RFR JDK-8029661: JDK-Support TLS v1.2 algorithm in SunPKCS11 provider

Valerie Peng valerie.peng at oracle.com
Thu Jul 26 22:44:46 UTC 2018


Update: I submitted your webrev.05 through Mach5, there are one test 
failure observed on 4 configurations, all are due to the regression test 
TestTLS12.java. It looks like the test fails when the underlying PKCS11 
library does not support the corresponding TLS 12 mechanisms (stacktrace 
included as below)

jib > STDERR:
jib > java.security.ProviderException: Could not generate key
jib > 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsMasterSecretGenerator.engineGenerateKey(P11TlsMasterSecretGenerator.java:181)
jib > 	at java.base/javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:563)
jib > 	at TestTLS12.testTlsAuthenticationCodeGeneration(TestTLS12.java:181)
jib > 	at TestTLS12.main(TestTLS12.java:104)
jib > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
jib > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
jib > 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
jib > 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
jib > 	at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
jib > 	at java.base/java.lang.Thread.run(Thread.java:834)
jib > Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_MECHANISM_INVALID
jib > 	at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_DeriveKey(Native Method)
jib > 	at jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsMasterSecretGenerator.engineGenerateKey(P11TlsMasterSecretGenerator.java:167)
jib > 	... 9 more
jib >
jib > JavaTest Message: Test threw exception: java.security.ProviderException: Could not generate key
jib > JavaTest Message: shutting down test
jib >
jib > STATUS:Failed.`main' threw exception: java.security.ProviderException: Could not generate key

Thanks,
Valerie

On 7/23/2018 9:50 PM, Martin Balao wrote:
> Hi Valerie,
>
> Webrev 05:
>
>  * 
> http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.05/ 
> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.05/>
>  * 
> http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.05.zip 
> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.05.zip>
>
> New in Webrev 05:
>
>  * Explicitly casted prfHashMechanism to CK_MECHANISM_TYPE type to 
> avoid building warning on some compilers (it's a long -> unsigned long 
> cast).
>
> Regression tests result for jdk/sun/security/pkcs11 category:
>
> Passed: sun/security/pkcs11/Cipher/JNICheck.java
> Passed: sun/security/pkcs11/Cipher/ReinitCipher.java
> Passed: sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java
> Passed: sun/security/pkcs11/Cipher/TestRawRSACipher.java
> Passed: sun/security/pkcs11/Cipher/TestRSACipher.java
> Passed: sun/security/pkcs11/Cipher/TestRSACipherWrap.java
> Passed: sun/security/pkcs11/Cipher/TestSymmCiphers.java
> Passed: sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java
> Passed: sun/security/pkcs11/Config/ReadConfInUTF16Env.sh
> Passed: sun/security/pkcs11/ec/ReadCertificates.java
> Passed: sun/security/pkcs11/ec/ReadPKCS12.java
> Passed: sun/security/pkcs11/ec/TestCurves.java
> Passed: sun/security/pkcs11/ec/TestECDH.java
> Passed: sun/security/pkcs11/ec/TestECDH2.java
> Passed: sun/security/pkcs11/ec/TestECDSA.java
> Passed: sun/security/pkcs11/ec/TestECDSA2.java
> Passed: sun/security/pkcs11/ec/TestECGenSpec.java
> FAILED: sun/security/pkcs11/ec/TestKeyFactory.java
> Passed: sun/security/pkcs11/fips/ClientJSSEServerJSSE.java
> Passed: sun/security/pkcs11/fips/TrustManagerTest.java
> Passed: sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java
> Passed: sun/security/pkcs11/KeyAgreement/TestDH.java
> Passed: sun/security/pkcs11/KeyAgreement/TestInterop.java
> Passed: sun/security/pkcs11/KeyAgreement/TestShort.java
> Passed: sun/security/pkcs11/KeyAgreement/UnsupportedDHKeys.java
> Passed: sun/security/pkcs11/KeyGenerator/DESParity.java
> Passed: sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
> Passed: sun/security/pkcs11/KeyPairGenerator/TestDH2048.java
> Passed: sun/security/pkcs11/KeyStore/Basic.sh
> Passed: sun/security/pkcs11/KeyStore/ClientAuth.sh
> Passed: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
> Passed: sun/security/pkcs11/KeyStore/Solaris.sh
> Passed: sun/security/pkcs11/Mac/MacKAT.java
> Passed: sun/security/pkcs11/Mac/MacSameTest.java
> Passed: sun/security/pkcs11/Mac/ReinitMac.java
> Passed: sun/security/pkcs11/MessageDigest/ByteBuffers.java
> Passed: sun/security/pkcs11/MessageDigest/DigestKAT.java
> Passed: sun/security/pkcs11/MessageDigest/ReinitDigest.java
> Passed: sun/security/pkcs11/MessageDigest/TestCloning.java
> Passed: sun/security/pkcs11/Provider/Absolute.java
> Passed: sun/security/pkcs11/Provider/ConfigQuotedString.sh
> Passed: sun/security/pkcs11/Provider/ConfigShortPath.java
> Passed: sun/security/pkcs11/Provider/Login.sh
> Passed: sun/security/pkcs11/Provider/LoginISE.java
> Passed: sun/security/pkcs11/rsa/KeyWrap.java
> Passed: sun/security/pkcs11/rsa/TestCACerts.java
> Passed: sun/security/pkcs11/rsa/TestKeyFactory.java
> Passed: sun/security/pkcs11/rsa/TestKeyPairGenerator.java
> Passed: sun/security/pkcs11/rsa/TestSignatures.java
> Passed: sun/security/pkcs11/Secmod/AddPrivateKey.java
> FAILED: sun/security/pkcs11/Secmod/AddTrustedCert.java
> Passed: sun/security/pkcs11/Secmod/Crypto.java
> Passed: sun/security/pkcs11/Secmod/GetPrivateKey.java
> Passed: sun/security/pkcs11/Secmod/JksSetPrivateKey.java
> Passed: sun/security/pkcs11/Secmod/LoadKeystore.java
> Passed: sun/security/pkcs11/Secmod/TestNssDbSqlite.java
> Passed: sun/security/pkcs11/Secmod/TrustAnchors.java
> Passed: sun/security/pkcs11/SecureRandom/Basic.java
> Passed: sun/security/pkcs11/SecureRandom/TestDeserialization.java
> Passed: sun/security/pkcs11/Serialize/SerializeProvider.java
> Passed: sun/security/pkcs11/Signature/ByteBuffers.java
> Passed: sun/security/pkcs11/Signature/ReinitSignature.java
> Passed: sun/security/pkcs11/Signature/TestDSA.java
> Passed: sun/security/pkcs11/Signature/TestDSAKeyLength.java
> Passed: sun/security/pkcs11/Signature/TestRSAKeyLength.java
> Passed: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
> FAILED: sun/security/pkcs11/tls/TestKeyMaterial.java
> Passed: sun/security/pkcs11/tls/TestLeadingZeroesP11.java
> Passed: sun/security/pkcs11/tls/TestMasterSecret.java
> Passed: sun/security/pkcs11/tls/TestPremaster.java
> Passed: sun/security/pkcs11/tls/TestPRF.java
> Passed: sun/security/pkcs11/tls/TestTLS12.java
> Passed: sun/security/pkcs11/SampleTest.java
> Test results: passed: 70; failed: 3
>
> NOTE: failing testcases were already failing on an unpatched JDK.
>
> Look forward to your answer.
>
> Kind regards,
> Martin.-

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180726/3ded9f5a/attachment.htm>


More information about the security-dev mailing list