RFR: 8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider [v3]
Jamil Nimeh
jnimeh at openjdk.java.net
Thu Apr 15 14:27:42 UTC 2021
On Wed, 14 Apr 2021 03:58:33 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Could someone (perhaps Jamil?) please help review this change? This enhances SunPKCS11 provider with ChaCha20-Poly1305 cipher and ChaCha20 key generation support. Majority of the regression tests are adapted from the existing ones for SunJCE provider's ChaCha20-Poly1305 cipher impl. When testing against NSS v3.57, it does not have support for ChaCha20 cipher, thus I did not add support for ChaCha20 cipher and the corresponding parameter.
>>
>> Thanks!
>> Valerie
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>
> Fixed an tagLen issue, no key+iv reuse check for decryption, and add regression test for ChaCha20 SKF.
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java line 225:
> 223: }
> 224: apAlgo = "ChaCha20-Poly1305";
> 225: spec = new IvParameterSpec(iv);
Are there protections further up the call stack that guarantee that iv will be non-null when encrypt == false? I assume there are but I figured I'd ask since a null iv could cause NPE.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3420
More information about the security-dev
mailing list