[jdk11u-dev] RFR: 8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider [v3]

Martin Doerr mdoerr at openjdk.java.net
Tue Mar 1 10:16:10 UTC 2022 

On Fri, 11 Feb 2022 07:15:07 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:

>> I backport this for parity with 11.0.15-oracle.
>> 
>> I had to do a row of adaptions. There are some implementation
>> differences, and many Java 17 usages that had to be changed.
>> 
>> In the original change in SunPKCS11.java, dA() is used 
>> to give alias names of algorithms. It calls to 
>> SecurityProviderConstants.getAliases().
>> In SunPKCS11.java of jdk11 neither dA() nore getAliases()
>> are available. It uses d() instead of da() and calls a 
>> s() with a list of literal strings to give the alias names.
>> SecurityProviderConstants.java is in java.base. The jdk11 
>> version does not contain the list of aliases that can be 
>> found in 17.
>> 
>> I looked up whether there are aliases listed for 
>> "ChaCha20-Poly1305" in 17, but found none, so I added
>> an empty call s() in SunPKCS11.java.
>> 
>> In P11AEADCipher.java I had to modify the syntax of 
>> a switch statement.
>> 
>> In CK_SALSA20_CHACHA20_POLY1305_PARAMS.java
>> I had to replace HexFormat.of().formatHex(...)
>> which is a java.util class not in 11.
>> 
>> The tests use HexFormat heavily.
>> I replaced it by HexToBytes() from TestKATForGCM and 
>> by toHexString() from TestLeadingZeroesP11.java.
>> To make these methods available I moved them to the 
>> superclass PKCS11Test.java. 
>> This way they can be used for potential later backports, too.
>> I also had to adapt a switch statement using '->' to syntax
>> know to 11.
>
> Goetz Lindenmaier has updated the pull request incrementally with two additional commits since the last revision:
> 
>  - One more tiny detail
>  - These changes sneaked in from anonther backport

I'd prefer to push it after updating the aliases. Some jdk11 code may use the "OID." prefix and the algorithm would not be found. I agree with that this backport should go into 11.0.15. Ideally before ramp down or alternatively as critical backport.

-------------

PR: https://git.openjdk.java.net/jdk11u-dev/pull/805

More information about the jdk-updates-dev mailing list