Please add HMAC keygen to SunPKCS11

Bernd Eckenfels ecki at zusammenkunft.net
Sat Oct 24 01:39:01 UTC 2020


Hello,

I would agree with this request, my usecase would be to use a HSM, where I typically don’t want to import keys but generate them safely on the HSM so not even admins have access to the key  material ever (besides maybe having a key handle to wrap it). Isn’t that what the KeyGen interface is all about?

Such cases are not tha easy to model with the current abstract PKCS11 Support it seems.

Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: security-dev <security-dev-retn at openjdk.java.net> im Auftrag von Valerie Peng <valerie.peng at oracle.com>
Gesendet: Saturday, October 24, 2020 3:18:56 AM
An: security-dev at openjdk.java.net <security-dev at openjdk.java.net>
Betreff: Re: Please add HMAC keygen to SunPKCS11


Hi, Justin,

Most callers just wrap the HMAC key bytes into a java SecretKey object, e.g. new SecretKeySpec(keyBytes, "HmacSHA256"), pass that into the HMAC impl from SunPKCS11 provider which will then convert it into a CKK_GENERIC_SECRET key and passing that to underlying PKCS11 library.

Maybe for some very specific cases, support CKM_GENERIC_SECRET_KEY_GEN is necessary and I can look into that. For determining the priority on this, would the java SecretKey object address your need? Or is there other reason requiring 3rd party utility?

Thanks,
Valerie


On 10/21/2020 8:44 PM, Justin Cranford wrote:

Compare SunPKCS11 support for AES vs HMAC

  *   AES => keygen is supported, and AES key can be used for encrypt and decrypt.
  *   HMAC => keygen is not supported, but HMAC key can be used for MAC.



This does not make sense. A third-party utility is required for HMAC keygen, but not for AES keygen.



Use case:

  *   PKCS#11 driver is v2.20.
  *   This means AES-256-GCM is not available for confidentiality and integrity, because GCM supported was only added in PKCS#11 v2.40.
  *   Fallback to AES-256-CBC and HmacSha256 is required for confidentiality and integrity, respectively.
  *   Java can trigger AES keygen, but not HMAC keygen. A third-party utility is required to trigger HMAC keygen before running Java.



Would it be possible to add the missing GENERIC-SECRET-KEY-GEN mechanism to SunPKCS11? Notice how that mechanism is missing from the documented SunPKCS11 algorithms and mechanisms. It is the same in Java 8 all the way up to 15.

  *   https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ALG







To reproduce and demonstrate the missing HMAC keygen issue, here is a small Java Maven project.

  *   https://github.com/justincranford/pkcs11



The readme shows the commands to initialize the SoftHSM2 token, and use a third-party OpenSC utility to trigger HMAC keygen. It also shows how to set the required SoftHSM2 env variable and run the Maven build.



The Maven build will execute the ITPkcs11.java integration test class. The tests demonstrate:

  *   Successful SunPKCS11 login to SoftHSM2 and list any existing keys
  *   Successful AES keygen, encrypt, decrypt
  *   Successful HMAC mac
  *   Failed HMAC keygen (because SunPKCS11 does not support GENERIC-SECRET-KEY-GEN mechanism yet)







Thank you,

Justin Cranford
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20201024/1e6e4b38/attachment.htm>


More information about the security-dev mailing list