Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Martin Balao
On Mon, 5 Jun 2023 23:17:02 GMT, Valerie Peng wrote: >> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #4) >> >> Co-authored-by: Francisco Ferrari >

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Martin Balao
On Sat, 27 May 2023 06:24:36 GMT, Martin Balao wrote: >> We would like to propose an implementation for the [JDK-8301553: Support >> Password-Based Cryptography in >> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement >> requirement. >> >> In addition to pursuing the requirem

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Martin Balao
On Tue, 6 Jun 2023 00:24:21 GMT, Valerie Peng wrote: >> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #4) >> >> Co-authored-by: Francisco Ferrari >

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Martin Balao
On Mon, 5 Jun 2023 23:18:49 GMT, Valerie Peng wrote: >> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #4) >> >> Co-authored-by: Francisco Ferrari >

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Martin Balao
On Fri, 2 Jun 2023 01:14:15 GMT, Francisco Ferrari Bihurriet wrote: >> @valeriepeng: the rationale behind this decision is based on the only usage >> of `engineGetKeySize()`, which corresponds to a [`crypto.policy=limited` >> _Cryptographic Jurisdiction >> Policy_](https://github.com/openjdk/

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Martin Balao
On Thu, 1 Jun 2023 22:07:07 GMT, Francisco Ferrari Bihurriet wrote: >> src/java.base/share/classes/sun/security/util/PBEUtil.java line 182: >> >>> 180: // salt should be non-null per PBEParameterSpec >>> 181: iCountInit = check(pbeParams.getIterationCount

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Martin Balao
On Sat, 3 Jun 2023 00:00:04 GMT, Valerie Peng wrote: >> There are cases in which _salt_ and _iteration count_ come from the _key_ >> (`javax.crypto.interfaces.PBEKey`), so `PBES2Params.initialize()` shouldn't >> try to extract them from `params` (when it is `PBEParameterSpec`). To solve >> the

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Valerie Peng
On Sat, 27 May 2023 06:24:36 GMT, Martin Balao wrote: >> We would like to propose an implementation for the [JDK-8301553: Support >> Password-Based Cryptography in >> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement >> requirement. >> >> In addition to pursuing the requirem

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Valerie Peng
On Sat, 27 May 2023 06:24:36 GMT, Martin Balao wrote: >> We would like to propose an implementation for the [JDK-8301553: Support >> Password-Based Cryptography in >> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement >> requirement. >> >> In addition to pursuing the requirem

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Valerie Peng
On Sat, 27 May 2023 06:24:36 GMT, Martin Balao wrote: >> We would like to propose an implementation for the [JDK-8301553: Support >> Password-Based Cryptography in >> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement >> requirement. >> >> In addition to pursuing the requirem

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-05 Thread Valerie Peng
On Sat, 27 May 2023 06:24:36 GMT, Martin Balao wrote: >> We would like to propose an implementation for the [JDK-8301553: Support >> Password-Based Cryptography in >> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement >> requirement. >> >> In addition to pursuing the requirem

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-02 Thread Valerie Peng
On Thu, 1 Jun 2023 22:06:47 GMT, Francisco Ferrari Bihurriet wrote: >> @valeriepeng: I agree, `DEFAULT_ITERATIONS` should be used here and only >> here, so we consistently initialize any defaults in a single place. We'll >> update that. > > There are cases in which _salt_ and _iteration count_

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-02 Thread Valerie Peng
On Fri, 2 Jun 2023 00:33:21 GMT, Francisco Ferrari Bihurriet wrote: >> As someone who is familiar with the Cipher convention, it's clearer to apply >> the Cipher convention across the board, i.e. for Mac and SecretKeyFactory >> too. >> For example: For SecretKeyFactory.PBEWithHmacSHA1AndAES_1

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-01 Thread Francisco Ferrari Bihurriet
On Thu, 1 Jun 2023 23:47:46 GMT, Francisco Ferrari Bihurriet wrote: >> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PBECipher.java >> line 221: >> >>> 219: // for the underlying cipher is equal to the PBE service key >>> length. >>> 220: // Otherwise, initializ

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-01 Thread Francisco Ferrari Bihurriet
On Thu, 1 Jun 2023 21:04:32 GMT, Valerie Peng wrote: >> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #4) >> >> Co-authored-by: Francisco Ferrari >

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-01 Thread Francisco Ferrari Bihurriet
On Thu, 1 Jun 2023 21:04:32 GMT, Valerie Peng wrote: > For example: For SecretKeyFactory.PBEWithHmacSHA1AndAES_128, use > `CKM_PKCS5_PBKD2 (required CKM_SHA_1_HMAC)` instead of `CKM_PKCS5_PBKD2 and > CKM_SHA_1_HMAC`. Ah, ok, now I see. Unfortunately I don't yet have a JBS user, but I'll send t

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-01 Thread Francisco Ferrari Bihurriet
On Tue, 30 May 2023 23:42:24 GMT, Valerie Peng wrote: >> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #4) >> >> Co-authored-by: Francisco Ferrari

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-01 Thread Francisco Ferrari Bihurriet
On Thu, 1 Jun 2023 22:06:04 GMT, Francisco Ferrari Bihurriet wrote: >> src/java.base/share/classes/sun/security/util/PBEUtil.java line 105: >> >>> 103: "needed for decryption"); >>> 104: } >>> 105: } >> >> Isn't there also def

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-01 Thread Francisco Ferrari Bihurriet
On Tue, 30 May 2023 22:03:44 GMT, Valerie Peng wrote: >> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #4) >> >> Co-authored-by: Francisco Ferrari

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-06-01 Thread Valerie Peng
On Sat, 27 May 2023 06:24:36 GMT, Martin Balao wrote: >> We would like to propose an implementation for the [JDK-8301553: Support >> Password-Based Cryptography in >> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement >> requirement. >> >> In addition to pursuing the requirem

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-05-30 Thread Valerie Peng
On Sat, 27 May 2023 06:24:36 GMT, Martin Balao wrote: >> We would like to propose an implementation for the [JDK-8301553: Support >> Password-Based Cryptography in >> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement >> requirement. >> >> In addition to pursuing the requirem

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-05-30 Thread Valerie Peng
On Sat, 27 May 2023 06:24:36 GMT, Martin Balao wrote: >> We would like to propose an implementation for the [JDK-8301553: Support >> Password-Based Cryptography in >> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement >> requirement. >> >> In addition to pursuing the requirem

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-05-30 Thread Valerie Peng
On Sat, 27 May 2023 06:24:36 GMT, Martin Balao wrote: >> We would like to propose an implementation for the [JDK-8301553: Support >> Password-Based Cryptography in >> SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement >> requirement. >> >> In addition to pursuing the requirem

Re: RFR: 8301553: Support Password-Based Cryptography in SunPKCS11 [v6]

2023-05-26 Thread Martin Balao
> We would like to propose an implementation for the [JDK-8301553: Support > Password-Based Cryptography in > SunPKCS11](https://bugs.openjdk.org/browse/JDK-8301553) enhancement > requirement. > > In addition to pursuing the requirement goals and guidelines of > [JDK-8301553](https://bugs.open