RFR: 8264849: Add KW and KWP support to PKCS11 provider
Valerie Peng
valeriep at openjdk.java.net
Fri Oct 1 18:00:33 UTC 2021
On Wed, 29 Sep 2021 22:40:10 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Anyone has time to review this RFE for adding AES cipher with KW, KWP modes support to SunPKCS11 provider?
>>
>> The main changes are in only one new class, i.e. P11KeyWrapCipher.java, which is the CipherSpi impl for the native PKCS11 key wrap mechanisms. When testing against NSS library, it seems that they only support the single part enc/dec PKCS11 APIs, so have to use a new class as existing P11Cipher class relies on the multi part enc/dec PKCS11 APIs and do not support key wrapping/unwrapping.
>>
>> The rest are minor code refactoring and updates for the PKCS11 Exception class.
>> The new regression tests are adapted from existing key wrap regression tests for SunJCE provider.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java line 824:
>
>> 822: } else if (e.match(CKR_ENCRYPTED_DATA_INVALID) ||
>> 823: e.match(CKR_GENERAL_ERROR)) {
>> 824: // CKR_GENERAL_ERROR is Solaris-specific workaround
>
> With Solaris no longer support, this could be removed. Are you leaving it for backporting?
Yes, thought that it may be useful in case this got backported.
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyWrapCipher.java line 57:
>
>> 55: * doFinal() is called.
>> 56: *
>> 57: * @since 18
>
> Is there only suppose to be one space between `@since` and 18?
Sure, will fix.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5569
More information about the security-dev
mailing list