-
CSR
-
Resolution: Approved
-
P3
-
None
-
minimal
-
No risk as new header files are backward compatible with older versions.
-
Other
-
Implementation
Summary
PKCS#11 standard is updated to v2.40 (Base specification - http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html with other specifications listed under "Related Work" section on the same page) in April 2015 with errata published one year later in 2016. SunPKCS11 provider should update to v2.40 accordingly.
Problem
The implementation of SunPKCS11 is mostly based on PKCS#11 v2.20 release. It lacks support for some algorithms, attributes, etc., added through out the various releases of PKCS#11 standard.
Solution
Enhance SunPKCS11 provider with PKCS#11 v2.40 header files, add support for common algorithms, and recognize more PKCS#11 defined constants for mechanisms, attributes, key types, etc.
Specification
1) Update to use PKCS#11 v2.40 header files, e.g. remove v2.20 specific header file and update the content of other PKCS#11 header files.
2) Add support for the following algorithms when the underlying PKCS#11 library supports the corresponding mechanism:
Java Algorithm PKCS#11 Mechanism
MessageDigest.SHA-512/224 CKM_SHA512_224
MessageDigest.SHA-512/256 CKM_SHA512_256
MAC.HmacSHA512/224 CKM_SHA512_224_HMAC
MAC.HmacSHA512/256 CKM_SHA512_256_HMAC
Signature.RSASSA-PSS CKM_RSA_PKCS_PSS
Signature.SHA1withRSASSA-PSS CKM_SHA1_RSA_PKCS_PSS
Signature.SHA224withRSASSA-PSS CKM_SHA224_RSA_PKCS_PSS
Signature.SHA256withRSASSA-PSS CKM_SHA256_RSA_PKCS_PSS
Signature.SHA384withRSASSA-PSS CKM_SHA384_RSA_PKCS_PSS
Signature.SHA512withRSASSA-PSS CKM_SHA512_RSA_PKCS_PSS
Signature.SHA224withDSA CKM_DSA_SHA224
Signature.SHA256withDSA CKM_DSA_SHA256
Signature.SHA384withDSA CKM_DSA_SHA384
Signature.SHA512withDSA CKM_DSA_SHA512
Cipher.AES/GCM/NoPadding CKM_AES_GCM
3) Now recognizes the various PKCS#11 constants (mechanisms, attributes, key types, error codes) as defined in v2.40 header files and won't error out unexpectedly.
Differences with JDK CSR JDK-8221442: none
- csr of
-
JDK-8252510 Update SunPKCS11 provider with PKCS11 v2.40 support
- Resolved