RFR: 8350661: PKCS11 HKDF throws ProviderException when requesting a 31-byte AES key [v4]
Martin Balao
mbalao at openjdk.org
Fri Apr 18 19:49:48 UTC 2025
On Thu, 17 Apr 2025 20:52:52 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Inform key sizes in the exception when failing check.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java line 106:
>
>> 104: }
>> 105:
>> 106: static sealed class KeyInfo permits PBEKeyInfo, HMACKeyInfo, HKDFKeyInfo,
>
> Can we add some comment about the purpose of KeyInfo and the PKCS11 classes which depend on it? E.g. HKDF will use the key algorithm to look up the corresponding key type. Also some comment for the various child key info classes would be nice.
Ok
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java line 154:
>
>> 152: }
>> 153:
>> 154: static final class TLSKeyInfo extends KeyInfo {
>
> Documenting this TLSKeyInfo is to support JSSE using HKDF to derive various keys whose algorithms are named following the "TlsXXX" convention?
Ok
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24526#discussion_r2051049867
PR Review Comment: https://git.openjdk.org/jdk/pull/24526#discussion_r2051050494
More information about the security-dev
mailing list