commit 8b3c31751693bc7de9487cb3a17daccd6c6f75f2

Author: duke <duke@openjdk.org>

Date:   Sat Jul 30 22:24:04 2022 +0000

    Backport b6bd190d8d10fdb177f9fb100c9f44c9f57a3cb5

diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java

index 96db38828a1..8d1b8ccb0ae 100644

--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java

+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java

@@ -1,5 +1,5 @@

 /*

- * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.

+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.

  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

  *

  * This code is free software; you can redistribute it and/or modify it

@@ -69,6 +69,7 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {

         addKeyType("AES",      CKK_AES);

         addKeyType("Blowfish", CKK_BLOWFISH);

         addKeyType("ChaCha20", CKK_CHACHA20);

+        addKeyType("ChaCha20-Poly1305", CKK_CHACHA20);

         // we don't implement RC2 or IDEA, but we want to be able to generate

         // keys for those SSL/TLS ciphersuites.

diff --git a/test/jdk/sun/security/pkcs11/tls/TestKeyMaterialChaCha20.java b/test/jdk/sun/security/pkcs11/tls/TestKeyMaterialChaCha20.java

new file mode 100644

index 00000000000..51471fca65a

--- /dev/null

+++ b/test/jdk/sun/security/pkcs11/tls/TestKeyMaterialChaCha20.java

@@ -0,0 +1,94 @@

+/*

+ * Copyright (c) 2022, Red Hat, Inc.

+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

+ *

+ * This code is free software; you can redistribute it and/or modify it

+ * under the terms of the GNU General Public License version 2 only, as

+ * published by the Free Software Foundation.

+ *

+ * This code is distributed in the hope that it will be useful, but WITHOUT

+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

+ * version 2 for more details (a copy is included in the LICENSE file that

+ * accompanied this code).

+ *

+ * You should have received a copy of the GNU General Public License version

+ * 2 along with this work; if not, write to the Free Software Foundation,

+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

+ *

+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

+ * or visit www.oracle.com if you need additional information or have any

+ * questions.

+ */

+

+/*

+ * @test

+ * @bug 8288985

+ * @summary Tests that P11TlsKeyMaterialGenerator works with ChaCha20-Poly1305

+ * @library /test/lib ..

+ * @modules java.base/sun.security.internal.spec

+ *          jdk.crypto.cryptoki

+ * @run main/othervm TestKeyMaterialChaCha20

+ */

+

+import javax.crypto.KeyGenerator;

+import javax.crypto.SecretKey;

+import java.security.Provider;

+import java.security.NoSuchAlgorithmException;

+import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;

+import sun.security.internal.spec.TlsMasterSecretParameterSpec;

+import sun.security.internal.spec.TlsKeyMaterialParameterSpec;

+

+

+public class TestKeyMaterialChaCha20 extends PKCS11Test {

+

+    public static void main(String[] args) throws Exception {

+        main(new TestKeyMaterialChaCha20(), args);

+    }

+

+    @Override

+    public void main(Provider provider) throws Exception {

+        KeyGenerator kg1, kg2, kg3;

+        try {

+            kg1 = KeyGenerator.getInstance("SunTlsRsaPremasterSecret", provider);

+        } catch (Exception e) {

+            System.out.println("Skipping, SunTlsRsaPremasterSecret KeyGenerator not supported");

+            return;

+        }

+        try {

+            kg2 = KeyGenerator.getInstance("SunTls12MasterSecret", provider);

+        } catch (Exception e) {

+            System.out.println("Skipping, SunTls12MasterSecret KeyGenerator not supported");

+            return;

+        }

+        try {

+            kg3 = KeyGenerator.getInstance("SunTls12KeyMaterial", provider);

+        } catch (Exception e) {

+            System.out.println("Skipping, SunTls12KeyMaterial KeyGenerator not supported");

+            return;

+        }

+

+        kg1.init(new TlsRsaPremasterSecretParameterSpec(0x0303, 0x0303));

+        SecretKey preMasterSecret = kg1.generateKey();

+

+        TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(

+            preMasterSecret,

+            3, 3,

+            new byte[32],

+            new byte[32],

+            "SHA-256", 32, 64);

+        kg2.init(spec);

+        SecretKey masterSecret = kg2.generateKey();

+

+        TlsKeyMaterialParameterSpec params = new TlsKeyMaterialParameterSpec(

+            masterSecret, 3, 3,

+            new byte[32],

+            new byte[32],

+            "ChaCha20-Poly1305", 32, 32,

+            12, 0,

+            "SHA-256", 32, 64);

+        kg3.init(params);

+        kg3.generateKey();

+    }

+

+}