8189441: Define algorithm names for keys derived from KeyAgreement

[wangweij]

Allow Generic as an algorithm in the KeyAgreement::generateSecret(alg) method.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change requires CSR request JDK-8347059 to be approved

Issues

• JDK-8189441: Define algorithm names for keys derived from KeyAgreement (Bug - P4)
• JDK-8347059: Define algorithm names for keys derived from KeyAgreement (CSR)

Reviewers

• Sean Mullan (@seanjmullan - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/22650/head:pull/22650
$ git checkout pull/22650

Update a local copy of the PR:
$ git checkout pull/22650
$ git pull https://git.openjdk.org/jdk.git pull/22650/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 22650

View PR using the GUI difftool:
$ git pr show -t 22650

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/22650.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back weijun! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@wangweij This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8189441: Define algorithm names for keys derived from KeyAgreement

Reviewed-by: mullan

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 275 new commits pushed to the master branch:

• 8cf0735: 8348102: java/net/httpclient/HttpClientSNITest.java fails intermittently
• a36e166: 8348241: ZGC: Unnecessarily reinitialize ZFragmentationLimit's default value
• b720517: 8348108: Race condition in AggregatePublisher.AggregateSubscription
• 17a408c: 8348169: Destruct values on free in Treap
• 25bb698: 8348195: More u2 conversion warnings after JDK-8347147
• 893d00a: 8346388: Cannot use DllMain in libawt for static builds
• 1c7641d: 8347563: C2: clean up ModRefBarrierSetC2
• 86a8b48: 8337458: Remove debugging code print_cpool_bytes
• 16a1d0a: 8348135: Fix couple of problem listing entries in test/hotspot/jtreg/ProblemList-Virtual.txt
• 16dcf15: 8348263: C2 SuperWord: TestMemorySegment.java has failing IR rules with AlignVector after JDK-8343685
• ... and 265 more: https://git.openjdk.org/jdk/compare/07c9f7138affdf0d42ecdc30adcb854515569985...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@wangweij The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 14: Full - Incremental (e30b71d4)
• 13: Full - Incremental (f29ca778)
• 12: Full - Incremental (45e32669)
• 11: Full - Incremental (70279181)
• 10: Full - Incremental (7a25debc)
• 09: Full - Incremental (345178cc)
• 08: Full - Incremental (8507cee1)
• 07: Full - Incremental (af2e2b70)
• 06: Full - Incremental (7110bf97)
• 05: Full - Incremental (106371bd)
• 04: Full - Incremental (3d8ef6f2)
• 03: Full - Incremental (0fe1f7a4)
• 02: Full - Incremental (2d78955e)
• 01: Full - Incremental (3d62a503)
• 00: Full (f7c03f78)

[wangweij]

The comparison of algorithm names was inconsistent, sometimes equals and sometimes equalsIgnoreCase. This is even more suspicious in the P11KeyAgreement where both were used. My understanding is that equalsIgnoreCase should always be used because key algorithm has always been case-insensitive. Also, since the "TlsPremasterSecret" algorithm is only used internally, it is always provided with the correct case.

[mlbridge]

Mailing list message from Michael StJohns on security-dev:

I ran into a few problems related to a similar approach in my own code.?
Basically, PKCS12 requires some sort of OID/Algorithm identifier to map
to/from the algorithm name.??? Anything that you allow for here ideally
needs to be supported by KeyStore there. It doesn't help that PKCS11 has
CKK_GENERIC_SECRET.? It also doesn't help that you can't get the actual
OID from the PKCS12 file in all cases.

If this is actually a master secret - maybe 1.3.112.4.30.1283 makes the
most sense?? Alternately, maybe OpenJDK can assign an OID for GENERIC_SECRET

I ended up with three "generic" secret keys:

1) A generic key - output of a key agreement - can be coerced into any
regular symmetric secret key, but can't be used to seed a KDF
2) A master key - randomly generated or output of a key agreement or KDF
- input to a KDF (TPM uses the first part of this, most crypto protocols
use the second)
3) A password - randomly generated, or the output of a KDF from a master
key.?? (The latter is used with a number symmetric key diversification
schemes)

None of these are easy to store in a key store... :-(

Later, Mike

On 12/18/2024 5:33 PM, Weijun Wang wrote:

[seanjmullan]

Can you also replace the link in Key.getAlgorithm with the new section you will be adding?

[wangweij]

Can you also replace the link in Key.getAlgorithm with the new section you will be adding?

OK, and maybe more. I just found SecretKeySpec and EncodedKeySpec.

[wangweij]

I've modified too many files and I think they should belong to https://bugs.openjdk.org/browse/JDK-8346736. We should only touch KEM and KeyAgreement here.

[seanjmullan]

I've modified too many files and I think they should belong to https://bugs.openjdk.org/browse/JDK-8346736. We should only touch KEM and KeyAgreement here.

Makes sense.

[wangweij]

I've reverted all changes not related to KeyAgreement and put them in #22929, including the KEM one, since it involves no behavior change and is pure clarification. I've also removed the "KEM" word from the bug title.

[seanjmullan]

A few more minor comments.

[wangweij]

/integrate

[openjdk]

Going to push as commit aba60a9.
Since your change was applied there have been 336 commits pushed to the master branch:

• 03106eb: 8344119: CUPSPrinter does not respect PostScript printer definition specification in case of reading ImageableArea values from PPD files
• ad01dfb: 8346920: Serial: Support allocation in old generation when heap is almost full
• 1d8ccb8: 8342465: Improve API documentation for java.lang.classfile
• 7d6055a: 8348429: Update cross-compilation devkits to Fedora 41/gcc 13.2
• f1e0797: 8348586: Optionally silence make warnings about non-control variables
• ffeb9b5: 8342807: Update links in java.base to use https://
• afcc2b0: 8348562: ZGC: segmentation fault due to missing node type check in barrier elision analysis
• 175e58b: 8332980: [IR Framework] Add option to measure IR rule processing time
• b8c68c0: 8348207: Linux PPC64 PCH build broken after JDK-8347909
• 70eec90: 8338303: Linux ppc64le with toolchain clang - detection failure in early JVM startup
• ... and 326 more: https://git.openjdk.org/jdk/compare/07c9f7138affdf0d42ecdc30adcb854515569985...master

Your commit was automatically rebased without conflicts.

[openjdk]

@wangweij Pushed as commit aba60a9.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.