Problems with TLS ciphers on ARM

[Alex Kashchenko]

Hi Michael,

On 01/20/2017 03:53 PM, Michael Barnwell wrote:
> Hi y'all,
>
> I hope this is an appropriate place to send this. I believe I've identified
> an issue with certain TLS ciphers when using OpenJDK 1.8.0_111 on ARMv7 and
> I've reached the end of my abilities in terms of trying to solve them.
>
> I have a fairly standard TLS endpoint, in this case its an MQTT broker
> which requires a client side certificate to connect, however I'm not even
> getting past validating the server certificate so the test case doesn't
> rely on that.
>
> What I've found is that on a Raspberry Pi 3 running Ubuntu 16.04 and
> OpenJDK, several ciphers will throw a "signature validation" error,
> specifically the following cipher suites:
>
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>
> However, if I run the exact same test on Oracle JVM 1.8.0_121, the cipher
> suites all work perfectly. Likewise, if I run the test on x86 using the
> same version of OpenJDK, the tests run perfectly.
>
> I've thrown a test together at https://github.com/mpbarnwell/tlstest - just
> run mvn test and it'll try and connect to my TLS protected endpoint using
> all the cipher suites available, one by one.
>
> The different outputs from JVMs on ARM, x86 and Oracle vs OpenJDK can be
> found at https://gist.github.com/mpbarnwell/663e041db10714a78b94fc12d4ac9a4e
>
>
> Any help is much appreciated! I can provide more debug output but I didn't
> want to get carried away if this is the wrong place.

About Elliptic Curve crypto, could you please try this test [1] on your 
setup to check whether EC Crypto generally works for you?

You jdk build most probably uses EC crypto changes that originates from 
IcedTea project [2][3] (and a dozen or so follow-ups; these changes are 
not included into upstream OpenJDK). These changes restrict the set of 
supported EC named curves (AFAIK due to EC patents restrictions). Though 
3 most widely supported named curves must continue to work with it. If 
your certificate uses non-supported EC named curve that can cause 
connection problems. That doesn't explain the difference between arm32 
and x86 outputs in your logs though. If you want to experiment with 
certificates with different ciphers - I've once wrote a small 
keystore-generator tool for that [4], hope it may be useful.

About ARM32 JVMs: according to the output you are using OpenJDK Zero VM 
8u_111. This implementation originates from Zero-Assembler Project [5] 
that provides very small and portable, but not fast VM implementation 
and it doesn't contain JIT compiler. jdk8 JVM implementation developed 
in AArch32 project [6] provides JIT compiler and should be much faster 
than Zero one. To use AArch32 JVM on Ubuntu 16.04 you can build it from 
sources [7] or try binaries from here [8] (disclaimer: I've built it 
myself for bootstrapping, this build is not widely used). For jdk9 you 
can find the details in JEP 297 [9].


[1] 
http://pkgs.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/plain/TestECDSA.java
[2] http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1699
[3] http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2126
[4] https://github.com/akashche/keystore-generator
[5] http://openjdk.java.net/projects/zero/
[6] http://openjdk.java.net/projects/aarch32-port/
[7] http://hg.openjdk.java.net/aarch32-port/jdk8u/
[8] 
https://github.com/ojdkbuild/ojdkbuild/releases/download/1.8.0.111-1/java-1.8.0-openjdk-aarch32-1.8.0.112-1.b16.ojdkbuild.xenial.armv7.zip
[9] http://openjdk.java.net/jeps/297

-- 
-Alex