On Sat, 11 May 2024 02:06:09 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>
> Kevin Driver has updated the pu
On Fri, 10 May 2024 22:40:30 GMT, Weijun Wang wrote:
> One use case for this method is HPKE key export. Obviously, the exported key
> won't have algorithm name being "HPKE".
If `Cipher::init` is passed an AES SecretKey, wouldn't the `Cipher::export`
return an AES SecretKey? I don't see the ca
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Fri, 10 May 2024 14:00:55 GMT, Weijun Wang wrote:
>> Add `Cipher::export` API.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> change new method to non final
One use case for this method is HPKE key export. Obviously, th
On Fri, 10 May 2024 22:11:04 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>
> Kevin Driver has updated the pu
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with three additional
commits since
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Fri, 10 May 2024 14:54:18 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 70:
>>
>>> 68: */
>>> 69: public Extract extractOnly() {
>>> 70: if (this.ikms.isEmpty() && this.salts.isEmpty()) {
>>
>> I don't think
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Tue, 16 Apr 2024 22:30:57 GMT, Valerie Peng wrote:
>> What about testing?
>
> @mcpowers I am about to leave for vacation. Will wait for your review and
> resume on this PR after I return. Thanks!
Many thanks @valeriepeng for this feature.
Possible to backport on JDK 17 or 21 ?
-
On Thu, 9 May 2024 17:29:15 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/javax/crypto/KDFSpi.java line 107:
>>
>>> 105: * if the key derivation implementation cannot support
>>> additional calls to
>>> 106: * {@code deriveData } or if all {@code
>>> DerivationParame
On Thu, 9 May 2024 16:42:09 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains ten additional
>> commits si
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Thu, 9 May 2024 15:14:48 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> replace in-place SecretKeySpec alg for IKM/salt with "Generic"
>
> src/java.base/share/classes/javax/crypto/spec/HKDFPara
On Thu, 9 May 2024 15:01:24 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> a start on the preview wire on/off
>
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 47:
>
>
On Thu, 9 May 2024 14:43:55 GMT, Weijun Wang wrote:
> Two comments on HKDF:
>
> 1. Expand length cannot exceed 255 * HashLen. See
> https://datatracker.ietf.org/doc/html/rfc5869#section-2.3.
> 2. Why disallow empty ikms and salts? For the salt side, RFC5869 allows [no
> salt](https://datatrack
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Fri, 10 May 2024 14:00:55 GMT, Weijun Wang wrote:
>> Add `Cipher::export` API.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> change new method to non final
Why is the `algorithm` necessary for this new method? Couldn
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Thu, 9 May 2024 21:21:55 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> some code review comments
>
> src/java.base/share/classes/javax/crypto/KDF.java line 1:
>
>> 1: /*
>
> Delayed provider
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Thu, 9 May 2024 20:33:57 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> some code review comments
>
> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
> line 365:
>
On Wed, 8 May 2024 20:53:54 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 370:
>>
>>> 368: }
>>> 369: int rounds = (outLen + hmacLen - 1) / hmacLen;
>>> 370: kdfOutput = new byte[rounds * hmacLen];
>>
>> A
On Thu, 9 May 2024 12:31:24 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 54:
>>
>>> 52: * the algorithm specifier may be omitted if the KDF algorithm has a
>>> fixed or default PRF.
>>> 53: *
>>> 54: * TODO: finish this javadoc
>>
>> You should state th
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Thu, 9 May 2024 15:30:22 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> continued code review comments
>
> src/java.base/share/classes/javax/crypto/KDF.java line 58:
>
>> 56:
>> 57: public fi
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Wed, 8 May 2024 20:25:36 GMT, Sean Mullan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> code review comment
>
> src/java.base/share/classes/java/security/Provider.java line 1607:
>
>> 1605: addEngine(
On Thu, 9 May 2024 14:10:37 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> code review comment
>
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 36:
>
>> 34: * Parame
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Wed, 20 Mar 2024 02:44:19 GMT, Valerie Peng wrote:
> Existing legacy mechanism check disables mechanism(s) when the support is
> partial, e.g. supports decryption but not encryption, or supports
> verification but not signing. Some mechanisms can be used for both
> encryption/decryption and
On Thu, 9 May 2024 13:14:45 GMT, Sean Mullan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> additional delayed provider selection work
>
> src/java.base/share/classes/javax/crypto/KDF.java line 147:
>
>> 145:
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Thu, 9 May 2024 13:16:05 GMT, Sean Mullan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> code review comment
>
> src/java.base/share/classes/javax/crypto/KDF.java line 150:
>
>> 148: KDF instance = nul
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Thu, 9 May 2024 13:07:41 GMT, Sean Mullan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> code review comment
>
> src/java.base/share/classes/javax/crypto/KDF.java line 132:
>
>> 130:
>> 131: private Strin
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Fri, 10 May 2024 14:56:55 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>
> Kevin Driver has updated the pu
On Thu, 9 May 2024 15:11:39 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change algorithm standard name for HKDFs in SunJCE provider
>
> src/java.base/share/classes/javax/crypto/spec/HKDFParamet
On Fri, 10 May 2024 14:56:55 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>
> Kevin Driver has updated the pu
On Fri, 10 May 2024 00:15:32 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>
> Kevin Driver has updated the pu
On Thu, 9 May 2024 15:04:53 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change algorithm standard name for HKDFs in SunJCE provider
>
> src/java.base/share/classes/javax/crypto/spec/HKDFParamet
On Wed, 8 May 2024 20:29:01 GMT, Sean Mullan wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> change algorithm standard name for HKDFs in SunJCE provider
>
> src/java.base/share/classes/com/sun/crypto/provider/SunJC
On Fri, 10 May 2024 14:50:51 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java line 463:
>>
>>> 461: * Key Derivation engines
>>> 462: */
>>> 463: ps("KDF", "HKDF/HmacSHA256",
>>
>> In the JEP, the example uses "HkdfSHA256". Th
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
On Thu, 9 May 2024 20:20:00 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 53:
>>
>>> 51: * and Expand-only variants.
>>> 52: */
>>> 53: abstract class HkdfKeyDerivation extends KDFSpi {
>>
>> How about just name it `HKDF`?
>
> M
On Fri, 10 May 2024 12:12:06 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java line 467:
>>
>>> 465: ps("KDF", "HkdfSHA384",
>>> 466:
>>> "com.sun.crypto.provider.HkdfKeyDerivation$HkdfSHA384");
>>> 467: ps("KDF", "HkdfSHA
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic
> algorithms for deriving additional keys from a secret key and other data. See
> [JEP 478](https://openjdk.org/jeps/478).
Kevin Driver has updated the pull request incrementally with one additional
commit since the
> Add `Cipher::export` API.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
change new method to non final
-
Changes:
- all: https://git.openjdk.org/jdk/pull/18409/files
- new: https://git.openjdk.org/jdk/pull/18409/f
On Fri, 10 May 2024 13:08:00 GMT, Alan Bateman wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> rename
>
> src/java.base/share/classes/javax/crypto/Cipher.java line 2625:
>
>> 2623: * @since 23
>> 2624: */
On Fri, 10 May 2024 13:07:30 GMT, Weijun Wang wrote:
>> Add `Cipher::export` API.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> rename
src/java.base/share/classes/javax/crypto/Cipher.java line 2625:
> 2623: * @since
> Add `Cipher::export` API.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
rename
-
Changes:
- all: https://git.openjdk.org/jdk/pull/18409/files
- new: https://git.openjdk.org/jdk/pull/18409/files/8834f04e..b8658a76
On Wed, 20 Mar 2024 20:37:46 GMT, Weijun Wang wrote:
> Add `Cipher::export` API.
src/java.base/share/classes/javax/crypto/Cipher.java line 2625:
> 2623: * @since 23
> 2624: */
> 2625: public final SecretKey export(byte[] context, String algorithm, int
> length) {
Change name to
On Fri, 10 May 2024 12:58:06 GMT, Sean Mullan wrote:
>> Add `Cipher::export` API.
>
> src/java.base/share/classes/javax/crypto/Cipher.java line 2625:
>
>> 2623: * @since 23
>> 2624: */
>> 2625: public final SecretKey export(byte[] context, String algorithm,
>> int length) {
>
> C
Add `Cipher::export` API.
-
Commit messages:
- Merge branch 'master' into 8325513
- make test work
- Add test
- Wording
- Wording
- relax requirement
- wording
- the fix
Changes: https://git.openjdk.org/jdk/pull/18409/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=1
On Thu, 9 May 2024 20:18:10 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 115:
>>
>>> 113: * {@code getInstance} calls that created this {@code
>>> KeyDerivation} object.
>>> 114: *
>>> 115: * @return the algorithm name of this {@code KeyDeriv
On Fri, 10 May 2024 02:27:31 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> adding in delayed provider selection
>
> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java line 467:
>
>>
On Fri, 10 May 2024 08:04:26 GMT, Prajwal Kumaraswamy
wrote:
>> This fix intends to eliminate additional library call to C_EncryptInit or
>> C_DecryptInit for Ciphers running through the CKM_AES_GCM.
>>
>> Background:
>>
>> There are two types of CK_GCM_PARAMS struct that are used, one with
On Thu, 9 May 2024 20:59:25 GMT, Valerie Peng wrote:
> Please make sure the testing covers old and new NSS versions just to be safe.
> Thanks!
Done, I have attached test results of old and new NSS, However I have also
tested few other NSS between 3.46 and the latest one
[nsstest.zip](https://g
On Thu, 9 May 2024 19:40:31 GMT, Valerie Peng wrote:
>> Prajwal Kumaraswamy has updated the pull request with a new target base due
>> to a merge or a rebase. The incremental webrev excludes the unrelated
>> changes brought in by the merge/rebase. The pull request contains three
>> additional
On Mon, 25 Mar 2024 10:02:18 GMT, Daniel Jeliński wrote:
>> Prajwal Kumaraswamy has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> use getversion instead to get spec version
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11A
> This fix intends to eliminate additional library call to C_EncryptInit or
> C_DecryptInit for Ciphers running through the CKM_AES_GCM.
>
> Background:
>
> There are two types of CK_GCM_PARAMS struct that are used, one with IV bits
> and the other without it.
>
> Initially there was issue in
> This fix intends to eliminate additional library call to C_EncryptInit or
> C_DecryptInit for Ciphers running through the CKM_AES_GCM.
>
> Background:
>
> There are two types of CK_GCM_PARAMS struct that are used, one with IV bits
> and the other without it.
>
> Initially there was issue in
69 matches
Mail list logo
