RFR: 8288985: P11TlsKeyMaterialGenerator works with ChaCha20-Poly1305 [v2]
zzambers
duke at openjdk.org
Wed Jun 22 15:59:44 UTC 2022
> TLS `*_CHACHA20_POLY1305_*` cipher suites are currently broken when configuration with SunPKCS11 provider is used. I discovered this by my ssl-tests testsuite [1].
>
>
> make TEST_PKCS11_FIPS=1 SSLTESTS_SSL_CONFIG_FILTER=SunJSSE,Default,TLSv1.2,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 SSLTESTS_CUSTOM_JAVA_PARAMS=-Djdk.tls.ephemeralDHKeySize=2048 ssl-tests
> ...
> javax.net.ssl.SSLException: Unknown algorithm: ChaCha20-Poly1305
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:132)
> at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
> at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
> at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
> at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1712)
> at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:470)
> at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
> at SSLSocketClient.test(SSLSocketClient.java:72)
> at SSLSocketTester.testConfiguration(SSLSocketTester.java:392)
> at SSLSocketTester.testConfigurations(SSLSocketTester.java:322)
> at SSLSocketTester.testProvider(SSLSocketTester.java:234)
> at SSLSocketTester.testProviders(SSLSocketTester.java:190)
> at Main.main(Main.java:30)
> Caused by: java.security.ProviderException: Unknown algorithm: ChaCha20-Poly1305
> at jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsKeyMaterialGenerator.engineGenerateKey(P11TlsKeyMaterialGenerator.java:168)
> at java.base/javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:564)
> at java.base/sun.security.ssl.SSLTrafficKeyDerivation$LegacyTrafficKeyDerivation.<init>(SSLTrafficKeyDerivation.java:282)
> at java.base/sun.security.ssl.SSLTrafficKeyDerivation$T12TrafficKeyDerivationGenerator.createKeyDerivation(SSLTrafficKeyDerivation.java:117)
> at java.base/sun.security.ssl.SSLTrafficKeyDerivation.createKeyDerivation(SSLTrafficKeyDerivation.java:79)
> at java.base/sun.security.ssl.DHClientKeyExchange$DHClientKeyExchangeProducer.produce(DHClientKeyExchange.java:221)
> at java.base/sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65)
> at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
> at java.base/sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
> at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
> at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
> at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
> at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
> at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
> at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510)
> at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425)
> at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
> ... 7 more
>
> FAILED: SunJSSE/Default: TLSv1.2 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
>
>
> Problem:
> Exception is thrown by P11TlsKeyMaterialGenerator.engineGenerateKey method [2], based on result of P11SecretKeyFactory.getKeyType method [3], which only "knows" "ChaCha20" key algorithm, but does not accept "ChaCha20-Poly1305" as algorithm. Algorithm value is passed from SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation class [4], which leads to algorithm field in SSLCipher class [5]. Value of that field comes from cipher name in JsseJce class [6] (ending at first slash, if any).
>
> Fix:
> This fix basically modifies P11SecretKeyFactory.getKeyType method to accept "ChaCha20-Poly1305" as alias for "ChaCha20".
>
> Testing:
> I ran jdk_security tests locally and they passed. Also failure in ssl-tests gets fixed.
>
> [1] https://urldefense.com/v3/__https://github.com/zzambers/ssl-tests__;!!ACWV5N9M2RV99hQ!OQl-COyTBJFcnEQ2FnUPM9RYvMtwDbSpcLbGXdw-xBCSFbGvLSIU2TA345qNdUAkuQiFVRCTpAOhWnlIghM$
> [2] https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java*L168__;Iw!!ACWV5N9M2RV99hQ!OQl-COyTBJFcnEQ2FnUPM9RYvMtwDbSpcLbGXdw-xBCSFbGvLSIU2TA345qNdUAkuQiFVRCTpAOh9m17XQY$
> [3] https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java*L101__;Iw!!ACWV5N9M2RV99hQ!OQl-COyTBJFcnEQ2FnUPM9RYvMtwDbSpcLbGXdw-xBCSFbGvLSIU2TA345qNdUAkuQiFVRCTpAOhmnxgjfs$
> [4] https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java*L270__;Iw!!ACWV5N9M2RV99hQ!OQl-COyTBJFcnEQ2FnUPM9RYvMtwDbSpcLbGXdw-xBCSFbGvLSIU2TA345qNdUAkuQiFVRCTpAOhlNK3BJw$
> [5] https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/SSLCipher.java*L496__;Iw!!ACWV5N9M2RV99hQ!OQl-COyTBJFcnEQ2FnUPM9RYvMtwDbSpcLbGXdw-xBCSFbGvLSIU2TA345qNdUAkuQiFVRCTpAOh1UCVhr4$
> [6] https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/JsseJce.java*L81__;Iw!!ACWV5N9M2RV99hQ!OQl-COyTBJFcnEQ2FnUPM9RYvMtwDbSpcLbGXdw-xBCSFbGvLSIU2TA345qNdUAkuQiFVRCTpAOhcZ21CGY$
zzambers has updated the pull request incrementally with one additional commit since the last revision:
TestKeyMaterialChaCha20.java: Added bug number
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/9072/files
- new: https://git.openjdk.org/jdk/pull/9072/files/8fdd7b9f..514da32e
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=9072&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=9072&range=00-01
Stats: 1 line in 1 file changed: 1 ins; 0 del; 0 mod
Patch: https://git.openjdk.org/jdk/pull/9072.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/9072/head:pull/9072
PR: https://git.openjdk.org/jdk/pull/9072
More information about the security-dev
mailing list