[jdk11u-dev] RFR: 8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider

Martin Doerr mdoerr at openjdk.java.net
Wed Feb 9 14:57:12 UTC 2022 

On Thu, 3 Feb 2022 19:33:31 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:

> I backport this for parity with 11.0.15-oracle.
> 
> I had to do a row of adaptions. There are some implementation
> differences, and many Java 17 usages that had to be changed.
> 
> In the original change in SunPKCS11.java, dA() is used 
> to give alias names of algorithms. It calls to 
> SecurityProviderConstants.getAliases().
> In SunPKCS11.java of jdk11 neither dA() nore getAliases()
> are available. It uses d() instead of da() and calls a 
> s() with a list of literal strings to give the alias names.
> SecurityProviderConstants.java is in java.base. The jdk11 
> version does not contain the list of aliases that can be 
> found in 17.
> 
> I looked up whether there are aliases listed for 
> "ChaCha20-Poly1305" in 17, but found none, so I added
> an empty call s() in SunPKCS11.java.
> 
> In P11AEADCipher.java I had to modify the syntax of 
> a switch statement.
> 
> In CK_SALSA20_CHACHA20_POLY1305_PARAMS.java
> I had to replace HexFormat.of().formatHex(...)
> which is a java.util class not in 11.
> 
> The tests use HexFormat heavily.
> I replaced it by HexToBytes() from TestKATForGCM and 
> by toHexString() from TestLeadingZeroesP11.java.
> To make these methods available I moved them to the 
> superclass PKCS11Test.java. 
> This way they can be used for potential later backports, too.
> I also had to adapt a switch statement using '->' to syntax
> know to 11.

Hi Götz, thanks for doing this large backport. Looks basically good, but I have a couple of requests. The small test code refactoring makes sense.

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java line 635:

> 633:         d(AGP, "ChaCha20-Poly1305",
> 634:                 "com.sun.crypto.provider.ChaCha20Poly1305Parameters",
> 635:                 s(),

aliases should be taken from KnowsOIDs: CHACHA20_POLY1305("1.2.840.113549.1.9.16.3.18", "CHACHA20-POLY1305"),

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java line 724:

> 722: 
> 723:         d(CIP, "ChaCha20-Poly1305",             P11AEADCipher,
> 724:                 s(),

like above

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java line 727:

> 725:                 m(CKM_CHACHA20_POLY1305));
> 726: 
> 727: 

extra newline

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_SALSA20_CHACHA20_POLY1305_PARAMS.java line 64:

> 62:             sb.append("0x");
> 63:             for (byte b: nonce) {
> 64:                 sb.append(String.format("0%02X", b));

other code uses `String.format("%02x", b & 0xff)`. I believe it gets converted to int with sign extend otherwise. Did you check the output?

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_SALSA20_CHACHA20_POLY1305_PARAMS.java line 75:

> 73:             sb.append("0x");
> 74:             for (byte b: aad) {
> 75:                 sb.append(String.format("0%02X", b));

like above

-------------

Changes requested by mdoerr (Reviewer).

PR: https://git.openjdk.java.net/jdk11u-dev/pull/805

More information about the jdk-updates-dev mailing list