On Wed, 29 Sep 2021 22:40:10 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
>> Anyone has time to review this RFE for adding AES cipher with KW, KWP modes
>> support to SunPKCS11 provider?
>>
>> The main changes are in only one new class, i.e. P11KeyWrapCipher.java,
>> which is the CipherSpi impl for the native PKCS11 key wrap mechanisms. When
>> testing against NSS library, it seems that they only support the single part
>> enc/dec PKCS11 APIs, so have to use a new class as existing P11Cipher class
>> relies on the multi part enc/dec PKCS11 APIs and do not support key
>> wrapping/unwrapping.
>>
>> The rest are minor code refactoring and updates for the PKCS11 Exception
>> class.
>> The new regression tests are adapted from existing key wrap regression tests
>> for SunJCE provider.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11AEADCipher.java
> line 824:
>
>> 822: } else if (e.match(CKR_ENCRYPTED_DATA_INVALID) ||
>> 823: e.match(CKR_GENERAL_ERROR)) {
>> 824: // CKR_GENERAL_ERROR is Solaris-specific workaround
>
> With Solaris no longer support, this could be removed. Are you leaving it
> for backporting?
Yes, thought that it may be useful in case this got backported.
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyWrapCipher.java
> line 57:
>
>> 55: * doFinal() is called.
>> 56: *
>> 57: * @since 18
>
> Is there only suppose to be one space between `@since` and 18?
Sure, will fix.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5569
