[security-dev 01280]: Re: ECC pkcs#11 bug]

Vincent Ryan Vincent.Ryan at Sun.COM
Tue Oct 6 06:29:42 PDT 2009



Tomas Gustavsson wrote:
> 
> Andrew John Hughes wrote:
>> 2009/10/6 Tomas Gustavsson <tomas at primekey.se>:
>>> Hi Andrew,
>>>
>>> I guess no bug Id was created after all.
>>> The issue is that the pkcs#11 library returns a tag-length-value
>>> encoding for an EC public key, but the Sun provider expects something
>>> else. So when trying to read the public key from pkcs#11 we get an
>>> exception.
>>>
>>> The patch, which is very small and backwards compatible (if there are
>>> pkcs#11's that does return the value originally expected), can be found
>>> here:
>>> http://bunny.primekey.se/~lars/sunP11Bug/patch.txt
>>>
>>> A simple test case:
>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>
>>> We've been in contact with an HSM vendor (Utimaco) and they claim that
>>> the tag-length-value is the right way. Since we tested this with several
>>> different HSMs it seems they are in agreement as well :-)
>>> (I can forward their explanation as well if needed).
>>>
>>> Kind regards,
>>> Tomas
>>>
>>> PS: Lars (who is my collegue) has completed the "Sun Contribution
>>> Agreement".
>>>
>>>
>>> Andrew John Hughes wrote:
>>>> 2009/10/5 Tomas Gustavsson <tomas at primekey.se>:
>>>>> Hi Vincent and Brad,
>>>>>
>>>>> I'm not sure how things are at Sun currently. We work with Sun here in
>>>>> Sweden so we've heard a bit about wait with the Oracle story.
>>>>>
>>>>> Anyhow I just want to let you know that if anyone is still working on
>>>>> crypto that this bug is very annoying, and affect all existing HSMs as
>>>>> far as I can see. ECC is rolling out pretty wide in europe now with new
>>>>> electronic passports and other ecc cards.
>>>>> So getting this fixed would be quite welcome, it's a small fix. I've
>>>>> tested it on SafeNet HSMs myself right now.
>>>>>
>>>>>
>>>>> Kind regards,
>>>>> Tomas Gustavsson
>>>>> PrimeKey Solutions AB
>>>>>
>>>>>
>>>>> Lars Silvén wrote:
>>>>>> -------- Forwarded Message --------
>>>>>> From: Brad Wetmore <Bradford.Wetmore at Sun.COM>
>>>>>> To: Lars Silvén <lars at primekey.se>
>>>>>> Cc: security-dev at openjdk.java.net, Vinnie Ryan <Vincent.Ryan at Sun.COM>
>>>>>> Subject: Re: [security-dev 00550]: Re: ECC pkcs#11 bug
>>>>>> Date: Thu, 05 Feb 2009 11:34:49 -0800
>>>>>>
>>>>>> Hi Lars,
>>>>>>
>>>>>> I was hoping that Vincent Ryan had already contacted you about this.
>>>>>>
>>>>>> I got redirected from ECC to work on the OpenJDK Bugzilla instance,
>>>>>> which is rolling out very soon.  Vincent took over the ECC work late
>>>>>> last year along with your submission.  The short answer is, between a
>>>>>> lengthy customer escalation and bugzilla, I've been so heads down for
>>>>>> the last 4 months, I'm not sure how far he's gotten.
>>>>>>
>>>>>> Vinnie, can you provide more info?
>>>>>>
>>>>>> Brad
>>>>>>
>>>>>>
>>>>>> Lars Silvén wrote:
>>>>>>> Brad,
>>>>>>>
>>>>>>> Any news about the p11 ECC bug.
>>>>>>>
>>>>>>> When will it be fixed?
>>>>>>>
>>>>>>>
>>>>>>> Best Regards,
>>>>>>> Lars
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Lars Silvén wrote:
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> Thank you for taking care of this.
>>>>>>>> We want this fix in both JDK 6 and 7. I like to know the release date for the
>>>>>>>> fix in both versions if possible.
>>>>>>>>
>>>>>>>> Lars
>>>>>>>>
>>>>>>>> Brad Wetmore wrote:
>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>> Hi Brad,
>>>>>>>>>>
>>>>>>>>>> Do you have everything you need to fix the bug.
>>>>>>>>> I believe so.  I haven't started looking at it closely yet, I'm still
>>>>>>>>> mopping up several fires.  Unfortunately, I'm the chef, busboy, and
>>>>>>>>> bottle washer for several projects here.
>>>>>>>>>
>>>>>>>>>> Or is there anything more I could do to help.
>>>>>>>>>>
>>>>>>>>>> I have now also tested the nCipher HSM. To get their p11 working my
>>>>>>>>>> patch had to be applied.
>>>>>>>>>>
>>>>>>>>>> Do you have any idea when we the fix could be released?
>>>>>>>>> Are you looking for JDK7, or 6?
>>>>>>>>>
>>>>>>>>> Brad
>>>>>>>>>
>>>>>>>>>> Best Regards
>>>>>>>>>>
>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>>>> Hi Brad,
>>>>>>>>>>>>
>>>>>>>>>>>> I have written a simple application that illustrates the problem:
>>>>>>>>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>>>>>>>>>>
>>>>>>>>>>>> But you need a p11 module with ECC capability to run it. Do you have
>>>>>>>>>>>> one?
>>>>>>>>>>> Yes.
>>>>>>>>>>>
>>>>>>>>>>>> If not I could investigate if one of our HSM vendors could send you
>>>>>>>>>>>> one.
>>>>>>>>>>>> Also to verify that the public key actually is usable a JCA provider
>>>>>>>>>>>> with ECC is needed.
>>>>>>>>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7.
>>>>>>>>>>>
>>>>>>>>>>> Thanks for the case.
>>>>>>>>>>>
>>>>>>>>>>> Brad
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>  But for that you could use BouncyCastle.
>>>>>>>>>>>> Start running the application without parameters and then you get a
>>>>>>>>>>>> description of needed parameters.
>>>>>>>>>>>>
>>>>>>>>>>>> Lars
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>>>> Great, thanks for doing so.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'll be working on this fairly soon, so I'll get a bug filed.  Do you
>>>>>>>>>>>>> have a standalone test case for this already?  See step 3 of the
>>>>>>>>>>>>> contribute page.  If you do but you don't have it in jtreg format,
>>>>>>>>>>>>> I can
>>>>>>>>>>>>> get it into the jtreg format.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Brad
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>>>>>> Here is my SCA!
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> //Lars
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>>>>>> Hi Lars,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I have created a patch that is fixing the problem:
>>>>>>>>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also
>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>> person who will be handling this when I get back to working on the
>>>>>>>>>>>>>>> Java
>>>>>>>>>>>>>>> ECC implementation.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>>>>>>>>>>>> signed copy of the Sun Contribution Agreement in place.  This is
>>>>>>>>>>>>>>> done
>>>>>>>>>>>>>>> for your protection as well as the Sun's and the OpenJDK
>>>>>>>>>>>>>>> community's.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Please see the following link for more information:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>     http://openjdk.java.net/contribute/
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The Signatories of the SCA are eligible to donate code to all
>>>>>>>>>>>>>>> products
>>>>>>>>>>>>>>> and projects owned or managed by Sun:  signing it once means you can
>>>>>>>>>>>>>>> contribute code to any Sun-sponsored open source project.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>>>>>>>>>>>> database yet, just let me know.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Discussions of the problem is fine, it's just the source that we
>>>>>>>>>>>>>>> can't
>>>>>>>>>>>>>>> take at this point.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Brad
>>>>>>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>> What bug are we discussing here? I don't see any patch or bug ID.
>> Ah, this sounds like a similar, if not the same bug as 6763530 which
>> we discussed here:
>>
>> http://mail.openjdk.java.net/pipermail/security-dev/2009-September/001252.html
>>
>> I posted a patch for this some time ago, as you can see from the
>> discussion, and then a revised version based on Michael StJohn's patch
>>
>> http://cr.openjdk.java.net/~andrew/6763530/webrev.02/
>>
>> but it has not yet been accepted into OpenJDK.  The bug is due to the
>> data being DER encoded.  DER octet streams also start with a 4 but the
>> length is different from that expected by the current code.  The bug
>> is triggered when newer versions of the NSS library are used for ECC
>> support.
> 
> Excellent. Plenty of people are tripping in to this bug. I hope some
> version of patches gets accepted soon!
> 
> What's keeping the patch from getting accepted?

Me, unfortunately. I'll try to get to this in the next few days.


> 
> Regards,
> Tomas
> 



More information about the security-dev mailing list