RFR JDK-8029661: JDK-Support TLS v1.2 algorithm in SunPKCS11 provider

Valerie Peng valerie.peng at oracle.com
Tue Jul 31 23:48:59 UTC 2018


I sent this email a bit prematurely. I still need to review TestTLS12.java.

All else is done.

Valerie


On 7/31/2018 4:26 PM, Valerie Peng wrote:
>
> Hi Martin,
>
> Here are the review comments for the remaining files:
>
> <p11_convert.c>
>
> - Always check non-null result for JNIEnv FindClass(...) calls, e.g. 
> line 530 and 802
>
> - Sometimes the check is there but is after the return value has been 
> used. These checks should be moved up, i.e. right after the 
> FindClass(..) calls, e.g. line 555, 834.
>
> - line 1262, should be CK_TLS12_MASTER_KEY_DERIVE_PARAMS instead of 
> CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR
>
>
> Thanks,
> Valerie
>
>
> On 7/26/2018 9:12 AM, Martin Balao wrote:
>> Hi Valerie,
>>
>> Thanks for your feedback!
>>
>> CKM_TLS12_MAC looks like it's not in use. Authentication codes are 
>> calculated through CKM_TLS12_KEY_AND_MAC_DERIVE mechanism. Do you 
>> know of a library supporting CKM_TLS12_MAC but not 
>> CKM_TLS12_KEY_AND_MAC_DERIVE? I've been testing this with NSS 
>> software token which does not support CKM_TLS12_MAC.
>>
>> module-info.java changes were from when we used SSL/TLS constants, 
>> but then I replaced these constants with hardcoded numbers -after 
>> discussing with Xuelei-. I forgot to revert changes on this file. Thanks.
>>
>> Config.java changes were from a wrong version I uploaded. This has 
>> been already fixed.
>>
>> SunPKCS11.java: I agree with you that registration must be done 
>> separately. SunTls12MasterSecret and SunTls12KeyMaterial are now 
>> registered separately. I've added CKM_TLS12_MASTER_KEY_DERIVE_DH 
>> mechanism to SunTls12MasterSecret algorithm. It's still assumed that 
>> if CKM_TLS12_MASTER_KEY_DERIVE is supported, then 
>> CKM_TLS12_MASTER_KEY_DERIVE_DH it's and vice-versa -same as with 
>> previous key derivation mechanisms-. Not a big deal though I think: 
>> it's unlikely that a library implements only one of these. Using 
>> protocol version to decide which mechanism to use should be valid in 
>> this case because if an instance of P11TlsMasterSecretGenerator is 
>> used and algorithm is SunTls12MasterSecret, then protocol must be TLS 
>> 1.2 and we can assume that there is support of these mechanisms in 
>> the underlying library.
>> L527: I've realized that a better place for this map is 
>> Functions.java. I've moved it there.
>>
>> P11TlsPrfGenerator.java: This code is for TLS 1.2 only. That's 
>> because CKM_TLS_MAC mechanism is registered for SunTls12Prf 
>> algorithm. Previous TLS versions use CKM_TLS_PRF and 
>> CKM_NSS_TLS_PRF_GENERAL.
>>
>> P11TlsRsaPremasterSecretGenerator.java: Yes, we can remove it and 
>> call all keys "TlsRsaPremasterSecret", disregarding the mechanism 
>> used to generate it (CKM_SSL3_PRE_MASTER_KEY_GEN or 
>> CKM_TLS_PRE_MASTER_KEY_GEN). At the end of the day, this is just an 
>> array of 48 bytes. I've removed the field too.
>>
>> Functions.java: New entries (CKM_TLS12_MASTER_KEY_DERIVE, 
>> CKM_TLS12_MASTER_KEY_DERIVE_DH and CKM_TLS_MAC) moved after line 721. 
>> CKM_TLS12_KEY_AND_MAC_DERIVE has been added for completeness.
>>
>> CK_ATTRIBUTE.java: SENSITIVE_TRUE removed.
>>
>> Removed a dependency in TestTLS12.java to HexDumper (internal).
>>
>> Webrev 06 with all these changes here:
>>
>>  * 
>> http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.06/ 
>> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.06/>
>>  * 
>> http://cr.openjdk.java.net/~mbalao/webrevs/8029661/8029661.webrev.06.zip 
>> <http://cr.openjdk.java.net/%7Embalao/webrevs/8029661/8029661.webrev.06.zip>
>>
>> Regression testing on jdk/sun/security/pkcs11 passes with samae pass 
>> rate.
>>
>> Kind regards,
>> Martin.-
>>
>> On Tue, Jul 24, 2018 at 11:00 PM, Valerie Peng 
>> <valerie.peng at oracle.com <mailto:valerie.peng at oracle.com>> wrote:
>>
>>     Hi Martin,
>>
>>     Sorry for the delay, I am able to resume on reviewing this now.
>>
>>     Here are some initial comments.
>>
>>     What about CKM_TLS12_MAC? I see that it's defined under TLS 1.2
>>     mechanisms, but not much other details for it.
>>
>>     <module-info.java>
>>     - Is this change still necessary? I didn't notice any new import
>>     statement with sun.security.ssl package in the rest of changes.
>>
>>     <sun/security/pkcs11/Config.java>
>>     - Why removing the SENSITIVE_FALSE attribute on line 829 and 854?
>>
>>     <sun/security/pkcs11/P11TlsKeyMaterialGenerator.java>
>>     - As my comments for the SunPKCS11.java (see below), I think we
>>     should not assume the support for CKM_TLS12_KEY_AND_MAC_DERIVE.
>>     The existing impl and how it's registered in SunPKCS11 class is
>>     already somewhat problematic when CKM_TLS_KEY_AND_MAC_DERIVE is
>>     not supported. We should avoid assuming
>>     CKM_TLS12_KEY_AND_MAC_DERIVE is supported which may create even
>>     more problems. Overriding this.mechanism based on the TLS version
>>     specified in the parameters from the engineInit(...) call will
>>     lead to failure when the mechanism is not supported by underlying
>>     PKCS11 library
>>
>>     <sun/security/pkcs11/P11TlsMasterSecretGenerator.java>
>>     - Please see above comments for P11TlsKeyMaterialGenerator.java
>>
>>     <sun/security/pkcs11/P11TlsPrfGenerator.java>
>>     - Retrieve label outside of the new code block for TLS 1.2, i.e.
>>     line 133- 167, as it's used by all mechanisms.
>>
>>     <sun/security/pkcs11/P11TlsRsaPremasterSecretGenerator.java>
>>     - Line 131, Is it really necessary to use
>>     SunTls12RsaPremasterSecret? SunJCE provider uses
>>     SunTlsRsaPremasterSecret for all cases. If different algorithm is
>>     not needed, then no need to save tlsVersion as a field
>>
>>     <sun/security/pkcs11/SunPKCS11.java>
>>     - Hmm, for TLS 12 specific mechanisms, some PKCS11 libraries may
>>     not support them. Instead of registering
>>     SunTls12MasterSecret/SunTls12KeyMaterial as aliases, they should
>>     be registered separately so that if the native TLS 12 mechanisms
>>     were not supported, the new entry will be skipped. The
>>     corresponding implementation classes such as
>>     P11TlsMasterSecretGenerator and P11TlsKeyMaterialGenerator will
>>     have to check the specified parameter spec in their
>>     engineInit(..) calls to make sure things line up, e.g. error out
>>     if the TLS version in the spec does not match the native mechanism.
>>     - Lines 528 - 532, the mapping is stored without checking for
>>     support. May become an issue when the underlying PKCS11 library
>>     does not support all of these hash mechanisms. Probably not a big
>>     deal as these are fairly common hash algorithms, but I think it'd
>>     be good to add a comment on line 527 with something like "//
>>     assuming all hash mechanisms below are supported".
>>
>>     <sun/security/pkcs11/wrapper/Functions.java>
>>     - Miss the mapping for CKM_TLS12_KEY_AND_MAC_DERIVE? Move these
>>     new entries to be after the existing SSL3/TLS entries (from line
>>     711-721)
>>
>>     I still have a few files left and will send you comments on them
>>     later.
>>     Thanks,
>>     Valerie
>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180731/97768ff7/attachment.htm>


More information about the security-dev mailing list