RFR: 8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files

Hai-May Chao hchao at openjdk.java.net
Thu Oct 29 02:20:44 UTC 2020


On Wed, 28 Oct 2020 21:35:25 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

> Could someone please help review this PKCS#11 v3.0 header files update?
> 
> Changes are straight-forward as below:
> 1) Updated pkcs11.h, pkcs11f.h, pkcs11t.h to v3.0
> 2) Updated java side w/ the new constants definitions and name/error code mappings.
> 
> For the native headers, it's a direct copy of the official v3.0 headers except that I have to remove the tab space, and trailing white spaces due to JDK code requirement. I verified the result using 'diff -w'. As for the java side, the edit is based on the diff of native headers. I also commented out some of the unused native identifiers at java side.
> 
> I am adding the SHA-3 digests, signatures, and macs in a separate RFE and would need this one to be reviewed/integrated first.
> 
> Thanks,
> Valerie

Changes look good. Only minor comments.

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java line 793:

> 791:         addMech(CKM_SHA3_512_RSA_PKCS_PSS,      "CKM_SHA3_512_RSA_PKCS_PSS");
> 792:         addMech(CKM_SHA3_224_RSA_PKCS,          "CKM_SHA3_224_RSA_PKCS");
> 793:         addMech(CKM_SHA3_224_RSA_PKCS_PSS,      "CKM_SHA3_224_RSA_PKCS_PSS");

It appears that you're arranging the addMech(with CKM_xxx) based on the mechanism values. How about the code from #773 to #793, move it up?

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java line 1095:

> 1093:         addMech(CKM_SP800_108_FEEDBACK_KDF,     "CKM_SP800_108_FEEDBACK_KDF");
> 1094:         addMech(CKM_SP800_108_DOUBLE_PIPELINE_KDF,
> 1095:                                          "CKM_SP800_108_DOUBLE_PIPELINE_KDF");

same comment as above.

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java line 987:

> 985:     public static final long  CKM_SP800_108_FEEDBACK_KDF     = 0x000003adL;
> 986:     public static final long  CKM_SP800_108_DOUBLE_PIPELINE_KDF = 0x000003aeL;
> 987: 

Same comment.

-------------

PR: https://git.openjdk.java.net/jdk/pull/917



More information about the security-dev mailing list