On Thu, 7 Nov 2024 17:18:12 GMT, Kevin Driver wrote:
>> TCK/spec compliance fix for two `getInstance` methods in KDF - unwrap a
>> wrapped IAPE from an NSAE.
>
> Kevin Driver has updated the pull request incrementally with one additional
> commit since the last revision:
>
> review comments
On Tue, 5 Nov 2024 20:30:09 GMT, Sonia Zaldana Calles
wrote:
> Hi all,
>
> This PR addresses [8339892](https://bugs.openjdk.org/browse/JDK-8339892)
> enabling several security shell tests to set TESTJAVAOPTS.
>
> Cheers,
> Sonia
Looks fine to me. Thanks~
-
Marked as reviewed
On Tue, 5 Nov 2024 21:47:07 GMT, Ben Perez wrote:
>> Java implementation of ML-KEM, the [FIPS
>> 203](https://csrc.nist.gov/pubs/fips/203/final) post-quantum KEM scheme.
>> Depends on https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request incrementally with one add
On Tue, 8 Oct 2024 23:12:19 GMT, Valerie Peng wrote:
> > > Hi. I'm the original reporter of this issue. Thanks for the work done on
> > > this bug. I see the the fix has been targeted at only Java 24. Are there
> > > any plans to back port this to Java 21,
On Thu, 31 Oct 2024 18:20:26 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Wed, 16 Oct 2024 21:27:51 GMT, Valerie Peng wrote:
> Could someone please help review this PR? It updates the PCSC Lite headers
> and the relevant files to v2.3.0.
>
> Thanks!
> Valerie
This pull request has now been integrated.
Changeset: d2e716eb
Author: Va
On Wed, 23 Oct 2024 21:33:51 GMT, Valerie Peng wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> remove unused method
>
> src/java.base/share/classes/com/sun/crypto/provider/HKD
On Thu, 24 Oct 2024 14:29:45 GMT, Hannes Wallnöfer wrote:
>> Please review a doc update to add `@spec` tags to crypto and security APIs
>> in `java.base`.
>>
>> This was authored and proposed as #13336 by @jonathan-gibbons as part of an
>> effort to [add `@spec` tags and an external specifica
On Wed, 23 Oct 2024 21:59:55 GMT, Jonathan Gibbons wrote:
> > Is "https://tools.ietf.org/html/rfc8103"; considered external spec? It is
> > mentioned in com.sun.crypto.provider.ChaCha20Poly1305Parameters class but
> > not covered in this PR. Is there any additional condition for an external
>
On Fri, 25 Oct 2024 21:17:30 GMT, Valerie Peng wrote:
>> Hannes Wallnöfer has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Add @spec tags as per review feedback
>
> src/java.base/share/classes/javax/net/s
On Thu, 24 Oct 2024 14:29:45 GMT, Hannes Wallnöfer wrote:
>> Please review a doc update to add `@spec` tags to crypto and security APIs
>> in `java.base`.
>>
>> This was authored and proposed as #13336 by @jonathan-gibbons as part of an
>> effort to [add `@spec` tags and an external specifica
On Mon, 21 Oct 2024 15:45:09 GMT, Hannes Wallnöfer wrote:
>> Please review a doc update to add `@spec` tags to crypto and security APIs
>> in `java.base`.
>>
>> This was authored and proposed as #13336 by @jonathan-gibbons as part of an
>> effort to [add `@spec` tags and an external specifica
On Mon, 21 Oct 2024 18:18:12 GMT, Vladimir Ivanov wrote:
> This patch remove access to the shared variable to fix scalability issue in
> the multithread environment. According to testing by the
> specjvm2008::crypto.rsa the one thread performance reduced for less than 1%
> while the score for
On Wed, 23 Oct 2024 14:06:25 GMT, Weijun Wang wrote:
> If the upstream file hasn’t changed, that’s fine. I was just curious why the
> year included (for Ludovic) hasn’t been updated as well.
Yup, same here. Since the upstream file is the same, I only update the changed
files.
Thanks for the re
On Thu, 24 Oct 2024 02:21:20 GMT, Valerie Peng wrote:
>> Hannes Wallnöfer has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Update copyright header dates
>
> src/java.base/share/classes/java/security/packa
On Mon, 21 Oct 2024 15:45:09 GMT, Hannes Wallnöfer wrote:
>> Please review a doc update to add `@spec` tags to crypto and security APIs
>> in `java.base`.
>>
>> This was authored and proposed as #13336 by @jonathan-gibbons as part of an
>> effort to [add `@spec` tags and an external specifica
On Mon, 21 Oct 2024 18:21:37 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Mon, 21 Oct 2024 15:45:09 GMT, Hannes Wallnöfer wrote:
>> Please review a doc update to add `@spec` tags to crypto and security APIs
>> in `java.base`.
>>
>> This was authored and proposed as #13336 by @jonathan-gibbons as part of an
>> effort to [add `@spec` tags and an external specifica
On Mon, 21 Oct 2024 15:45:09 GMT, Hannes Wallnöfer wrote:
>> Please review a doc update to add `@spec` tags to crypto and security APIs
>> in `java.base`.
>>
>> This was authored and proposed as #13336 by @jonathan-gibbons as part of an
>> effort to [add `@spec` tags and an external specifica
On Thu, 17 Oct 2024 11:41:47 GMT, Weijun Wang wrote:
> I see there is a `COPYING` file in the same directory as the header files.
> Does it need any update?
That file has been the same, so no need to update it.
-
PR Comment: https://git.openjdk.org/jdk/pull/21552#issuecomment-2430
On Mon, 21 Oct 2024 18:21:37 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Fri, 18 Oct 2024 20:12:57 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
Could someone please help review this PR? It updates the PCSC Lite headers and
the relevant files to v2.3.0.
Thanks!
Valerie
-
Commit messages:
- 8331958: Update PC/SC Lite for Suse Linux to 2.3.0
Changes: https://git.openjdk.org/jdk/pull/21552/files
Webrev: https://webrevs.open
On Mon, 7 Oct 2024 21:44:45 GMT, Valerie Peng wrote:
> Could someone please help review this PR? It updates the PKCS#11 headers and
> the relevant files to v3.1.
>
> Thanks!
> Valerie
This pull request has now been integrated.
Changeset: b4ab290f
Author: Valerie Peng
UR
On Tue, 15 Oct 2024 18:37:38 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Tue, 15 Oct 2024 18:37:38 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Tue, 15 Oct 2024 18:37:38 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Mon, 14 Oct 2024 23:01:15 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Fri, 11 Oct 2024 17:57:18 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Fri, 11 Oct 2024 17:57:18 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Fri, 11 Oct 2024 17:57:18 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Fri, 11 Oct 2024 19:52:32 GMT, Weijun Wang wrote:
>> To prepare for new PQC algorithms like ML-KEM and ML-DSA where there are
>> only named standardized parameter sets, a common framework is introduced.
>>
>> A example of EdDSA implementation using this framework is included as a test.
>
> W
On Tue, 8 Oct 2024 22:33:40 GMT, Valerie Peng wrote:
> > Hi. I'm the original reporter of this issue. Thanks for the work done on
> > this bug. I see the the fix has been targeted at only Java 24. Are there
> > any plans to back port this to Java 21, which is the curren
On Mon, 7 Oct 2024 06:31:13 GMT, Kåre Fiedler Christiansen
wrote:
> Hi. I'm the original reporter of this issue. Thanks for the work done on this
> bug. I see the the fix has been targeted at only Java 24. Are there any plans
> to back port this to Java 21, which is the current LTS version, an
On Mon, 7 Oct 2024 23:31:49 GMT, Weijun Wang wrote:
>> Could someone please help review this PR? It updates the PKCS#11 headers and
>> the relevant files to v3.1.
>>
>> Thanks!
>> Valerie
>
> Looks good to me. Thanks.
Thanks @wangweij @ascarpino for the review~Will integrate after management
On Tue, 8 Oct 2024 01:15:49 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> null check as asserts, and better exception messages
>
> src/java.base/s
On Mon, 7 Oct 2024 18:54:03 GMT, Weijun Wang wrote:
>> To prepare for new PQC algorithms like ML-KEM and ML-DSA where there are
>> only named standardized parameter sets, a common framework is introduced.
>>
>> A example of EdDSA implementation using this framework is included as a test.
>
> We
Could someone please help review this PR? It updates the PKCS#11 headers and
the relevant files to v3.1.
Thanks!
Valerie
-
Commit messages:
- 8331959: Update PKCS#11 Cryptographic Token Interface to v3.1
Changes: https://git.openjdk.org/jdk/pull/21396/files
Webrev: https://webre
On Wed, 2 Oct 2024 22:53:01 GMT, Jamil Nimeh wrote:
>> This PR corrects a flaw in the StatusResponseManager where it was
>> incorrectly swallowing the interrupt status when either an invokeAll was
>> called (spawning the threads to fetch each OCSP response) or when attempting
>> to grab the da
On Fri, 27 Sep 2024 18:48:23 GMT, Jamil Nimeh wrote:
> This PR corrects a flaw in the StatusResponseManager where it was incorrectly
> swallowing the interrupt status when either an invokeAll was called (spawning
> the threads to fetch each OCSP response) or when attempting to grab the data
>
On Fri, 27 Sep 2024 18:48:23 GMT, Jamil Nimeh wrote:
> This PR corrects a flaw in the StatusResponseManager where it was incorrectly
> swallowing the interrupt status when either an invokeAll was called (spawning
> the threads to fetch each OCSP response) or when attempting to grab the data
>
On Wed, 18 Sep 2024 21:44:08 GMT, Valerie Peng wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> refinement of addIKM and addSalt specifications
>
> src/java.base/share/c
On Tue, 17 Sep 2024 21:52:47 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Tue, 17 Sep 2024 21:52:47 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Wed, 18 Sep 2024 17:07:22 GMT, Valerie Peng wrote:
>> Not me.
>
> This is the by-product of the `getNext()` refactoring. I should have modeled
> `getNext()` using the code under `getInstance()` instead of
> `chooseProvider()` so the debugging and exception can be preser
On Wed, 18 Sep 2024 14:31:06 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 331:
>>
>>> 329: * if at least one {@code Provider} supports a {@code KDF}
>>> 330: * implementation for the specified algorithm but none of
>>> them
>>> 331:
On Tue, 17 Sep 2024 21:52:47 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Wed, 17 Jul 2024 00:48:20 GMT, Valerie Peng wrote:
> Can someone help review this fix? Changed the required-mechanism check by
> checking if the particular mechanism is inside the list of enabled supported
> mechanisms. This should be more reliable than calling C_GetMechanismInfo(
On Fri, 6 Sep 2024 14:13:15 GMT, Ferenc Rakoczi wrote:
>> In preparation for the new PQC algorithms implementations, internal XOF
>> (eXtendable Output Function) methods are added to the SHAKE128 and SHAKE256
>> implementations.
>
> Ferenc Rakoczi has updated the pull request incrementally with
On Wed, 28 Aug 2024 16:42:38 GMT, Ferenc Rakoczi wrote:
>> In preparation for the new PQC algorithms implementations, internal XOF
>> (eXtendable Output Function) methods are added to the SHAKE128 and SHAKE256
>> implementations.
>
> Ferenc Rakoczi has updated the pull request incrementally wit
On Wed, 28 Aug 2024 16:42:38 GMT, Ferenc Rakoczi wrote:
>> In preparation for the new PQC algorithms implementations, internal XOF
>> (eXtendable Output Function) methods are added to the SHAKE128 and SHAKE256
>> implementations.
>
> Ferenc Rakoczi has updated the pull request incrementally wit
On Fri, 30 Aug 2024 23:26:12 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Fri, 30 Aug 2024 23:13:04 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 121:
>>
>>> 119: private Iterator serviceIterator;
>>> 120:
>>> 121: private final Object lock;
>>
>> Why are you using an `Object` as a lock instead of something like
>> `R
On Fri, 30 Aug 2024 23:22:15 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 227:
>>
>>> 225:
>>> == null) ? null : salt.getEncoded());
>>> 226:
On Fri, 30 Aug 2024 23:21:57 GMT, Kevin Driver wrote:
>> Since the desired length is passed into `hkdfExpand()` method, why not make
>> `hkdfExpand()` return the output with the requested length?
>
> See:
> https://github.com/openjdk/jdk/pull/20301/commits/25c17b26231b2b63bab9193fe29c7c258f96a3
On Thu, 29 Aug 2024 20:01:57 GMT, Kevin Driver wrote:
>> test/jdk/javax/crypto/KDF/KDFDelayedProviderSyncTest.java line 66:
>>
>>> 64: public void testDerive()
>>> 65: throws InvalidAlgorithmParameterException,
>>> NoSuchAlgorithmException {
>>> 66: SecretKey result = kdfUnd
On Fri, 23 Aug 2024 21:44:44 GMT, Kevin Driver wrote:
>> These are "RAW" since the lengths are somewhat arbitrary in the KATs. It's
>> perhaps a bit misleading to create standard keys with strange output
>> lengths. Would you prefer "Generic" over "RAW"?
>
> Addressed in
> https://github.com/o
On Wed, 28 Aug 2024 20:44:10 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Wed, 21 Aug 2024 00:14:55 GMT, Valerie Peng wrote:
>> Addressed in
>> https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4055.
>> Please indicate if this is resolved.
>
> Well, if a non-extractrable hardware key is passed to us,
On Thu, 29 Aug 2024 16:08:33 GMT, Kevin Driver wrote:
>> Sure, I added an if-check to skip the `hmacObj.update(...)` call for the i=0
>> case. This way, you don't need to set `tLength` to 0 and then changing it to
>> `hmacLen` afterwards. I find it easier to understand.
>
> But this way, the fi
On Wed, 28 Aug 2024 20:44:10 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Wed, 28 Aug 2024 20:36:06 GMT, Kevin Driver wrote:
>> test/jdk/security/unsignedjce/java.base/javax/crypto/ProviderVerifier.java
>> line 1:
>>
>>> 1: /*
>>
>> This is exact the same code as the one in OpenJDK.
>> For the Delayed.java, it just needs the bare minimum, e.g. do not error out
>
On Wed, 14 Aug 2024 15:29:21 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/KDFSpi.java line 72:
>>
>>> 70: */
>>> 71: protected KDFSpi(KDFParameters kdfParameters)
>>> 72: throws InvalidAlgorithmParameterException {}
>>
>> The implementation doesn't do an
On Mon, 26 Aug 2024 18:16:17 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 473:
>>
>>> 471: * @param alg
>>> 472: * the algorithm of the resultant {@code SecretKey} object
>>> 473: * @param derivationParameterSpec
>>
>> I prefer a short na
On Fri, 16 Aug 2024 18:09:02 GMT, Valerie Peng wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> addressed several review comments, namely: - renaming the getParameters
On Fri, 23 Aug 2024 21:45:46 GMT, Kevin Driver wrote:
>> I'm happy to increase the value, but this will vary by machine capability. I
>> think I tuned it to a shorter `timeOut` recently, but I can increase the
>> value again.
>
> I double-checked, and the value was actually lengthened recently.
On Mon, 26 Aug 2024 17:45:19 GMT, Weijun Wang wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> code review comments and test renaming
>
> src/java.base/share/classes/javax/crypto/KDF.java line 476:
>
>> 474: *
On Wed, 28 Aug 2024 20:38:06 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 231:
>>
>>> 229: /**
>>> 230: * Returns a {@code KDF} instance initialized with the specified
>>> algorithm from
>>> 231: * the specified security provider.
>>
>> Add "
On Wed, 28 Aug 2024 18:13:26 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 230:
>>
>>> 228:
>>> 229: /**
>>> 230: * Returns a {@code KDF} instance initialized with the specified
>>> algorithm from
>>
>> "initialized with the specified algorithm" i
On Fri, 16 Aug 2024 21:04:36 GMT, Kevin Driver wrote:
>> I would answer yes, yes, yes, yes, and YES. :-)
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4055.
> Please indicate if this is resolved.
Yes, resolved.
-
PR Revie
On Tue, 20 Aug 2024 20:05:07 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Wed, 21 Aug 2024 16:48:23 GMT, Martin Balao wrote:
> Looks good to me.
Thanks Martin for the review~
-
PR Comment: https://git.openjdk.org/jdk/pull/20207#issuecomment-2302556977
On Mon, 19 Aug 2024 21:39:17 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 202:
>>
>>> 200: salts = anExtractThenExpand.salts();
>>> 201: // we should be able to combine these Lists of keys into
>>> single
On Mon, 19 Aug 2024 21:39:06 GMT, Kevin Driver wrote:
>> Valerie is correct. I might have confused algorithm name and format name.
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/48395b86ba8e1cda663ae326e06ae2556f4b905a.
> Please indicate if this is resolved.
Yes, resolved
On Fri, 16 Aug 2024 19:29:36 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 369:
>>
>>> 367: throw new RuntimeException(sbe);
>>> 368: }
>>> 369: }
>>
>> `tLength` may not be necessary. Variable
On Fri, 16 Aug 2024 21:13:34 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 338:
>>
>>> 336: // Calculate the number of rounds of HMAC that are needed to
>>> 337: // meet the requested data. Then set up the buffers
On Mon, 19 Aug 2024 21:38:50 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 328:
>>
>>> 326: *
>>> 327: * @throws InvalidKeyException
>>> 328: * if an invalid key was provided through the {@code
>>> HkdfParamete
turn various sorts of error
> codes.
>
> Thanks,
> Valerie
Valerie Peng has updated the pull request incrementally with one additional
commit since the last revision:
Address review comments and reverted back to iterating through all available
mechanisms.
-
On Mon, 19 Aug 2024 21:38:42 GMT, Kevin Driver wrote:
>> I think Valerie is right. In case a Mac implementation is picky on the key
>> algorithm name.
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/48395b86ba8e1cda663ae326e06ae2556f4b905a.
> Please indicate if this is res
On Fri, 16 Aug 2024 21:13:07 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 284:
>>
>>> 282: * the input keying material used for the HKDF-Extract
>>> operation.
>>> 283: * @param salt
>>> 284: * the salt va
On Fri, 16 Aug 2024 21:12:39 GMT, Kevin Driver wrote:
>> Well, I don't share your comments/reason on why SecretKey is needed.
>
> A portion of this one is addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4055.
Yes, the renaming part is resolve
On Fri, 16 Aug 2024 21:12:02 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 242:
>>
>>> 240: }
>>> 241: throw new InvalidAlgorithmParameterException(
>>> 242: "an HKDF could not be initialized with the g
On Fri, 16 Aug 2024 21:11:43 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 86:
>>
>>> 84: *
>>> 85: * @throws InvalidAlgorithmParameterException
>>> 86: * if the information contained within the {@code
>>> KDFP
On Fri, 16 Aug 2024 21:10:54 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line
>> 428:
>>
>>> 426: *
>>> 427: * Note: {@code addIKMValue} and {@code addSaltValue} may be
>>> called
>>> 428: * afterward to supply ad
On Mon, 19 Aug 2024 21:38:06 GMT, Kevin Driver wrote:
>> Numerous comments elsewhere in the code illustrate what's happening. Is your
>> concern for readers of the javadoc? This is probably a valid suggestion.
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/48395b86ba8e1cda
On Mon, 19 Aug 2024 19:38:37 GMT, Ferenc Rakoczi wrote:
> In preparation for the new PQC algorithms implementations, internal XOF
> (eXtendable Output Function) methods are added to the SHAKE128 and SHAKE256
> implementations.
Not sure if you noticed, the bot warns "Change must not contain ext
On Tue, 6 Aug 2024 22:39:59 GMT, Martin Balao wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
>> line 1297:
>>
>>> 1295: new HashMap();
>>> 1296:
>>> 1297: for (long longMech : supportedMechanisms) {
>>
>> Is the code under `if (!conf
On Tue, 6 Aug 2024 22:25:30 GMT, Martin Balao wrote:
>> Can someone help review this fix? Changed the required-mechanism check by
>> checking if the particular mechanism is inside the list of enabled supported
>> mechanisms. This should be more reliable than calling C_GetMechanismInfo(..)
>> o
Yes, key value extraction is disallowed for PKCS11 provider in FIPS mode.
When you call KeyAgreement.generateSecret(), a native key is generated and its
key value would be extracted and return which would be rejected for provider in
FIPS mode. Please try the KeyAgreement.generateSecret(String) ca
On Fri, 16 Aug 2024 21:05:23 GMT, Kevin Driver wrote:
>> Why do the null check on {@code provider} here? For consistency sake, since
>> both {@code algorithm} and {@code provider} are checked for non-null inside
>> {@code getInstance(String, KDFParameters, String), you should either check
>> b
On Tue, 13 Aug 2024 15:24:11 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Fri, 16 Aug 2024 21:05:06 GMT, Kevin Driver wrote:
>> Yes, I am aware of the Cipher transformations, etc. It's just that the
>> sentence seems to imply the naming convention is from RFC 5869.
>
> Addressed in
> https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab4
On Fri, 16 Aug 2024 21:07:55 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line
>> 262:
>>
>>> 260: throw new NullPointerException(
>>> 261: "salt must not be null");
>>> 262: }
>>
>> Why not use
On Tue, 13 Aug 2024 15:24:11 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Tue, 13 Aug 2024 15:24:11 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Tue, 13 Aug 2024 00:13:38 GMT, Anthony Scarpino
wrote:
>> Kevin Driver has updated the pull request with a new target base due to a
>> merge or a rebase. The incremental webrev excludes the unrelated changes
>> brought in by the merge/rebase. The pull request contains 16 additional
>> comm
On Tue, 13 Aug 2024 15:24:11 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Thu, 15 Aug 2024 21:06:13 GMT, Kevin Driver wrote:
>> This method can be made "private" since there is no need for sub-class to
>> override it?
>
>> Use the name `inputKeyMaterial` instead of `inputKey` for consistency? Seems
>> easier to use `byte[]` for its type since all you need is just
On Tue, 13 Aug 2024 15:24:11 GMT, Kevin Driver wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are
>> cryptographic algorithms for deriving additional keys from a secret key and
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another P
On Thu, 15 Aug 2024 21:05:15 GMT, Kevin Driver wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java
>> line 151:
>>
>>> 149: try {
>>> 150: return hkdfExtract(inputKeyMaterial,
>>> 151:(salt == null)
1 - 100 of 648 matches
Mail list logo
