Please add HMAC keygen to SunPKCS11
Valerie Peng
valerie.peng at oracle.com
Mon Oct 26 16:58:55 UTC 2020
True, using HSM is one scenario that would require the key material be
directly from the underlying PKCS11 library. I've filed a RFE about this
and marked it P3.
https://bugs.openjdk.java.net/browse/JDK-8255407
Thanks for the input.
Valerie
On 10/23/2020 6:39 PM, Bernd Eckenfels wrote:
> Hello,
>
> I would agree with this request, my usecase would be to use a HSM,
> where I typically don’t want to import keys but generate them safely
> on the HSM so not even admins have access to the key material ever
> (besides maybe having a key handle to wrap it). Isn’t that what the
> KeyGen interface is all about?
>
> Such cases are not tha easy to model with the current abstract PKCS11
> Support it seems.
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> ------------------------------------------------------------------------
> *Von:* security-dev <security-dev-retn at openjdk.java.net> im Auftrag
> von Valerie Peng <valerie.peng at oracle.com>
> *Gesendet:* Saturday, October 24, 2020 3:18:56 AM
> *An:* security-dev at openjdk.java.net <security-dev at openjdk.java.net>
> *Betreff:* Re: Please add HMAC keygen to SunPKCS11
>
> Hi, Justin,
>
> Most callers just wrap the HMAC key bytes into a java SecretKey
> object, e.g. new SecretKeySpec(keyBytes, "HmacSHA256"), pass that into
> the HMAC impl from SunPKCS11 provider which will then convert it into
> a CKK_GENERIC_SECRET key and passing that to underlying PKCS11 library.
>
> Maybe for some very specific cases, support CKM_GENERIC_SECRET_KEY_GEN
> is necessary and I can look into that. For determining the priority on
> this, would the java SecretKey object address your need? Or is there
> other reason requiring 3rd party utility?
>
> Thanks,
> Valerie
>
>
> On 10/21/2020 8:44 PM, Justin Cranford wrote:
>>
>> Compare SunPKCS11 support for AES vs HMAC
>>
>> * AES => keygen is supported, and AES key can be used for encrypt
>> and decrypt.
>> * HMAC => keygen is not supported, but HMAC key can be used for MAC.
>>
>> This does not make sense. A third-party utility is required for HMAC
>> keygen, but not for AES keygen.
>>
>> Use case:
>>
>> * PKCS#11 driver is v2.20.
>> * This means AES-256-GCM is not available for confidentiality and
>> integrity, because GCM supported was only added in PKCS#11 v2.40.
>> * Fallback to AES-256-CBC and HmacSha256 is required for
>> confidentiality and integrity, respectively.
>> * Java can trigger AES keygen, but not HMAC keygen. A third-party
>> utility is required to trigger HMAC keygen before running Java.
>>
>> Would it be possible to add the missing GENERIC-SECRET-KEY-GEN
>> mechanism to SunPKCS11? Notice how that mechanism is missing from the
>> documented SunPKCS11 algorithms and mechanisms. It is the same in
>> Java 8 all the way up to 15.
>>
>> * https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ALG
>> <https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ALG>
>>
>> To reproduce and demonstrate the missing HMAC keygen issue, here is a
>> small Java Maven project.
>>
>> * https://github.com/justincranford/pkcs11
>> <https://github.com/justincranford/pkcs11>
>>
>> The readme shows the commands to initialize the SoftHSM2 token, and
>> use a third-party OpenSC utility to trigger HMAC keygen. It also
>> shows how to set the required SoftHSM2 env variable and run the Maven
>> build.
>>
>> The Maven build will execute the ITPkcs11.java integration test
>> class. The tests demonstrate:
>>
>> * Successful SunPKCS11 login to SoftHSM2 and list any existing keys
>> * Successful AES keygen, encrypt, decrypt
>> * Successful HMAC mac
>> * Failed HMAC keygen (because SunPKCS11 does not support
>> GENERIC-SECRET-KEY-GEN mechanism yet)
>>
>> Thank you,
>>
>> Justin Cranford
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20201026/e3805311/attachment.htm>
More information about the security-dev
mailing list