-
Bug
-
Resolution: Unresolved
-
P3
-
None
-
25
-
None
-
Cause Known
The following code
var k = KDF.getInstance("HKDF-SHA256", pkcs11Provider);
k.deriveKey("AES", HKDFParameterSpec.ofExtract().thenExpand(null, 31));
fails with
Exception in thread "main" java.security.ProviderException: HKDF derivation for algorithm 'AES' failed.
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.derive(P11HKDF.java:219)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.engineDeriveKey(P11HKDF.java:107)
at java.base/javax.crypto.KDF.deriveKey(KDF.java:526)
at Test.main(Test.java:10)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_SIZE_RANGE
at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_DeriveKey(Native Method)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.derive(P11HKDF.java:199)
... 3 more
This is user input issue. An InvalidAlgorithmParameterException should be thrown.
var k = KDF.getInstance("HKDF-SHA256", pkcs11Provider);
k.deriveKey("AES", HKDFParameterSpec.ofExtract().thenExpand(null, 31));
fails with
Exception in thread "main" java.security.ProviderException: HKDF derivation for algorithm 'AES' failed.
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.derive(P11HKDF.java:219)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.engineDeriveKey(P11HKDF.java:107)
at java.base/javax.crypto.KDF.deriveKey(KDF.java:526)
at Test.main(Test.java:10)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_SIZE_RANGE
at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_DeriveKey(Native Method)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.derive(P11HKDF.java:199)
... 3 more
This is user input issue. An InvalidAlgorithmParameterException should be thrown.
- links to
-
Review(master)
openjdk/jdk/24526