On Thu, 1 Jun 2023 21:04:32 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> 8301553: Support Password-Based Cryptography in SunPKCS11 (iteration #4) >> >> Co-authored-by: Francisco Ferrari <fferr...@redhat.com> >> Co-authored-by: Martin Balao <mba...@redhat.com> > > As someone who is familiar with the Cipher convention, it's clearer to apply > the Cipher convention across the board, i.e. for Mac and SecretKeyFactory > too. > For example: For SecretKeyFactory.PBEWithHmacSHA1AndAES_128, use > `CKM_PKCS5_PBKD2 (required CKM_SHA_1_HMAC)` instead of `CKM_PKCS5_PBKD2 and > CKM_SHA_1_HMAC`. > > The listed mechanism is the one the impl maps to or based on. The required > mechanism is for auxiliary functionalities. Putting the auxiliary one inside > the required brackets seems clearer than combining them with the "and" word. @valeriepeng: if the following format looks good to you, I'll pass the update to @martinuy: <table> <tr><th>Java Algorithm</th> <th>PKCS#11 Mechanisms</th></tr> <tr><td>Cipher.PBEWithHmacSHA1AndAES_128</td> <td>CKM_AES_CBC_PAD, CKM_AES_CBC (requires CKM_PKCS5_PBKD2 and CKM_SHA_1_HMAC)</td></tr> <tr><td>[…]</td> <td>[…]</td></tr> <tr><td>Mac.HmacPBESHA1</td> <td>CKM_SHA_1_HMAC (requires CKM_PBA_SHA1_WITH_SHA1_HMAC)</td></tr> <tr><td>[…]</td> <td>[…]</td></tr> <tr><td>SecretKeyFactory.HmacPBESHA1</td> <td>CKM_PBA_SHA1_WITH_SHA1_HMAC</td></tr> <tr><td>[…]</td> <td>[…]</td></tr> <tr><td>SecretKeyFactory.PBKDF2WithHmacSHA224</td> <td>CKM_PKCS5_PBKD2 (requires CKM_SHA224_HMAC)</td></tr> </table> ------------- PR Comment: https://git.openjdk.org/jdk/pull/12396#issuecomment-1572960218
