On Thu, 30 Sep 2021 02:32:33 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
>> Anyone has time to review this RFE for adding AES cipher with KW, KWP modes
>> support to SunPKCS11 provider?
>>
>> The main changes are in only one new class, i.e. P11KeyWrapCipher.java,
>> which is the CipherSpi impl for the native PKCS11 key wrap mechanisms. When
>> testing against NSS library, it seems that they only support the single part
>> enc/dec PKCS11 APIs, so have to use a new class as existing P11Cipher class
>> relies on the multi part enc/dec PKCS11 APIs and do not support key
>> wrapping/unwrapping.
>>
>> The rest are minor code refactoring and updates for the PKCS11 Exception
>> class.
>> The new regression tests are adapted from existing key wrap regression tests
>> for SunJCE provider.
>>
>> Thanks,
>> Valerie
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyWrapCipher.java
> line 129:
>
>> 127: if (algoParts[0].startsWith("AES")) {
>> 128: // need 3 parts
>> 129: if (algoParts.length != 3) {
>
> At this point in the code, isn't it already certain to be a valid transform?
> The SunPKCS11 entries are limited to the valid transforms. Additionally do
> you really want AssertionError? Not NoSuchAlgorithmException?
Hmm, you are right, no need to check again as there are code in
javax.crypto.Cipher class which handles this. I will remove it.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5569
