8328119: SunPKCS#11 implementation of HKDF

[martinuy]

We would like to propose an implementation of the HKDF algorithms for SunPKCS11, aligned with the KDF API proposed for JDK 24 (see JEP 478: Key Derivation Function API (Preview)).

This implementation will be under the Preview umbrella until the KDF API becomes stable in a future JDK release. The benefit of this early proposal is to gather more feedback about the KDF API for future improvements.

The P11KDF class has the core implementation and Java calls to the PKCS 11 API. Different native mechanism were used to merge key material: CKM_CONCATENATE_BASE_AND_DATA (key and data), CKM_CONCATENATE_BASE_AND_KEY (key and key) and CKM_CONCATENATE_DATA_AND_BASE (data and key). The implementation also supports merging data with data, at the Java level. List of HKDF algorithms supported: HKDFWithHmacSHA1, HKDFWithHmacSHA224, HKDFWithHmacSHA256, HKDFWithHmacSHA384, and, HKDFWithHmacSHA512.

Derivation modes supported: extract, expand, and, extract-expand.

We further advanced the consolidation of algorithm and key info in the P11SecretKeyFactory map —this effort started with the PBE support enhancement and has helped to avoid duplication—. The map has now information about HMAC (HMACKeyInfo class) and HKDF (HKDFKeyInfo class) algorithms. P11Mac is now aligned to take the information from the map.

Generic keys now supported in SecretKeyFactory. Derived keys could be Generic.

Testing

• TestHKDF.java test added

  • All RFC 5869 test vectors checked (7 tests)
  • Cross-checking against SunJCE's HKDF implementation for every algorithm possible
    • Static assertion data for resilience if SunJCE were not available
  • Use of derived key for encryption check
  • Concatenation of input key material and salt checked (multiple combinations)
  • Multiple derivation types checked (extract only, expand only, and, extract-expand)
  • Derive key and derive data checked
  • All supported HKDF algorithms tested (HKDFWithHmacSHA1, HKDFWithHmacSHA224, HKDFWithHmacSHA256, HKDFWithHmacSHA384, HKDFWithHmacSHA512)
  • DH and ECDH key derivation for TLS checked
  • Informative output for debugging purposes (shown automatically if there is a test failure)
    • Note: test failures do not prevent all tests for running
  • Test integrated to the SunPKCS11 tests framework

• No regressions observed in jdk/sun/security/pkcs11 (114 tests passed, 0 failed)

A CSR will be proposed.

This proposal is a contribution of @martinuy and @franferrax .

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8328119: SunPKCS#11 implementation of HKDF (Enhancement - P4)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/22215/head:pull/22215
$ git checkout pull/22215

Update a local copy of the PR:
$ git checkout pull/22215
$ git pull https://git.openjdk.org/jdk.git pull/22215/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 22215

View PR using the GUI difftool:
$ git pr show -t 22215

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/22215.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back mbalao! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@martinuy The following labels will be automatically applied to this pull request:

• core-libs
• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 00: Full (e87ec99b)