Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support exporting plain SecretKey in FIPS mode #622

Merged
merged 1 commit into from
Jun 28, 2023
Merged

Support exporting plain SecretKey in FIPS mode #622

merged 1 commit into from
Jun 28, 2023

Conversation

WilburZjh
Copy link
Contributor

Signed-off-by: Jinhang Zhang Jinhang.Zhang@ibm.com

We support exporting and importing plain
RSA/EC private keys and importing secret
keys as AES in FIPS mode for now. We also
need to support exporting secret keys in
FIPS mode. Currently, while user generating
an AES secretkey in FIPS mode through
KeyGenerator, this AES key's encode is NULL.
Therefore, we modify the P11Key.java and
SunPKCS11.java files to enable the support
for exporting secret keys inclusing AES
and TripleDES.

@WilburZjh
Copy link
Contributor Author

Hi @keithc-ca , please help to review

FYI @jasonkatonica

@keithc-ca keithc-ca self-requested a review June 27, 2023 13:47
@keithc-ca keithc-ca self-assigned this Jun 27, 2023
keithc-ca
keithc-ca requested changes Jun 27, 2023
View reviewed changes
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java Outdated Show resolved Hide resolved
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java Outdated Show resolved Hide resolved
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java Outdated Show resolved Hide resolved
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java Outdated Show resolved Hide resolved
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java Outdated Show resolved Hide resolved
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java Outdated Show resolved Hide resolved
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java Outdated Show resolved Hide resolved
@keithc-ca
Copy link
Member

In your commit message, the Signed-off-by line should be the last line.

@WilburZjh WilburZjh force-pushed the exportSecretKey branch 2 times, most recently from 42b83fb to 1618589 Compare June 27, 2023 18:35
@WilburZjh
Support exporting plain SecretKey in FIPS mode
3b86658 
We support exporting and importing plain
RSA/EC private keys and importing secret
keys as AES in FIPS mode for now. We also
need to support exporting secret keys in
FIPS mode. Currently, while user generating
an AES secretkey in FIPS mode through
KeyGenerator, this AES key's encode is NULL.
Therefore, we modify the P11Key.java and
SunPKCS11.java files to enable the support
for exporting secret keys inclusing AES
and TripleDES.

Signed-off-by: Jinhang Zhang <Jinhang.Zhang@ibm.com>
@keithc-ca
Copy link
Member

Jenkins test sanity.openjdk alinux64 jdknext

keithc-ca
keithc-ca approved these changes Jun 28, 2023
View reviewed changes
Copy link
Member

@keithc-ca keithc-ca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test failures appear unrelated to this change.

@keithc-ca keithc-ca merged commit 5b1ffe6 into ibmruntimes:openj9 Jun 28, 2023
This was referenced Jul 10, 2023
Closed
Merged
Merged
Merged
Merged
tajila pushed a commit to tajila/openj9-openjdk-jdk that referenced this pull request Mar 27, 2024
@pshipton
Merge pull request ibmruntimes#622 from WilburZjh/SignInitFix
65d61b6 
Fix the PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT in FIPS mode
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keithc-ca keithc-ca keithc-ca approved these changes

Assignees

@keithc-ca keithc-ca

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WilburZjh @keithc-ca