On Wed, 18 Dec 2024 19:50:26 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java >> line 1092: >> >>> 1090: m(CKM_HKDF_DERIVE, CKM_HKDF_DATA)); >>> 1091: d(KDF, "HKDF-SHA512", P11KDF, m(CKM_SHA512_HMAC), >>> 1092: m(CKM_HKDF_DERIVE, CKM_HKDF_DATA)); >> >> We only defined HKDF-SHA256 and later in the Java Security Standard Names >> doc. > > We included SHA1 because there could be a legacy use case to support and it's > part of the test vectors for RFC 5869 (HMAC-based Extract-and-Expand Key > Derivation Function (HKDF)). We don't recommend using it, and will probably > filter it out once we have the Filter integrated, but would you be okay with > keeping it? Do you have any data on how many legacy use cases use it? I think for new mechanisms we should be forward looking and refrain from adding support for weak or not recommended algorithms unless there is a very good reason. It is often harder to remove something than to add it. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1890863656
