RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v6]
Martin Balao
mbalao at openjdk.org
Wed Dec 18 23:34:37 UTC 2024
On Wed, 18 Dec 2024 22:48:04 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Unused import removed.
>>
>> Co-authored-by: Martin Balao Alonso <mbalao at redhat.com>
>> Co-authored-by: Francisco Ferrari Bihurriet <fferrari at redhat.com>
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java line 737:
>
>> 735: m(CKM_CHACHA20_POLY1305));
>> 736: d(SKF, "Generic", P11SecretKeyFactory,
>> 737: m(CKM_GENERIC_SECRET_KEY_GEN));
>
> How useful is this? Is it only used to import a "Generic" `SecretKeySpec` into a token? I see it's used in the test when adding a key. Can you simply add the `SecretKeySpec` key there?
Generic is a native PKCS11 key type (`CKK_GENERIC_SECRET`) that could have been added to SunPKCS11 before, irrespective of HKDF. It's convenient for the test to have key material in the token and test consolidation (IKM or salt).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1890952392
More information about the core-libs-dev
mailing list