On Wed, 7 May 2025 05:47:30 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE >> respectively. >> >> CSR is underway. >> >> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK >> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net >> jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto) > > Bradford Wetmore has updated the pull request incrementally with one > additional commit since the last revision: > > Updated to use the upcoming KDF (still in preview) + bits of JDK-8353578 > for compilation) src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1694: > 1692: > 1693: // ...now the final expand. > 1694: SecretKey key = hkdf.deriveKey(label, PKCS #11 is picky about key algorithm names and I'm not sure if `label` is always accepted. The KDF API has the algorithm in the method arguments so it's left to user to specify one. I'm not sure how the export keying material will be used. If it is used in encryption, the algorithm may need to be something like "AES". ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2078033799
