On Thu, 19 Dec 2024 17:43:20 GMT, Francisco Ferrari Bihurriet
wrote:
>> BTW, what else can this key be used? I tried in HmacSHA256 and there is a
>> CKR_KEY_TYPE_INCONSISTENT error.
>
> Hi @wangweij,
>
> What test have you executed? I'm able to use "Generic" keys for HmacSHA256,
> in a local
On Fri, 20 Dec 2024 01:54:29 GMT, Weijun Wang wrote:
> OK. I have a minor concern: this factory seems primarily useful for HSMs, and
> it’s unlikely that software-based providers would support it. Users should be
> mindful of its intended use. I noticed the CSR already references its
> connect
On Thu, 19 Dec 2024 19:41:23 GMT, Martin Balao wrote:
>> We would like to propose an implementation of the HKDF algorithms for
>> SunPKCS11, aligned with the KDF API proposed for JDK 24 (see [JEP 478: Key
>> Derivation Function API
>> (Preview)](https://bugs.openjdk.org/browse/JDK-8189808)).
>
On Fri, 20 Dec 2024 00:58:31 GMT, Weijun Wang wrote:
> > there will be part of the functionality difficult or impossible to use and
> > untested.
>
> Show me a case that is impossible with this factory. IIUC, the only usage of
> this factory is to convert a `SecretKeySpec` to a P11 key. Why ne
On Thu, 19 Dec 2024 22:07:39 GMT, Martin Balao wrote:
> there will be part of the functionality difficult or impossible to use and
> untested.
Show me a case that is impossible with this factory. IIUC, the only usage of
this factory is to convert a `SecretKeySpec` to a P11 key. Why need this s
On Mon, 16 Dec 2024 23:15:11 GMT, Justin Lu wrote:
> Hi all,
>
> This pull request contains a backport of commit
> [fd0207d5](https://github.com/openjdk/jdk/commit/fd0207d59309ae1af9539580f5bfcbc7627789cb)
> from the [openjdk/jdk](https://git.openjdk.org/jdk) repository.
>
> The commit being
On Thu, 19 Dec 2024 19:41:23 GMT, Martin Balao wrote:
>> We would like to propose an implementation of the HKDF algorithms for
>> SunPKCS11, aligned with the KDF API proposed for JDK 24 (see [JEP 478: Key
>> Derivation Function API
>> (Preview)](https://bugs.openjdk.org/browse/JDK-8189808)).
>
SunJSSE has many of the IANA TLS handshake message types defined, but some are
reserved and could be added for debugging output.
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Testing coverage: JDK compilation only.
-
Commit messages:
- Updated copyright
-
On Thu, 19 Dec 2024 21:11:24 GMT, Sean Mullan wrote:
> ...we make the HKDF PR depend on that
Does it really depend on the new factory? I think `P11KDF` is able to deal with
`SecretKeySpec`. My understanding is that the factory is only used by the test.
-
PR Comment: https://git.o
On Thu, 19 Dec 2024 17:43:20 GMT, Francisco Ferrari Bihurriet
wrote:
>> BTW, what else can this key be used? I tried in HmacSHA256 and there is a
>> CKR_KEY_TYPE_INCONSISTENT error.
>
> Hi @wangweij,
>
> What test have you executed? I'm able to use "Generic" keys for HmacSHA256,
> in a local
On Thu, 19 Dec 2024 21:00:54 GMT, Martin Balao wrote:
> Are you okay if we create a separated PR to have _Generic_ first and we make
> the HKDF PR depend on that? We are not planning to backport HKDF but any
> backport can remove the affected part in the test and avoid an SE change as
> depend
On Thu, 19 Dec 2024 20:50:18 GMT, Sean Mullan wrote:
> > Added a _Specification_ change to the CSR so the _Generic_ name is added to
> > the Standard Names document.
>
> I think this should be done as a separate issue. By adding this to the CSR,
> this Enhancement means it is now of SE scope.
On Thu, 19 Dec 2024 20:33:20 GMT, Martin Balao wrote:
> Added a _Specification_ change to the CSR so the _Generic_ name is added to
> the Standard Names document.
I think this should be done as a separate issue. By adding this to the CSR,
this Enhancement means it is now of SE scope. I would r
On Tue, 17 Dec 2024 17:57:02 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
Hmm... looking at the PKCS11 soft token nss code (from
hg.mozilla.org/projects/nss) - ANY failure to unwrap a private key gets
returned as a CKR_INCOMPLETE_TEMPLATE.
The NSS code for sftk_unwrapPrivateKey is weird. It starts out with a
CKR_ code in a number of places, and if that code is not
On Thu, 19 Dec 2024 19:41:23 GMT, Martin Balao wrote:
>> We would like to propose an implementation of the HKDF algorithms for
>> SunPKCS11, aligned with the KDF API proposed for JDK 24 (see [JEP 478: Key
>> Derivation Function API
>> (Preview)](https://bugs.openjdk.org/browse/JDK-8189808)).
>
On Thu, 19 Dec 2024 13:58:57 GMT, Weijun Wang wrote:
> > However, we decided not to make `CKM_CONCATENATE_DATA_AND_BASE` a
> > requirement for HKDF services in SunPKCS11.
>
> This sounds perfectly reasonable at token init time. Most HKDF cases do not
> need multiple IKM or salt segments.
>
>
> We would like to propose an implementation of the HKDF algorithms for
> SunPKCS11, aligned with the KDF API proposed for JDK 24 (see [JEP 478: Key
> Derivation Function API
> (Preview)](https://bugs.openjdk.org/browse/JDK-8189808)).
>
> This implementation will be under the _Preview_ umbrella
I ran into a few problems related to a similar approach in my own code.
Basically, PKCS12 requires some sort of OID/Algorithm identifier to map
to/from the algorithm name. Anything that you allow for here ideally
needs to be supported by KeyStore there. It doesn't help that PKCS11 has
CKK_G
On Thu, 19 Dec 2024 14:14:43 GMT, Weijun Wang wrote:
>> Yes, sure. I added a comment to the _Solution_ section of the CSR and the
>> name to the table in _Specification_.
>
> BTW, what else can this key be used? I tried in HmacSHA256 and there is a
> CKR_KEY_TYPE_INCONSISTENT error.
Hi @wangwe
On Tue, 17 Dec 2024 17:57:02 GMT, Martin Balao wrote:
>> In addition to the goals, scope, motivation, specification and requirement
>> notes in [JDK-8315487](https://bugs.openjdk.org/browse/JDK-8315487), we
>> would like to describe the most relevant decisions taken during the
>> implementatio
On Thu, 19 Dec 2024 00:45:32 GMT, Martin Balao wrote:
>> Do you think we can add it to the Java Security Standard Names document?
>
> Yes, sure. I added a comment to the _Solution_ section of the CSR and the
> name to the table in _Specification_.
BTW, what else can this key be used? I tried in
On Thu, 19 Dec 2024 03:52:31 GMT, Martin Balao wrote:
> However, we decided not to make `CKM_CONCATENATE_DATA_AND_BASE` a requirement
> for HKDF services in SunPKCS11.
This sounds perfectly reasonable at token init time. Most HKDF cases do not
need multiple IKM or salt segments.
What I asked
On Fri, 6 Dec 2024 01:23:31 GMT, Matthew Donovan wrote:
> I was unable to reproduce the error but I suspect the error is caused by the
> server-side closing the socket as soon as the write operation is done. I
> added a read() call on the server to ensure the client initiates connection
> clos
On Thu, 19 Dec 2024 12:41:33 GMT, Matthew Donovan wrote:
>> I was unable to reproduce the error but I suspect the error is caused by the
>> server-side closing the socket as soon as the write operation is done. I
>> added a read() call on the server to ensure the client initiates connection
>>
> I was unable to reproduce the error but I suspect the error is caused by the
> server-side closing the socket as soon as the write operation is done. I
> added a read() call on the server to ensure the client initiates connection
> close
Matthew Donovan has updated the pull request incrementa
26 matches
Mail list logo
