RFR: 8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
Valerie Peng
valeriep at openjdk.java.net
Fri Oct 30 21:42:59 UTC 2020
On Thu, 29 Oct 2020 02:07:39 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Could someone please help review this PKCS#11 v3.0 header files update?
>>
>> Changes are straight-forward as below:
>> 1) Updated pkcs11.h, pkcs11f.h, pkcs11t.h to v3.0
>> 2) Updated java side w/ the new constants definitions and name/error code mappings.
>>
>> For the native headers, it's a direct copy of the official v3.0 headers except that I have to remove the tab space, and trailing white spaces due to JDK code requirement. I verified the result using 'diff -w'. As for the java side, the edit is based on the diff of native headers. I also commented out some of the unused native identifiers at java side.
>>
>> I am adding the SHA-3 digests, signatures, and macs in a separate RFE and would need this one to be reviewed/integrated first.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/Functions.java line 1095:
>
>> 1093: addMech(CKM_SP800_108_FEEDBACK_KDF, "CKM_SP800_108_FEEDBACK_KDF");
>> 1094: addMech(CKM_SP800_108_DOUBLE_PIPELINE_KDF,
>> 1095: "CKM_SP800_108_DOUBLE_PIPELINE_KDF");
>
> same comment as above.
Well, per the ordering in PKCS11Constants, these three lines are at the right place. Note that the ordering of CKM_ECDSA_SHA3_224 to CKM_EDDSA in pkcs11t.h is different from PKCS11Constants class, so I will add the comment about the general ordering following PKCS11Constants class and keep them here.
-------------
PR: https://git.openjdk.java.net/jdk/pull/917
More information about the security-dev
mailing list