RFR: 8264849: Add KW and KWP support to PKCS11 provider
Valerie Peng
valeriep at openjdk.java.net
Fri Oct 1 23:59:38 UTC 2021
On Fri, 1 Oct 2021 00:51:27 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:
>> Anyone has time to review this RFE for adding AES cipher with KW, KWP modes support to SunPKCS11 provider?
>>
>> The main changes are in only one new class, i.e. P11KeyWrapCipher.java, which is the CipherSpi impl for the native PKCS11 key wrap mechanisms. When testing against NSS library, it seems that they only support the single part enc/dec PKCS11 APIs, so have to use a new class as existing P11Cipher class relies on the multi part enc/dec PKCS11 APIs and do not support key wrapping/unwrapping.
>>
>> The rest are minor code refactoring and updates for the PKCS11 Exception class.
>> The new regression tests are adapted from existing key wrap regression tests for SunJCE provider.
>>
>> Thanks,
>> Valerie
>
> test/jdk/sun/security/pkcs11/Cipher/KeyWrap/TestGeneral.java line 30:
>
>> 28: * AES/KW/PKCS5Padding, and AES/KWP/NoPadding impls of SunPKCS11 provider.
>> 29: * @library /test/lib ../..
>> 30: * @run main/othervm TestGeneral
>
> General question about all the tests. They use othervm, did they not work with agentvm?
Hmm, good question. There are system provider manipulation code in PKCS11Test class, i.e. Security.addProvider(), Security.removeProvider() calls as well as setting/getting system properties. I suppose if we can be sure that things are back to a clean state after each test, then should be ok to use agentvm instead of othervm.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5569
More information about the security-dev
mailing list