> We would like to propose an implementation of the HKDF algorithms for
> SunPKCS11, aligned with the KDF API proposed for JDK 24 (see [JEP 478: Key
> Derivation Function API
> (Preview)](https://bugs.openjdk.org/browse/JDK-8189808)).
>
> This implementation will be under the _Preview_ umbrella until the KDF API
> becomes stable in a future JDK release. The benefit of this early proposal is
> to gather more feedback about the KDF API for future improvements.
>
> The `P11KDF` class has the core implementation and Java calls to the PKCS 11
> API. Different native mechanism were used to merge key material:
> CKM_CONCATENATE_BASE_AND_DATA (key and data), CKM_CONCATENATE_BASE_AND_KEY
> (key and key) and CKM_CONCATENATE_DATA_AND_BASE (data and key). The
> implementation also supports merging data with data, at the Java level. List
> of HKDF algorithms supported: HKDF-SHA256, HKDF-SHA384, and, HKDF-SHA512.
>
> Derivation modes supported: extract, expand, and, extract-expand.
>
> We further advanced the consolidation of algorithm and key info in the
> P11SecretKeyFactory map —this effort started with the PBE support enhancement
> and has helped to avoid duplication—. The map has now information about HMAC
> (`HMACKeyInfo` class) and HKDF (`HKDFKeyInfo` class) algorithms. P11Mac is
> now aligned to take the information from the map.
>
> Generic keys now supported in SecretKeyFactory. Derived keys could be Generic.
>
> Testing
>
> *
> [TestHKDF.java](https://github.com/openjdk/jdk/blob/e87ec99b90ff742f531a5031fdeeb9f2e039856d/test/jdk/sun/security/pkcs11/KDF/TestHKDF.java)
> test added
> * All non-SHA1 & non-SHA224 RFC 5869 test vectors checked
> * Cross-checking against SunJCE's HKDF implementation for every algorithm
> possible
> * Static assertion data for resilience if SunJCE were not available
> * Use of derived key for encryption check
> * Concatenation of input key material and salt checked (multiple
> combinations)
> * Multiple derivation types checked (extract only, expand only, and,
> extract-expand)
> * Derive key and derive data checked
> * All supported HKDF algorithms tested (HKDF-SHA256, HKDF-SHA384, and,
> HKDF-SHA512)
> * DH and ECDH key derivation for TLS checked
> * Informative output for debugging purposes (shown automatically if there
> is a test failure)
> * Note: test failures do not prevent all tests for running
> * Test integrated to the SunPKCS11 tests framework
>
> * No regressions observed in jdk/sun/security/pkcs11 (114 tests passed, 0
> failed)
>
> A CSR will be proposed.
>
> This proposal is...
Martin Balao has updated the pull request with a new target base due to a merge
or a rebase. The incremental webrev excludes the unrelated changes brought in
by the merge/rebase. The pull request contains 14 additional commits since the
last revision:
- Merge openjdk/master into JDK-8328119
Fix trivial copyright conflict in:
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
- Align behaviour with the CSR
Make a PKCS #11 library supporting only CKM_HKDF_DERIVE or CKM_HKDF_DATA
to also register the HKDF algorithms. Notice that the corresponding HMAC
mechanism is still required. In case only one of the mechanisms is
available, KDF::deriveKey or KDF::deriveData will fail at run time.
If the user disables one of CKM_HKDF_DERIVE or CKM_HKDF_DATA through
sun.security.pkcs11.Config, also refrain from using it.
Co-authored-by: Martin Balao Alonso <[email protected]>
Co-authored-by: Francisco Ferrari Bihurriet <[email protected]>
- Add test case with empty inputs
Co-authored-by: Martin Balao Alonso <[email protected]>
Co-authored-by: Francisco Ferrari Bihurriet <[email protected]>
- Improve TestContext note about expectedOpOut
Co-authored-by: Martin Balao Alonso <[email protected]>
Co-authored-by: Francisco Ferrari Bihurriet <[email protected]>
- Renaming of P11KDF fix.
Co-authored-by: Martin Balao Alonso <[email protected]>
Co-authored-by: Francisco Ferrari Bihurriet <[email protected]>
- Minor changes based on review. Copyright date adjustments.
Co-authored-by: Martin Balao Alonso <[email protected]>
Co-authored-by: Francisco Ferrari Bihurriet <[email protected]>
- Check disabled PKCS #11 mechanisms when concatenating keys and data.
Co-authored-by: Martin Balao Alonso <[email protected]>
Co-authored-by: Francisco Ferrari Bihurriet <[email protected]>
- Support for HKDF-SHA1 and HKDF-SHA224 removed.
Co-authored-by: Martin Balao Alonso <[email protected]>
Co-authored-by: Francisco Ferrari Bihurriet <[email protected]>
- Unused import removed.
Co-authored-by: Martin Balao Alonso <[email protected]>
Co-authored-by: Francisco Ferrari Bihurriet <[email protected]>
- Fix NPE in assertion.
Co-authored-by: Martin Balao Alonso <[email protected]>
Co-authored-by: Francisco Ferrari Bihurriet <[email protected]>
- ... and 4 more: https://git.openjdk.org/jdk/compare/2c72ae7c...d018b4a9
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/22215/files
- new: https://git.openjdk.org/jdk/pull/22215/files/87f4820a..d018b4a9
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=22215&range=13
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=22215&range=12-13
Stats: 361985 lines in 8749 files changed: 205004 ins; 120500 del; 36481 mod
Patch: https://git.openjdk.org/jdk/pull/22215.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/22215/head:pull/22215
PR: https://git.openjdk.org/jdk/pull/22215
