On Fri, 18 Apr 2025 19:52:45 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
>> line 605:
>>
>>> 603: }
>>> 604: }
>>> 605: }
>>
>> Hmm, how about separating out AES, RC4, Blowfish and ChaCha20 to a separate
>> case? Only DES and DES3 needs parity checking and they are very legacy.
>
> We would need to repeat code if we separate (invocation to
> `P11KeyGenerator::checkKeySize`). Does not look complex enough in my opinion
> to merit this split.
The separation can remove 1 conditional block, so only 1 extra line and the
flow looks cleaner in my opinion, e.g.
Suggestion:
case (int) CKK_DES, (int) CKK_DES3 -> {
keyLength = P11KeyGenerator.checkKeySize(ki.keyGenMech, n,
token);
fixDESParity(encoded, 0);
if (keyType == CKK_DES3) {
fixDESParity(encoded, 8);
if (keyLength == 112) {
keyType = CKK_DES2;
} else {
fixDESParity(encoded, 16);
}
}
}
case (int) CKK_AES, (int) CKK_RC4, (int) CKK_BLOWFISH, (int)
CKK_CHACHA20 -> {
keyLength = P11KeyGenerator.checkKeySize(ki.keyGenMech, n,
token);
}
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24526#discussion_r2051131893
