RFR: 8341346: Add support for exporting TLS Keying Material [v7]

[Weijun Wang]

On Wed, 7 May 2025 05:47:30 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:

>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE respectively.
>> 
>> CSR is underway.
>> 
>> Tests include new unit tests for TLSv1-1.3.  Will run tier1-2, plus the JCK API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto)
>
> Bradford Wetmore has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Updated to use the upcoming KDF (still in preview) + bits of JDK-8353578 for compilation)

src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java line 169:

> 167: 
> 168:     /**
> 169:      * Generate Exported Key Material (EKM) calculated according to the

s/Key/Keying/

src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1808:

> 1806:             String label, byte[] context, int length) throws SSLKeyException {
> 1807:         byte[] bytes =
> 1808:                 exportKeyingMaterialKey(label, context, length).getEncoded();

In PKCS #11, calling `deriveKey(...).getEncoded()` is not equivalent to `deriveData()`. It's quite likely that `deriveKey` returns an un-extractable key, but `deriveData` using the exact same input returns the keying material.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2078023812
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2078022859