RFR: 8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
Hai-May Chao
hchao at openjdk.java.net
Thu Oct 29 02:20:44 UTC 2020
On Wed, 28 Oct 2020 21:35:25 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> Could someone please help review this PKCS#11 v3.0 header files update?
>
> Changes are straight-forward as below:
> 1) Updated pkcs11.h, pkcs11f.h, pkcs11t.h to v3.0
> 2) Updated java side w/ the new constants definitions and name/error code mappings.
>
> For the native headers, it's a direct copy of the official v3.0 headers except that I have to remove the tab space, and trailing white spaces due to JDK code requirement. I verified the result using 'diff -w'. As for the java side, the edit is based on the diff of native headers. I also commented out some of the unused native identifiers at java side.
>
> I am adding the SHA-3 digests, signatures, and macs in a separate RFE and would need this one to be reviewed/integrated first.
>
> Thanks,
> Valerie
Changes look good. Only minor comments.
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java line 793:
> 791: addMech(CKM_SHA3_512_RSA_PKCS_PSS, "CKM_SHA3_512_RSA_PKCS_PSS");
> 792: addMech(CKM_SHA3_224_RSA_PKCS, "CKM_SHA3_224_RSA_PKCS");
> 793: addMech(CKM_SHA3_224_RSA_PKCS_PSS, "CKM_SHA3_224_RSA_PKCS_PSS");
It appears that you're arranging the addMech(with CKM_xxx) based on the mechanism values. How about the code from #773 to #793, move it up?
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java line 1095:
> 1093: addMech(CKM_SP800_108_FEEDBACK_KDF, "CKM_SP800_108_FEEDBACK_KDF");
> 1094: addMech(CKM_SP800_108_DOUBLE_PIPELINE_KDF,
> 1095: "CKM_SP800_108_DOUBLE_PIPELINE_KDF");
same comment as above.
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java line 987:
> 985: public static final long CKM_SP800_108_FEEDBACK_KDF = 0x000003adL;
> 986: public static final long CKM_SP800_108_DOUBLE_PIPELINE_KDF = 0x000003aeL;
> 987:
Same comment.
-------------
PR: https://git.openjdk.java.net/jdk/pull/917
More information about the security-dev
mailing list