RFR: 8248268: Support KWP in addition to KW [v3]
Valerie Peng
valeriep at openjdk.java.net
Thu Mar 25 21:47:27 UTC 2021
On Tue, 23 Mar 2021 20:09:23 GMT, Greg Rubin <github.com+829871+SalusaSecondus at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Changed AlgorithmParameters impls to register under AES/KW/NoPadding and
>> AES/KWP/NoPadding
>
> src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java line 507:
>
>> 505: } else {
>> 506: outLen = cipher.encryptFinal(dataBuf, 0, dataIdx, null, -1);
>> 507: }
>
> Can we extract this shared logic (among the different versions of `engineDoFinal`) into a separate helper method so that the different `engineDoFinal` methods just need to handle their specific differences (such as returning `Arrays.copyOf(dataBuf, outLen)` or calling `System.arraycopy(dataBuf, 0, out, outOfs, outLen); return outLen;`).
Right, I agree. Will look into it.
> src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java line 660:
>
>> 658: @Override
>> 659: protected byte[] engineWrap(Key key)
>> 660: throws IllegalBlockSizeException, InvalidKeyException {
>
> Is it okay that we can call `cipher.init(Cipher.ENCRYPT_MODE, ...)` and then use it with `cipher.wrap()`?
>
> Also, can we simply delegate the heavy lifting to `engineDoFinal()` (or the new suggested helper method) rather than duplicating this logic here?
Right, I will add additional checking on the Cipher.XXX_MODE. Agree with you regarding reducing the code duplication.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2404
More information about the security-dev
mailing list