RFR: 8301553: Support Password-Based Cryptography in SunPKCS11
Martin Balao
mbalao at openjdk.org
Tue Mar 21 06:59:49 UTC 2023
On Thu, 16 Feb 2023 23:12:09 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java line 1192:
>>
>>> 1190: /* (CKM_NSS + 31) */ = 0xCE53436FL;
>>> 1191: public static final long CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN
>>> 1192: /* (CKM_NSS + 32) */ = 0xCE534370L;
>>
>> For user-friendly sake, now that you added these mechanisms, you should add the string name mapping for these native NSS mechanisms into the sun.security.pkcs11.wrapper.Functions class through its addMech(long, String) method.
>
> That's right. As part of the next iteration we will fix that and better align the order, grouping NSS mechanisms together in PKCS11Constants.java.
We realized that strings for Pseudo-random function (CKP_) and Salt/Encoding parameter (CKZ_) constants were missing. We added it to Functions.java, and modified CK_PKCS5_PBKD2_PARAMS and CK_PKCS5_PBKD2_PARAMS2 classes to use them.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/12396#discussion_r1142952860
More information about the security-dev
mailing list