SunPKCS11 connection lost after Decrypt doFinal (noPadding) openjdk 8_232

Tue Dec 3 00:56:52 UTC 2019

Hi Hubert,

I've filed https://bugs.openjdk.java.net/browse/JDK-8235215 to keep 
track of this issue.

I have not yet tried if this can be reproduced in house with NSS yet.

Just curious, which HSM vendor did you use? It'd be helpful to include 
in the bug report.

Thanks,
Valerie
On 12/2/2019 8:50 AM, DEBORDEAUX Hubert wrote:
> Hello,
> Following the update to OpenJDK 8_232, we did face a problem after a DECRYPT with no padding.
> We use a SunPKCS11 provider linked to a Network HSM.
> After a DECRYPT command (DES or AES) NOPADDING, we noticed the log : "Killing session (sun.security.pkcs11.P11Cipher.cancelOperation(P11Cipher.java:428)) active: 1"
> All following commands failed with error : CKR_USER_NOT_LOGGED_IN
>
> After a quick investigation, it looks like the fix JDK-8228565 done in P11Cipher.java is the root cause of this new behavior.
> 	....
> 	// Special handling to match SunJCE provider behavior
>                  if (bytesBuffered == 0 && padBufferLen == 0) {
>                      return 0;
>                  }
> 	....
> 	} finally {
>              		reset(doCancel);   // doCancel is true, so killSession is called.
>          	}
>
> This is a source code to reproduce the problem:
> 	SunPKCS11 p = new SunPKCS11(configName);           // config to Network HSM
> 	p.setCallbackHandler(handler);    // Handler for password
>          	Security.addProvider(p);
>          
>          	KeyStore.CallbackHandlerProtection chp =
>                  	new KeyStore.CallbackHandlerProtection(handler);
>              	KeyStore.Builder builder = KeyStore.Builder.newInstance("PKCS11", p, chp);
>          	KeyStore keystore = builder.getKeyStore();
>         	SecretKeyEntry entry = (SecretKeyEntry) keystore.getEntry("MyKeyAlias", null);
>          
>          	Cipher cipher = Cipher.getInstance("DESede/CBC/NOPADDING", p.getName());
>          	IvParameterSpec ivParameterSpec = new IvParameterSpec(new byte[8]);
>          	// cipher a text
>          	cipher.init(Cipher.ENCRYPT_MODE, entry.getSecretKey(), ivParameterSpec);
>          	byte[] clearData = "clear text111111".getBytes();
>          	byte[] cipheredData = cipher.doFinal(clearData);
>             	// Decipher the result
>          	cipher.init(Cipher.DECRYPT_MODE, entry.getSecretKey(), ivParameterSpec);
>          	byte[] clearTextResult = cipher.doFinal(cipheredData);
> 	// display the result
> 	System.out.println(new String(clearTextResult));  // So far, no problem
>          
>                // Try another cipher
>          	cipher.init(Cipher.ENCRYPT_MODE, entry.getSecretKey(), ivParameterSpec);
> 	byte[] clearData2 = "clear text222222".getBytes();
>         	byte[] cipheredData2 = cipher.doFinal(clearData);
> 	// --> Failed with sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
>
> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN
> 	at sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method)
> 	at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:581)
>
>          
> Workarounds:
> 	. use the SunPkcs11 jar file from openJDK 8_222
> 	. add a login after every decrypt commands
> 	. use PKCS5Padding when possible
>
> Could you tell me if you can reproduce this problem and what is the best way for me to report it ?
>
> Thanks you
> Best Regards,
> Hubert
>   