[jdk11u-dev] RFR: 8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider

Goetz Lindenmaier goetz at openjdk.java.net
Thu Feb 10 13:09:06 UTC 2022 

On Wed, 9 Feb 2022 14:36:35 GMT, Martin Doerr <mdoerr at openjdk.org> wrote:

>> I backport this for parity with 11.0.15-oracle.
>> 
>> I had to do a row of adaptions. There are some implementation
>> differences, and many Java 17 usages that had to be changed.
>> 
>> In the original change in SunPKCS11.java, dA() is used 
>> to give alias names of algorithms. It calls to 
>> SecurityProviderConstants.getAliases().
>> In SunPKCS11.java of jdk11 neither dA() nore getAliases()
>> are available. It uses d() instead of da() and calls a 
>> s() with a list of literal strings to give the alias names.
>> SecurityProviderConstants.java is in java.base. The jdk11 
>> version does not contain the list of aliases that can be 
>> found in 17.
>> 
>> I looked up whether there are aliases listed for 
>> "ChaCha20-Poly1305" in 17, but found none, so I added
>> an empty call s() in SunPKCS11.java.
>> 
>> In P11AEADCipher.java I had to modify the syntax of 
>> a switch statement.
>> 
>> In CK_SALSA20_CHACHA20_POLY1305_PARAMS.java
>> I had to replace HexFormat.of().formatHex(...)
>> which is a java.util class not in 11.
>> 
>> The tests use HexFormat heavily.
>> I replaced it by HexToBytes() from TestKATForGCM and 
>> by toHexString() from TestLeadingZeroesP11.java.
>> To make these methods available I moved them to the 
>> superclass PKCS11Test.java. 
>> This way they can be used for potential later backports, too.
>> I also had to adapt a switch statement using '->' to syntax
>> know to 11.
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_SALSA20_CHACHA20_POLY1305_PARAMS.java line 64:
> 
>> 62:             sb.append("0x");
>> 63:             for (byte b: nonce) {
>> 64:                 sb.append(String.format("0%02X", b));
> 
> other code uses `String.format("%02x", b & 0xff)`. I believe it gets converted to int with sign extend otherwise. Did you check the output?

The formatter should get a java.lang.Byte. A simple test shows it's the same as HexFormat.of().formatHex().

-------------

PR: https://git.openjdk.java.net/jdk11u-dev/pull/805

More information about the jdk-updates-dev mailing list