RFR JDK-8029661: JDK-Support TLS v1.2 algorithm in SunPKCS11 provider
Valerie Peng
valerie.peng at oracle.com
Tue Jul 31 23:26:04 UTC 2018
Hi Martin,
Here are the review comments for the remaining files:
<p11_convert.c>
- Always check non-null result for JNIEnv FindClass(...) calls, e.g.
line 530 and 802
- Sometimes the check is there but is after the return value has been
used. These checks should be moved up, i.e. right after the
FindClass(..) calls, e.g. line 555, 834.
- line 1262, should be CK_TLS12_MASTER_KEY_DERIVE_PARAMS instead of
CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR
Thanks,
Valerie
On 7/26/2018 9:12 AM, Martin Balao wrote:
> Hi Valerie,
>
> Thanks for your feedback!
>
> CKM_TLS12_MAC looks like it's not in use. Authentication codes are
> calculated through CKM_TLS12_KEY_AND_MAC_DERIVE mechanism. Do you know
> of a library supporting CKM_TLS12_MAC but not
> CKM_TLS12_KEY_AND_MAC_DERIVE? I've been testing this with NSS software
> token which does not support CKM_TLS12_MAC.
>
> module-info.java changes were from when we used SSL/TLS constants, but
> then I replaced these constants with hardcoded numbers -after
> discussing with Xuelei-. I forgot to revert changes on this file. Thanks.
>
> Config.java changes were from a wrong version I uploaded. This has
> been already fixed.
>
> SunPKCS11.java: I agree with you that registration must be done
> separately. SunTls12MasterSecret and SunTls12KeyMaterial are now
> registered separately. I've added CKM_TLS12_MASTER_KEY_DERIVE_DH
> mechanism to SunTls12MasterSecret algorithm. It's still assumed that
> if CKM_TLS12_MASTER_KEY_DERIVE is supported, then
> CKM_TLS12_MASTER_KEY_DERIVE_DH it's and vice-versa -same as with
> previous key derivation mechanisms-. Not a big deal though I think:
> it's unlikely that a library implements only one of these. Using
> protocol version to decide which mechanism to use should be valid in
> this case because if an instance of P11TlsMasterSecretGenerator is
> used and algorithm is SunTls12MasterSecret, then protocol must be TLS
> 1.2 and we can assume that there is support of these mechanisms in the
> underlying library.
> L527: I've realized that a better place for this map is
> Functions.java. I've moved it there.
>
> P11TlsPrfGenerator.java: This code is for TLS 1.2 only. That's because
> CKM_TLS_MAC mechanism is registered for SunTls12Prf algorithm.
> Previous TLS versions use CKM_TLS_PRF and CKM_NSS_TLS_PRF_GENERAL.
>
> P11TlsRsaPremasterSecretGenerator.java: Yes, we can remove it and call
> all keys "TlsRsaPremasterSecret", disregarding the mechanism used to
> generate it (CKM_SSL3_PRE_MASTER_KEY_GEN or
> CKM_TLS_PRE_MASTER_KEY_GEN). At the end of the day, this is just an
> array of 48 bytes. I've removed the field too.
>
> Functions.java: New entries (CKM_TLS12_MASTER_KEY_DERIVE,
> CKM_TLS12_MASTER_KEY_DERIVE_DH and CKM_TLS_MAC) moved after line 721.
> CKM_TLS12_KEY_AND_MAC_DERIVE has been added for completeness.
>
> CK_ATTRIBUTE.java: SENSITIVE_TRUE removed.
>
> Removed a dependency in TestTLS12.java to HexDumper (internal).
>
> Webrev 06 with all these changes here:
>
> *
> http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.06/
> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.06/>
> *
> http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.06.zip
> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.06.zip>
>
> Regression testing on jdk/sun/security/pkcs11 passes with samae pass rate.
>
> Kind regards,
> Martin.-
>
> On Tue, Jul 24, 2018 at 11:00 PM, Valerie Peng
> <valerie.peng at oracle.com <mailto:valerie.peng at oracle.com>> wrote:
>
> Hi Martin,
>
> Sorry for the delay, I am able to resume on reviewing this now.
>
> Here are some initial comments.
>
> What about CKM_TLS12_MAC? I see that it's defined under TLS 1.2
> mechanisms, but not much other details for it.
>
> <module-info.java>
> - Is this change still necessary? I didn't notice any new import
> statement with sun.security.ssl package in the rest of changes.
>
> <sun/security/pkcs11/Config.java>
> - Why removing the SENSITIVE_FALSE attribute on line 829 and 854?
>
> <sun/security/pkcs11/P11TlsKeyMaterialGenerator.java>
> - As my comments for the SunPKCS11.java (see below), I think we
> should not assume the support for CKM_TLS12_KEY_AND_MAC_DERIVE.
> The existing impl and how it's registered in SunPKCS11 class is
> already somewhat problematic when CKM_TLS_KEY_AND_MAC_DERIVE is
> not supported. We should avoid assuming
> CKM_TLS12_KEY_AND_MAC_DERIVE is supported which may create even
> more problems. Overriding this.mechanism based on the TLS version
> specified in the parameters from the engineInit(...) call will
> lead to failure when the mechanism is not supported by underlying
> PKCS11 library
>
> <sun/security/pkcs11/P11TlsMasterSecretGenerator.java>
> - Please see above comments for P11TlsKeyMaterialGenerator.java
>
> <sun/security/pkcs11/P11TlsPrfGenerator.java>
> - Retrieve label outside of the new code block for TLS 1.2, i.e.
> line 133- 167, as it's used by all mechanisms.
>
> <sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java>
> - Line 131, Is it really necessary to use
> SunTls12RsaPremasterSecret? SunJCE provider uses
> SunTlsRsaPremasterSecret for all cases. If different algorithm is
> not needed, then no need to save tlsVersion as a field
>
> <sun/security/pkcs11/SunPKCS11.java>
> - Hmm, for TLS 12 specific mechanisms, some PKCS11 libraries may
> not support them. Instead of registering
> SunTls12MasterSecret/SunTls12KeyMaterial as aliases, they should
> be registered separately so that if the native TLS 12 mechanisms
> were not supported, the new entry will be skipped. The
> corresponding implementation classes such as
> P11TlsMasterSecretGenerator and P11TlsKeyMaterialGenerator will
> have to check the specified parameter spec in their engineInit(..)
> calls to make sure things line up, e.g. error out if the TLS
> version in the spec does not match the native mechanism.
> - Lines 528 - 532, the mapping is stored without checking for
> support. May become an issue when the underlying PKCS11 library
> does not support all of these hash mechanisms. Probably not a big
> deal as these are fairly common hash algorithms, but I think it'd
> be good to add a comment on line 527 with something like "//
> assuming all hash mechanisms below are supported".
>
> <sun/security/pkcs11/wrapper/Functions.java>
> - Miss the mapping for CKM_TLS12_KEY_AND_MAC_DERIVE? Move these
> new entries to be after the existing SSL3/TLS entries (from line
> 711-721)
>
> I still have a few files left and will send you comments on them
> later.
> Thanks,
> Valerie
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180731/fd3acf98/attachment.htm>
More information about the security-dev
mailing list