-
Type:
CSR
-
Resolution: Approved
-
Priority:
P3
-
Component/s: security-libs
-
None
-
minimal
-
Other
-
JDK
Summary
Update SunPKCS11 provider to support AES cipher with KW and KWP modes when the underlying PKCS11 library supports the corresponding mechanisms.
Problem
SunPKCS11 provider does not support the native PKCS#11 CKM_AES_KEY_WRAP, CKM_AES_KEY_WRAP_PAD, and CKM_AES_KEY_WRAP_KWP mechanisms.
Solution
Enhance SunPKCS11 provider to support the following crypto service and algorithms when the corresponding PKCS#11 mechanisms are supported:
- AES cipher w/ KW mode and NoPadding <=> CKM_AES_KEY_WRAP
- AES cipher w/ KW mode and PKCS5Padding <=> CKM_AES_KEY_WRAP_PAD
- AES cipher w/ KWP mode and NoPadding <=> CKM_AES_KEY_WRAP_KWP
Specification
Update table 5-3 "Java Algorithms Supported by the SunPKCS11 Provider" in PKCS#11 Reference Guide with additional rows below:
<table> <tr><th>Java Algorithm</th> <th>PKCS#11 Mechanism</th></tr> <tr><td>Cipher.AES/KW/NoPadding</td> <td>CKM_AES_KEY_WRAP</td></tr> <tr><td>Cipher.AES_128/KW/NoPadding</td> <td>CKM_AES_KEY_WRAP</td></tr> <tr><td>Cipher.AES_192/KW/NoPadding</td> <td>CKM_AES_KEY_WRAP</td></tr> <tr><td>Cipher.AES_256/KW/NoPadding</td> <td>CKM_AES_KEY_WRAP</td></tr> <tr><td>Cipher.AES/KW/PKCS5Padding</td> <td>CKM_AES_KEY_WRAP_PAD</td></tr> <tr><td>Cipher.AES_128/KW/PKCS5Padding</td> <td>CKM_AES_KEY_WRAP_PAD</td></tr> <tr><td>Cipher.AES_192/KW/PKCS5Padding</td> <td>CKM_AES_KEY_WRAP_PAD</td></tr> <tr><td>Cipher.AES_256/KW/PKCS5Padding</td> <td>CKM_AES_KEY_WRAP_PAD</td></tr> <tr><td>Cipher.AES/KWP/NoPadding</td> <td>CKM_AES_KEY_WRAP_KWP</td></tr> <tr><td>Cipher.AES_128/KWP/NoPadding</td> <td>CKM_AES_KEY_WRAP_KWP</td></tr> <tr><td>Cipher.AES_192/KWP/NoPadding</td> <td>CKM_AES_KEY_WRAP_KWP</td></tr> <tr><td>Cipher.AES_256/KWP/NoPadding</td> <td>CKM_AES_KEY_WRAP_KWP</td></tr> </table>
- csr of
-
JDK-8264849 Add KW and KWP support to PKCS11 provider
-
- Resolved
-