RFR JDK-8029661: JDK-Support TLS v1.2 algorithm in SunPKCS11 provider
Valerie Peng
valerie.peng at oracle.com
Thu Jul 26 22:44:46 UTC 2018
Update: I submitted your webrev.05 through Mach5, there are one test
failure observed on 4 configurations, all are due to the regression test
TestTLS12.java. It looks like the test fails when the underlying PKCS11
library does not support the corresponding TLS 12 mechanisms (stacktrace
included as below)
jib > STDERR:
jib > java.security.ProviderException: Could not generate key
jib > at jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsMasterSecretGenerator.engineGenerateKey(P11TlsMasterSecretGenerator.java:181)
jib > at java.base/javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:563)
jib > at TestTLS12.testTlsAuthenticationCodeGeneration(TestTLS12.java:181)
jib > at TestTLS12.main(TestTLS12.java:104)
jib > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
jib > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
jib > at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
jib > at java.base/java.lang.reflect.Method.invoke(Method.java:566)
jib > at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
jib > at java.base/java.lang.Thread.run(Thread.java:834)
jib > Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_MECHANISM_INVALID
jib > at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_DeriveKey(Native Method)
jib > at jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsMasterSecretGenerator.engineGenerateKey(P11TlsMasterSecretGenerator.java:167)
jib > ... 9 more
jib >
jib > JavaTest Message: Test threw exception: java.security.ProviderException: Could not generate key
jib > JavaTest Message: shutting down test
jib >
jib > STATUS:Failed.`main' threw exception: java.security.ProviderException: Could not generate key
Thanks,
Valerie
On 7/23/2018 9:50 PM, Martin Balao wrote:
> Hi Valerie,
>
> Webrev 05:
>
> *
> http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.05/
> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.05/>
> *
> http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.05.zip
> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.05.zip>
>
> New in Webrev 05:
>
> * Explicitly casted prfHashMechanism to CK_MECHANISM_TYPE type to
> avoid building warning on some compilers (it's a long -> unsigned long
> cast).
>
> Regression tests result for jdk/sun/security/pkcs11 category:
>
> Passed: sun/security/pkcs11/Cipher/JNICheck.java
> Passed: sun/security/pkcs11/Cipher/ReinitCipher.java
> Passed: sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java
> Passed: sun/security/pkcs11/Cipher/TestRawRSACipher.java
> Passed: sun/security/pkcs11/Cipher/TestRSACipher.java
> Passed: sun/security/pkcs11/Cipher/TestRSACipherWrap.java
> Passed: sun/security/pkcs11/Cipher/TestSymmCiphers.java
> Passed: sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java
> Passed: sun/security/pkcs11/Config/ReadConfInUTF16Env.sh
> Passed: sun/security/pkcs11/ec/ReadCertificates.java
> Passed: sun/security/pkcs11/ec/ReadPKCS12.java
> Passed: sun/security/pkcs11/ec/TestCurves.java
> Passed: sun/security/pkcs11/ec/TestECDH.java
> Passed: sun/security/pkcs11/ec/TestECDH2.java
> Passed: sun/security/pkcs11/ec/TestECDSA.java
> Passed: sun/security/pkcs11/ec/TestECDSA2.java
> Passed: sun/security/pkcs11/ec/TestECGenSpec.java
> FAILED: sun/security/pkcs11/ec/TestKeyFactory.java
> Passed: sun/security/pkcs11/fips/ClientJSSEServerJSSE.java
> Passed: sun/security/pkcs11/fips/TrustManagerTest.java
> Passed: sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java
> Passed: sun/security/pkcs11/KeyAgreement/TestDH.java
> Passed: sun/security/pkcs11/KeyAgreement/TestInterop.java
> Passed: sun/security/pkcs11/KeyAgreement/TestShort.java
> Passed: sun/security/pkcs11/KeyAgreement/UnsupportedDHKeys.java
> Passed: sun/security/pkcs11/KeyGenerator/DESParity.java
> Passed: sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
> Passed: sun/security/pkcs11/KeyPairGenerator/TestDH2048.java
> Passed: sun/security/pkcs11/KeyStore/Basic.sh
> Passed: sun/security/pkcs11/KeyStore/ClientAuth.sh
> Passed: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
> Passed: sun/security/pkcs11/KeyStore/Solaris.sh
> Passed: sun/security/pkcs11/Mac/MacKAT.java
> Passed: sun/security/pkcs11/Mac/MacSameTest.java
> Passed: sun/security/pkcs11/Mac/ReinitMac.java
> Passed: sun/security/pkcs11/MessageDigest/ByteBuffers.java
> Passed: sun/security/pkcs11/MessageDigest/DigestKAT.java
> Passed: sun/security/pkcs11/MessageDigest/ReinitDigest.java
> Passed: sun/security/pkcs11/MessageDigest/TestCloning.java
> Passed: sun/security/pkcs11/Provider/Absolute.java
> Passed: sun/security/pkcs11/Provider/ConfigQuotedString.sh
> Passed: sun/security/pkcs11/Provider/ConfigShortPath.java
> Passed: sun/security/pkcs11/Provider/Login.sh
> Passed: sun/security/pkcs11/Provider/LoginISE.java
> Passed: sun/security/pkcs11/rsa/KeyWrap.java
> Passed: sun/security/pkcs11/rsa/TestCACerts.java
> Passed: sun/security/pkcs11/rsa/TestKeyFactory.java
> Passed: sun/security/pkcs11/rsa/TestKeyPairGenerator.java
> Passed: sun/security/pkcs11/rsa/TestSignatures.java
> Passed: sun/security/pkcs11/Secmod/AddPrivateKey.java
> FAILED: sun/security/pkcs11/Secmod/AddTrustedCert.java
> Passed: sun/security/pkcs11/Secmod/Crypto.java
> Passed: sun/security/pkcs11/Secmod/GetPrivateKey.java
> Passed: sun/security/pkcs11/Secmod/JksSetPrivateKey.java
> Passed: sun/security/pkcs11/Secmod/LoadKeystore.java
> Passed: sun/security/pkcs11/Secmod/TestNssDbSqlite.java
> Passed: sun/security/pkcs11/Secmod/TrustAnchors.java
> Passed: sun/security/pkcs11/SecureRandom/Basic.java
> Passed: sun/security/pkcs11/SecureRandom/TestDeserialization.java
> Passed: sun/security/pkcs11/Serialize/SerializeProvider.java
> Passed: sun/security/pkcs11/Signature/ByteBuffers.java
> Passed: sun/security/pkcs11/Signature/ReinitSignature.java
> Passed: sun/security/pkcs11/Signature/TestDSA.java
> Passed: sun/security/pkcs11/Signature/TestDSAKeyLength.java
> Passed: sun/security/pkcs11/Signature/TestRSAKeyLength.java
> Passed: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
> FAILED: sun/security/pkcs11/tls/TestKeyMaterial.java
> Passed: sun/security/pkcs11/tls/TestLeadingZeroesP11.java
> Passed: sun/security/pkcs11/tls/TestMasterSecret.java
> Passed: sun/security/pkcs11/tls/TestPremaster.java
> Passed: sun/security/pkcs11/tls/TestPRF.java
> Passed: sun/security/pkcs11/tls/TestTLS12.java
> Passed: sun/security/pkcs11/SampleTest.java
> Test results: passed: 70; failed: 3
>
> NOTE: failing testcases were already failing on an unpatched JDK.
>
> Look forward to your answer.
>
> Kind regards,
> Martin.-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180726/3ded9f5a/attachment.htm>
More information about the security-dev
mailing list