RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v2]
Martin Balao
mbalao at openjdk.org
Wed Dec 11 21:14:37 UTC 2024
On Fri, 6 Dec 2024 18:40:04 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> I set CKA_EXTRACTABLE = false and generate an AES key and its `getEncoded` is null. Then I use it as an IKM for HKDF and the `deriveKey` output is still unextractable. So far so good, but if I call `deriveData` on the same input spec, a byte array is returned. Doesn't this mean the derive output is actually extractable? Is this intended?
>
> Update: I read https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/csd01/pkcs11-spec-v3.1-csd01.html#_Toc98177685 and https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.1/os/pkcs11-profiles-v3.1-os.html#_Toc142307348 and it shows that some `pInfo` are allowed to derive `CKO_DATA`. Maybe the PKCS #11 library I am playing with (NSS 3.101 on macosx_aarch64) is tolerant.
Yes, my interpretation is that data (the derivation output in this case) is fine. What shouldn't happen is to have a non-extractable key derived extracted.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22215#issuecomment-2537197895
More information about the core-libs-dev
mailing list