<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p>True, using HSM is one scenario that would require the key
material be directly from the underlying PKCS11 library. I've
filed a RFE about this and marked it P3.</p>
<p><a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8255407">https://bugs.openjdk.java.net/browse/JDK-8255407</a><br>
</p>
<p>Thanks for the input. <br>
</p>
<p>Valerie<br>
</p>
<div class="moz-cite-prefix">On 10/23/2020 6:39 PM, Bernd Eckenfels
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:AM6PR03MB438995FC1AFB7BDCF140DD6FFF1B0@AM6PR03MB4389.eurprd03.prod.outlook.com">
<div dir="ltr">
<div>
<div>
<div>Hello,</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">I would agree with this request, my usecase
would be to <span>use a HSM, where I typically don’t want
to import keys but generate them safely on the HSM so
not even admins have access to the key material ever
(besides maybe having a key handle to wrap it)</span><span>.
Isn’t that what the KeyGen interface is all about?</span></div>
<div dir="ltr"><span><br>
</span></div>
<div dir="ltr"><span>Such cases are not tha easy to model
with the current abstract PKCS11 Support it seems.</span></div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Gruss</div>
<div dir="ltr">Bernd</div>
</div>
<div class="ms-outlook-ios-signature"
id="ms-outlook-mobile-signature">
<div>-- </div>
<div><a class="moz-txt-link-freetext" href="http://bernd.eckenfels.net">http://bernd.eckenfels.net</a></div>
</div>
</div>
</div>
<hr tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><b>Von:</b> security-dev
<a class="moz-txt-link-rfc2396E" href="mailto:security-dev-retn@openjdk.java.net"><security-dev-retn@openjdk.java.net></a> im Auftrag von
Valerie Peng <a class="moz-txt-link-rfc2396E" href="mailto:valerie.peng@oracle.com"><valerie.peng@oracle.com></a><br>
<b>Gesendet:</b> Saturday, October 24, 2020 3:18:56 AM<br>
<b>An:</b> <a class="moz-txt-link-abbreviated" href="mailto:security-dev@openjdk.java.net">security-dev@openjdk.java.net</a>
<a class="moz-txt-link-rfc2396E" href="mailto:security-dev@openjdk.java.net"><security-dev@openjdk.java.net></a><br>
<b>Betreff:</b> Re: Please add HMAC keygen to SunPKCS11
<div> </div>
</div>
<div>
<p>Hi, Justin,<br>
</p>
<p>Most callers just wrap the HMAC key bytes into a java
SecretKey object, e.g. new SecretKeySpec(keyBytes,
"HmacSHA256"), pass that into the HMAC impl from SunPKCS11
provider which will then convert it into a CKK_GENERIC_SECRET
key and passing that to underlying PKCS11 library.</p>
<p>Maybe for some very specific cases, support
CKM_GENERIC_SECRET_KEY_GEN is necessary and I can look into
that. For determining the priority on this, would the java
SecretKey object address your need? Or is there other reason
requiring 3rd party utility?</p>
Thanks,<br>
Valerie
<p><br>
</p>
<div class="x_moz-cite-prefix">On 10/21/2020 8:44 PM, Justin
Cranford wrote:<br>
</div>
<blockquote type="cite">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<div class="x_WordSection1">
<p class="x_MsoNormal">Compare SunPKCS11 support for AES vs
HMAC</p>
<ul type="disc">
<li class="x_MsoListParagraph">AES => keygen is
supported, and AES key can be used for encrypt and
decrypt.</li>
<li class="x_MsoListParagraph">HMAC => keygen is not
supported, but HMAC key can be used for MAC.</li>
</ul>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">This does not make sense. A
third-party utility is required for HMAC keygen, but not
for AES keygen.</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">Use case:</p>
<ul type="disc">
<li class="x_MsoListParagraph">PKCS#11 driver is v2.20.</li>
<li class="x_MsoListParagraph">This means AES-256-GCM is
not available for confidentiality and integrity, because
GCM supported was only added in PKCS#11 v2.40.</li>
<li class="x_MsoListParagraph">Fallback to AES-256-CBC and
HmacSha256 is required for confidentiality and
integrity, respectively.</li>
<li class="x_MsoListParagraph">Java can trigger AES
keygen, but not HMAC keygen. A third-party utility is
required to trigger HMAC keygen before running Java.</li>
</ul>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">Would it be possible to add the
missing GENERIC-SECRET-KEY-GEN mechanism to SunPKCS11?
Notice how that mechanism is missing from the documented
SunPKCS11 algorithms and mechanisms. It is the same in
Java 8 all the way up to 15.</p>
<ul type="disc">
<li class="x_MsoListParagraph"><a
href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ALG"
moz-do-not-send="true">https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ALG</a></li>
</ul>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">To reproduce and demonstrate the
missing HMAC keygen issue, here is a small Java Maven
project.</p>
<ul type="disc">
<li class="x_MsoListParagraph"><a
href="https://github.com/justincranford/pkcs11"
moz-do-not-send="true">https://github.com/justincranford/pkcs11</a></li>
</ul>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">The readme shows the commands to
initialize the SoftHSM2 token, and use a third-party
OpenSC utility to trigger HMAC keygen. It also shows how
to set the required SoftHSM2 env variable and run the
Maven build.</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">The Maven build will execute the
ITPkcs11.java integration test class. The tests
demonstrate:</p>
<ul type="disc">
<li class="x_MsoListParagraph">Successful SunPKCS11 login
to SoftHSM2 and list any existing keys</li>
<li class="x_MsoListParagraph">Successful AES keygen,
encrypt, decrypt</li>
<li class="x_MsoListParagraph">Successful HMAC mac</li>
<li class="x_MsoListParagraph">Failed HMAC keygen (because
SunPKCS11 does not support GENERIC-SECRET-KEY-GEN
mechanism yet)</li>
</ul>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">Thank you,</p>
<p class="x_MsoNormal">Justin Cranford</p>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>