Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8274174

Add KW and KWP support to PKCS11 provider

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P3
    • Resolution: Approved
    • Fix Version/s: 18
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Risk:
      minimal
    • Interface Kind:
      Other
    • Scope:
      JDK

      Description

      Summary

      Update SunPKCS11 provider to support AES cipher with KW and KWP modes when the underlying PKCS11 library supports the corresponding mechanisms.

      Problem

      SunPKCS11 provider does not support the native PKCS#11 CKM_AES_KEY_WRAP, CKM_AES_KEY_WRAP_PAD, and CKM_AES_KEY_WRAP_KWP mechanisms.

      Solution

      Enhance SunPKCS11 provider to support the following crypto service and algorithms when the corresponding PKCS#11 mechanisms are supported:

      • AES cipher w/ KW mode and NoPadding <=> CKM_AES_KEY_WRAP
      • AES cipher w/ KW mode and PKCS5Padding <=> CKM_AES_KEY_WRAP_PAD
      • AES cipher w/ KWP mode and NoPadding <=> CKM_AES_KEY_WRAP_KWP

      Specification

      Update table 5-3 "Java Algorithms Supported by the SunPKCS11 Provider" in PKCS#11 Reference Guide with additional rows below:

      Java Algorithm PKCS#11 Mechanism
      Cipher.AES/KW/NoPadding CKM_AES_KEY_WRAP
      Cipher.AES_128/KW/NoPadding CKM_AES_KEY_WRAP
      Cipher.AES_192/KW/NoPadding CKM_AES_KEY_WRAP
      Cipher.AES_256/KW/NoPadding CKM_AES_KEY_WRAP
      Cipher.AES/KW/PKCS5Padding CKM_AES_KEY_WRAP_PAD
      Cipher.AES_128/KW/PKCS5Padding CKM_AES_KEY_WRAP_PAD
      Cipher.AES_192/KW/PKCS5Padding CKM_AES_KEY_WRAP_PAD
      Cipher.AES_256/KW/PKCS5Padding CKM_AES_KEY_WRAP_PAD
      Cipher.AES/KWP/NoPadding CKM_AES_KEY_WRAP_KWP
      Cipher.AES_128/KWP/NoPadding CKM_AES_KEY_WRAP_KWP
      Cipher.AES_192/KWP/NoPadding CKM_AES_KEY_WRAP_KWP
      Cipher.AES_256/KWP/NoPadding CKM_AES_KEY_WRAP_KWP

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              valeriep Valerie Peng
              Reporter:
              valeriep Valerie Peng
              Reviewed By:
              Anthony Scarpino
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: