[security-dev 01281]: Re: ECC pkcs#11 bug]

Tomas Gustavsson tomasg at primekey.se
Tue Oct 6 14:03:57 UTC 2009


Sweet! Let me know if you need any help testing. I'm mainly running on
Ubuntu 64bit, but have access to others as well.

Regards,
Tomas


Vincent Ryan wrote:
> 
> Tomas Gustavsson wrote:
>> Andrew John Hughes wrote:
>>> 2009/10/6 Tomas Gustavsson <tomas at primekey.se>:
>>>> Hi Andrew,
>>>>
>>>> I guess no bug Id was created after all.
>>>> The issue is that the pkcs#11 library returns a tag-length-value
>>>> encoding for an EC public key, but the Sun provider expects something
>>>> else. So when trying to read the public key from pkcs#11 we get an
>>>> exception.
>>>>
>>>> The patch, which is very small and backwards compatible (if there are
>>>> pkcs#11's that does return the value originally expected), can be found
>>>> here:
>>>> http://bunny.primekey.se/~lars/sunP11Bug/patch.txt
>>>>
>>>> A simple test case:
>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>>
>>>> We've been in contact with an HSM vendor (Utimaco) and they claim that
>>>> the tag-length-value is the right way. Since we tested this with several
>>>> different HSMs it seems they are in agreement as well :-)
>>>> (I can forward their explanation as well if needed).
>>>>
>>>> Kind regards,
>>>> Tomas
>>>>
>>>> PS: Lars (who is my collegue) has completed the "Sun Contribution
>>>> Agreement".
>>>>
>>>>
>>>> Andrew John Hughes wrote:
>>>>> 2009/10/5 Tomas Gustavsson <tomas at primekey.se>:
>>>>>> Hi Vincent and Brad,
>>>>>>
>>>>>> I'm not sure how things are at Sun currently. We work with Sun here in
>>>>>> Sweden so we've heard a bit about wait with the Oracle story.
>>>>>>
>>>>>> Anyhow I just want to let you know that if anyone is still working on
>>>>>> crypto that this bug is very annoying, and affect all existing HSMs as
>>>>>> far as I can see. ECC is rolling out pretty wide in europe now with new
>>>>>> electronic passports and other ecc cards.
>>>>>> So getting this fixed would be quite welcome, it's a small fix. I've
>>>>>> tested it on SafeNet HSMs myself right now.
>>>>>>
>>>>>>
>>>>>> Kind regards,
>>>>>> Tomas Gustavsson
>>>>>> PrimeKey Solutions AB
>>>>>>
>>>>>>
>>>>>> Lars Silvén wrote:
>>>>>>> -------- Forwarded Message --------
>>>>>>> From: Brad Wetmore <Bradford.Wetmore at Sun.COM>
>>>>>>> To: Lars Silvén <lars at primekey.se>
>>>>>>> Cc: security-dev at openjdk.java.net, Vinnie Ryan <Vincent.Ryan at Sun.COM>
>>>>>>> Subject: Re: [security-dev 00550]: Re: ECC pkcs#11 bug
>>>>>>> Date: Thu, 05 Feb 2009 11:34:49 -0800
>>>>>>>
>>>>>>> Hi Lars,
>>>>>>>
>>>>>>> I was hoping that Vincent Ryan had already contacted you about this.
>>>>>>>
>>>>>>> I got redirected from ECC to work on the OpenJDK Bugzilla instance,
>>>>>>> which is rolling out very soon.  Vincent took over the ECC work late
>>>>>>> last year along with your submission.  The short answer is, between a
>>>>>>> lengthy customer escalation and bugzilla, I've been so heads down for
>>>>>>> the last 4 months, I'm not sure how far he's gotten.
>>>>>>>
>>>>>>> Vinnie, can you provide more info?
>>>>>>>
>>>>>>> Brad
>>>>>>>
>>>>>>>
>>>>>>> Lars Silvén wrote:
>>>>>>>> Brad,
>>>>>>>>
>>>>>>>> Any news about the p11 ECC bug.
>>>>>>>>
>>>>>>>> When will it be fixed?
>>>>>>>>
>>>>>>>>
>>>>>>>> Best Regards,
>>>>>>>> Lars
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Lars Silvén wrote:
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> Thank you for taking care of this.
>>>>>>>>> We want this fix in both JDK 6 and 7. I like to know the release date for the
>>>>>>>>> fix in both versions if possible.
>>>>>>>>>
>>>>>>>>> Lars
>>>>>>>>>
>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>>> Hi Brad,
>>>>>>>>>>>
>>>>>>>>>>> Do you have everything you need to fix the bug.
>>>>>>>>>> I believe so.  I haven't started looking at it closely yet, I'm still
>>>>>>>>>> mopping up several fires.  Unfortunately, I'm the chef, busboy, and
>>>>>>>>>> bottle washer for several projects here.
>>>>>>>>>>
>>>>>>>>>>> Or is there anything more I could do to help.
>>>>>>>>>>>
>>>>>>>>>>> I have now also tested the nCipher HSM. To get their p11 working my
>>>>>>>>>>> patch had to be applied.
>>>>>>>>>>>
>>>>>>>>>>> Do you have any idea when we the fix could be released?
>>>>>>>>>> Are you looking for JDK7, or 6?
>>>>>>>>>>
>>>>>>>>>> Brad
>>>>>>>>>>
>>>>>>>>>>> Best Regards
>>>>>>>>>>>
>>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>>>>> Hi Brad,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have written a simple application that illustrates the problem:
>>>>>>>>>>>>> http://bunny.primekey.se/~lars/sunP11Bug/src/test/Main.java
>>>>>>>>>>>>>
>>>>>>>>>>>>> But you need a p11 module with ECC capability to run it. Do you have
>>>>>>>>>>>>> one?
>>>>>>>>>>>> Yes.
>>>>>>>>>>>>
>>>>>>>>>>>>> If not I could investigate if one of our HSM vendors could send you
>>>>>>>>>>>>> one.
>>>>>>>>>>>>> Also to verify that the public key actually is usable a JCA provider
>>>>>>>>>>>>> with ECC is needed.
>>>>>>>>>>>> I'm going to be working on adding ECC to the JCE provider for JDK 7.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks for the case.
>>>>>>>>>>>>
>>>>>>>>>>>> Brad
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>  But for that you could use BouncyCastle.
>>>>>>>>>>>>> Start running the application without parameters and then you get a
>>>>>>>>>>>>> description of needed parameters.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Lars
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>>>>> Great, thanks for doing so.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I'll be working on this fairly soon, so I'll get a bug filed.  Do you
>>>>>>>>>>>>>> have a standalone test case for this already?  See step 3 of the
>>>>>>>>>>>>>> contribute page.  If you do but you don't have it in jtreg format,
>>>>>>>>>>>>>> I can
>>>>>>>>>>>>>> get it into the jtreg format.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Brad
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Lars Silvén wrote:
>>>>>>>>>>>>>>> Here is my SCA!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> //Lars
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Brad Wetmore wrote:
>>>>>>>>>>>>>>>> Hi Lars,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I have created a patch that is fixing the problem:
>>>>>>>>>>>>>>>> This is Brad Wetmore, I am the Security group Moderator, and also
>>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>>> person who will be handling this when I get back to working on the
>>>>>>>>>>>>>>>> Java
>>>>>>>>>>>>>>>> ECC implementation.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Unfortunately, I can't take your source contribution yet without a
>>>>>>>>>>>>>>>> signed copy of the Sun Contribution Agreement in place.  This is
>>>>>>>>>>>>>>>> done
>>>>>>>>>>>>>>>> for your protection as well as the Sun's and the OpenJDK
>>>>>>>>>>>>>>>> community's.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Please see the following link for more information:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>     http://openjdk.java.net/contribute/
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> The Signatories of the SCA are eligible to donate code to all
>>>>>>>>>>>>>>>> products
>>>>>>>>>>>>>>>> and projects owned or managed by Sun:  signing it once means you can
>>>>>>>>>>>>>>>> contribute code to any Sun-sponsored open source project.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> If you have recently signed it and it hasn't yet appeared in our
>>>>>>>>>>>>>>>> database yet, just let me know.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Discussions of the problem is fine, it's just the source that we
>>>>>>>>>>>>>>>> can't
>>>>>>>>>>>>>>>> take at this point.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Brad
>>>>>>>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>> What bug are we discussing here? I don't see any patch or bug ID.
>>> Ah, this sounds like a similar, if not the same bug as 6763530 which
>>> we discussed here:
>>>
>>> http://mail.openjdk.java.net/pipermail/security-dev/2009-September/001252.html
>>>
>>> I posted a patch for this some time ago, as you can see from the
>>> discussion, and then a revised version based on Michael StJohn's patch
>>>
>>> http://cr.openjdk.java.net/~andrew/6763530/webrev.02/
>>>
>>> but it has not yet been accepted into OpenJDK.  The bug is due to the
>>> data being DER encoded.  DER octet streams also start with a 4 but the
>>> length is different from that expected by the current code.  The bug
>>> is triggered when newer versions of the NSS library are used for ECC
>>> support.
>> Excellent. Plenty of people are tripping in to this bug. I hope some
>> version of patches gets accepted soon!
>>
>> What's keeping the patch from getting accepted?
> 
> Me, unfortunately. I'll try to get to this in the next few days.
> 
> 
>> Regards,
>> Tomas
>>



More information about the security-dev mailing list