On Mon, 21 Apr 2025 17:12:27 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Mon, 21 Apr 2025 17:12:27 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Fri, 18 Apr 2025 21:18:04 GMT, Valerie Peng wrote:
>> The separation can remove 1 conditional block, so only 1 extra line and the
>> flow looks cleaner in my opinion, e.g.
>> Suggestion:
>>
>> case (int) CKK_DES, (int) CKK_DES3 -> {
>> keyLength = P11KeyGe
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, different PKCS 11 libraries may throw different errors
>
On Fri, 18 Apr 2025 21:15:41 GMT, Valerie Peng wrote:
>> We would need to repeat code if we separate (invocation to
>> `P11KeyGenerator::checkKeySize`). Does not look complex enough in my opinion
>> to merit this split.
>
> The separation can remove 1 conditional block, so only 1 extra line and
On Fri, 18 Apr 2025 19:52:45 GMT, Martin Balao wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
>> line 605:
>>
>>> 603: }
>>> 604: }
>>> 605: }
>>
>> Hmm, how about separating out AES, RC4,
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, different PKCS 11 libraries may throw different errors
>
On Thu, 17 Apr 2025 23:52:56 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Inform key sizes in the exception when failing check.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11
On Thu, 17 Apr 2025 22:59:49 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Inform key sizes in the exception when failing check.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11
On Thu, 17 Apr 2025 20:52:52 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Inform key sizes in the exception when failing check.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11
On Thu, 17 Apr 2025 03:14:14 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Thu, 17 Apr 2025 03:14:14 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Thu, 17 Apr 2025 03:14:14 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Thu, 17 Apr 2025 03:14:14 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, different PKCS 11 libraries may throw different errors
>
On Thu, 17 Apr 2025 00:22:14 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Thu, 17 Apr 2025 00:47:00 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - TLS keys added to the map.
>> - Key type check refactoring (derivation).
>
> src/jdk.crypto.cryptoki/share/classes/s
On Thu, 17 Apr 2025 00:22:14 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, different PKCS 11 libraries may throw different errors
>
On Mon, 14 Apr 2025 19:01:45 GMT, Francisco Ferrari Bihurriet
wrote:
>> As far as I understand it, `HmacSHA256` is blocked, but not
>> `PBEWithHmacSHA224AndAES_256`.
>>
>> ### `HmacSHA256`
>>
>> * Has an `HMACKeyInfo` entry with the following non-static fields:
>> * `KeyInfo.algo` = `"Hma
On Tue, 15 Apr 2025 16:04:26 GMT, Francisco Ferrari Bihurriet
wrote:
>> BTW, I don't like the partial "Tls" string comparison much because it's
>> making an assumption about the algorithm name.
>
> A new `PCKK_TLSKEY` pseudo key type looks good to me. Alternatively, and just
> thinking out lou
On Tue, 15 Apr 2025 13:20:34 GMT, Martin Balao wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
>> line 240:
>>
>>> 238: putKeyInfo(new KeyInfo("TlsPremasterSecret",
>>> PCKK_TLSPREMASTER));
>>> 239: putKeyInfo(new KeyInfo("TlsRsaPrem
On Fri, 11 Apr 2025 23:46:49 GMT, Martin Balao wrote:
>>> What I have found with Tls* keys is that they are in the map but we need to
>>> translate their pseudo-mechanism to a valid one (`CKK_GENERIC_SECRET`). Is
>>> that enough for #24393?
>>
>> What I found is that there are more "TlsXXX" th
On Mon, 14 Apr 2025 18:53:12 GMT, Francisco Ferrari Bihurriet
wrote:
>> Martin Balao has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Algorithm and key size checking before derivation. Mechanism
>> normalization for TLS.
>> - Minor i
On Tue, 15 Apr 2025 13:23:06 GMT, Martin Balao wrote:
>> I like this idea but the downside I see is that we would need string
>> comparison in `P11KDF::getDerivedKeyType` to allow TLS keys. What if we
>> merge all `PCKK_TLSPREMASTER`, `PCKK_TLSRSAPREMASTER` and `PCKK_TLSMASTER`
>> into `PCKK_T
On Mon, 14 Apr 2025 17:44:53 GMT, Francisco Ferrari Bihurriet
wrote:
>> Martin Balao has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Algorithm and key size checking before derivation. Mechanism
>> normalization for TLS.
>> - Minor i
On Mon, 14 Apr 2025 19:01:00 GMT, Francisco Ferrari Bihurriet
wrote:
>> For the TlsXXX issue I check the pseudo-mechanism. That works if all
>> algorithms are known to the map. I'll check how many we have and see what
>> are the pros/cons of having them in the map. I prefer symmetric key
>> a
On Thu, 10 Apr 2025 23:54:03 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Fri, 11 Apr 2025 23:36:17 GMT, Martin Balao wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11HKDF.java line
>> 246:
>>
>>> 244: alg.equalsIgnoreCase("Generic")) {
>>> 245: return ki.keyType;
>>> 246: }
>>
>> W
On Fri, 11 Apr 2025 21:32:47 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Algorithm and key size checking before derivation. Mechanism
>> normalization for TLS.
>> - Minor import adjustment
On Fri, 11 Apr 2025 19:47:38 GMT, Valerie Peng wrote:
> > What I have found with Tls* keys is that they are in the map but we need to
> > translate their pseudo-mechanism to a valid one (`CKK_GENERIC_SECRET`). Is
> > that enough for #24393?
>
> What I found is that there are more "TlsXXX" than
On Fri, 11 Apr 2025 21:28:30 GMT, Valerie Peng wrote:
>> Martin Balao has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Algorithm and key size checking before derivation. Mechanism
>> normalization for TLS.
>> - Minor import adjustment
On Thu, 10 Apr 2025 23:54:03 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Thu, 10 Apr 2025 23:54:03 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Fri, 11 Apr 2025 00:00:39 GMT, Martin Balao wrote:
> What I have found with Tls* keys is that they are in the map but we need to
> translate their pseudo-mechanism to a valid one (`CKK_GENERIC_SECRET`). Is
> that enough for #24393?
What I found is that there are more "TlsXXX" than those def
On Thu, 10 Apr 2025 23:54:03 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Thu, 10 Apr 2025 23:54:03 GMT, Martin Balao wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Thu, 10 Apr 2025 03:27:19 GMT, Valerie Peng wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, different PKCS 11 libraries may throw different errors
>
On Wed, 9 Apr 2025 13:19:45 GMT, Martin Balao wrote:
> Perhaps we can do both: check beforehand and handle the error afterwards.
That sounds reasonable.
Whatever you decide, I think it would be good to make sure P11HKDF,
P11SecretKeyFactory and P11KeyGenerator perform the same checks during k
On Thu, 10 Apr 2025 03:08:32 GMT, Valerie Peng wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With that s
On Tue, 8 Apr 2025 20:02:56 GMT, Martin Balao wrote:
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, di
On Tue, 8 Apr 2025 20:02:56 GMT, Martin Balao wrote:
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, di
On Tue, 8 Apr 2025 20:02:56 GMT, Martin Balao wrote:
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, di
On Wed, 9 Apr 2025 11:03:52 GMT, Mikhail Yankelevich
wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With
On Wed, 9 Apr 2025 10:57:45 GMT, Mikhail Yankelevich
wrote:
>> Hi,
>>
>> I would like to request a review for the fix of JDK-8350661. In this fix, we
>> translate the native PKCS 11 error code into an
>> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
>> API. With
On Wed, 9 Apr 2025 06:45:14 GMT, Daniel Jeliński wrote:
> I think the usual way to handle this is by calling
> `P11KeyGenerator.checkKeySize`
We discussed calling `P11KeyGenerator::checkKeySize` with @franferrax but were
not sure of taking this approach. We found that for DES(3) cases some fix
On Tue, 8 Apr 2025 20:02:56 GMT, Martin Balao wrote:
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, di
On Tue, 8 Apr 2025 20:02:56 GMT, Martin Balao wrote:
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, di
On Tue, 8 Apr 2025 20:02:56 GMT, Martin Balao wrote:
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, di
On Tue, 8 Apr 2025 20:02:56 GMT, Martin Balao wrote:
> Hi,
>
> I would like to request a review for the fix of JDK-8350661. In this fix, we
> translate the native PKCS 11 error code into an
> `InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
> API. With that said, di
Hi,
I would like to request a review for the fix of JDK-8350661. In this fix, we
translate the native PKCS 11 error code into an
`InvalidAlgorithmParameterException`, as documented in the `KDF::deriveKey`
API. With that said, different PKCS 11 libraries may throw different errors and
may even
52 matches
Mail list logo