Maven project.
* https://github.com/justincranford/pkcs11
<https://github.com/justincranford/pkcs11>
The readme shows the commands to initialize the SoftHSM2 token, and
use a third-party OpenSC utility to trigger HMAC keygen. It also
shows how to set the required SoftHSM2 env variable and run the Maven
build.
The Maven build will execute the ITPkcs11.java integration test
class. The tests demonstrate:
* Successful SunPKCS11 login to SoftHSM2 and list any existing keys
* Successful AES keygen, encrypt, decrypt
* Successful HMAC mac
* Failed HMAC keygen (because SunPKCS11 does not support
GENERIC-SECRET-KEY-GEN mechanism yet)
Thank you,
Justin Cranford
