Could someone help review this straight forward change? During the interoperability testing with PKCS11 KW/KWP support, it is noticed that SunJCE provider used the wrong block size (AES: 16) when padding is needed for KW mode. With KW, KWP modes, data block size is multiples of 8-byte, so the padding should pad data to multiples of 8 bytes instead of 16. In addition, although PKCS#11 v3.0 states the IV for KWP mode is 4-byte, NSS's implementation would silently ignore the specified IVs. Thus, for max interoperability, it seems safer to change SunJCE provider to always use the same default IV and disallow custom IVs for KWP mode, at least for now. Regression test is enhanced to test more scenarios.
Thanks, Valerie ------------- Commit messages: - 8271745: Correct block size for KW,KWP mode and use fixed IV for KWP mode for SunJCE Changes: https://git.openjdk.java.net/jdk/pull/5236/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=5236&range=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8271745 Stats: 248 lines in 3 files changed: 98 ins; 35 del; 115 mod Patch: https://git.openjdk.java.net/jdk/pull/5236.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/5236/head:pull/5236 PR: https://git.openjdk.java.net/jdk/pull/5236
