Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Finish creating SymmetricKeys from byte arrays #262

Merged
merged 4 commits into from
Sep 25, 2019
Merged

Finish creating SymmetricKeys from byte arrays #262

merged 4 commits into from
Sep 25, 2019

Conversation

cipherboy
Copy link
Member

In the course of #259, I wanted to finish creating a PK11SymKey from a byte array. In doing so, I realized that, when we specify a SecretKeySpec, we do the import correctly already in our SecretKeyFactory implementation, JSSSecretKeyFactorySpi. However, what is missing is support for a few newer HMAC variants.

This PR does the following things:

  • Finishes adding support for SHA2 variants. This includes adding missing class stubs using the right constants.
  • Allows mapping for SymmetricKey.Usage to PKCS11Constants values. This is currently unused, but could be used in the future.
  • Adds support for multiple names in SymmetricKey.Types... mostly for HMAC. Otherwise, you'd pass one name to SecretKeyFactory and another to SecretKeySpec.
  • Updates the tests to use the simplified import structure.

@cipherboy
Finish adding SHA2 variants
8c8424a 
When the SHA-2 variants were initially added (SHA2-256, SHA2-384, and
SHA2-512), they weren't added to either SymmetricKey or PKCS11Algorithm.
This fixes that, allowing Algorithm identifiers to be mapped to
PKCS11Constant values, and also to be used as symmetric keys.

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Map SymmetricKey.Usages to PKCS11Constants
4a13c74 
Each usage in SymmetricKey.Usages maps to a specific PKCS11Constant with
prefix "CKA_" (which is of type CK_ATTRIBUTE_TYPE). These constants can
be directly used with the underlying PKCS#11 interface via JNI.

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy added enhancement New feature or request protocols Changes which affect protocol level work such as TLS, PKCS11, X509, etc. labels Sep 19, 2019
@cipherboy cipherboy added this to the 4.6.2 milestone Sep 19, 2019
@cipherboy cipherboy requested a review from jmagne September 19, 2019 18:47
@cipherboy cipherboy self-assigned this Sep 19, 2019
@cipherboy cipherboy mentioned this pull request Sep 19, 2019
Merged
@cipherboy cipherboy requested a review from edewata September 19, 2019 21:16
@edewata
Copy link
Contributor

edewata commented Sep 19, 2019

Generally looks fine, but I'd defer to @jmagne.

jmagne
jmagne approved these changes Sep 20, 2019
View reviewed changes
Copy link
Contributor

@jmagne jmagne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. This will simplify some stuff we are doing in the server nicely.

@cipherboy cipherboy force-pushed the symkey-from-byte-array branch from b1fbd77 to 66952b6 Compare September 25, 2019 13:37
@cipherboy cipherboy merged commit e791542 into dogtagpki:master Sep 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmagne jmagne jmagne approved these changes

@edewata edewata Awaiting requested review from edewata

Assignees

@cipherboy cipherboy

Labels
enhancement New feature or request protocols Changes which affect protocol level work such as TLS, PKCS11, X509, etc.
Projects
None yet
Milestone
4.6.2
Development

Successfully merging this pull request may close these issues.
3 participants
@cipherboy @edewata @jmagne