-
Bug
-
Resolution: Fixed
-
P4
-
None
-
b05
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8293144 | 17.0.5 | Andrew Hughes | P4 | Resolved | Fixed | b05 |
| JDK-8294742 | 11.0.18 | Andrew Hughes | P4 | Resolved | Fixed | b01 |
TLS *_CHACHA20_POLY1305_* cipher suites are currently broken when configuration with SunPKCS11 provider is used. I discovered this by my ssl-tests testsuite [1].
make TEST_PKCS11_FIPS=1 SSLTESTS_SSL_CONFIG_FILTER=SunJSSE,Default,TLSv1.2,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 SSLTESTS_CUSTOM_JAVA_PARAMS=-Djdk.tls.ephemeralDHKeySize=2048 ssl-tests
...
javax.net.ssl.SSLException: Unknown algorithm: ChaCha20-Poly1305
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:132)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1712)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:470)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at SSLSocketClient.test(SSLSocketClient.java:72)
at SSLSocketTester.testConfiguration(SSLSocketTester.java:392)
at SSLSocketTester.testConfigurations(SSLSocketTester.java:322)
at SSLSocketTester.testProvider(SSLSocketTester.java:234)
at SSLSocketTester.testProviders(SSLSocketTester.java:190)
at Main.main(Main.java:30)
Caused by: java.security.ProviderException: Unknown algorithm: ChaCha20-Poly1305
at jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsKeyMaterialGenerator.engineGenerateKey(P11TlsKeyMaterialGenerator.java:168)
at java.base/javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:564)
at java.base/sun.security.ssl.SSLTrafficKeyDerivation$LegacyTrafficKeyDerivation.<init>(SSLTrafficKeyDerivation.java:282)
at java.base/sun.security.ssl.SSLTrafficKeyDerivation$T12TrafficKeyDerivationGenerator.createKeyDerivation(SSLTrafficKeyDerivation.java:117)
at java.base/sun.security.ssl.SSLTrafficKeyDerivation.createKeyDerivation(SSLTrafficKeyDerivation.java:79)
at java.base/sun.security.ssl.DHClientKeyExchange$DHClientKeyExchangeProducer.produce(DHClientKeyExchange.java:221)
at java.base/sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
at java.base/sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
... 7 more
FAILED: SunJSSE/Default: TLSv1.2 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Problem:
Exception is thrown by P11TlsKeyMaterialGenerator.engineGenerateKey method [2], based on result of P11SecretKeyFactory.getKeyType method [3], which only "knows" "ChaCha20" key algorithm, but does not accept "ChaCha20-Poly1305" as algorithm. Algorithm value is passed from SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation class [4], which leads to algorithm field in SSLCipher class [5]. Value of that field comes from cipher name in JsseJce class [6] (ending at first slash, if any).
Fix:
This fix basically modifies P11SecretKeyFactory.getKeyType method to accept "ChaCha20-Poly1305" as alias for "ChaCha20".
Testing:
I ran jdk_security tests locally and they passed. Also failure in ssl-tests gets fixed.
[1] https://github.com/zzambers/ssl-tests
[2] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java#L168
[3] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java#L101
[4] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java#L270
[5] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/SSLCipher.java#L496
[6] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/JsseJce.java#L81
make TEST_PKCS11_FIPS=1 SSLTESTS_SSL_CONFIG_FILTER=SunJSSE,Default,TLSv1.2,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 SSLTESTS_CUSTOM_JAVA_PARAMS=-Djdk.tls.ephemeralDHKeySize=2048 ssl-tests
...
javax.net.ssl.SSLException: Unknown algorithm: ChaCha20-Poly1305
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:132)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1712)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:470)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at SSLSocketClient.test(SSLSocketClient.java:72)
at SSLSocketTester.testConfiguration(SSLSocketTester.java:392)
at SSLSocketTester.testConfigurations(SSLSocketTester.java:322)
at SSLSocketTester.testProvider(SSLSocketTester.java:234)
at SSLSocketTester.testProviders(SSLSocketTester.java:190)
at Main.main(Main.java:30)
Caused by: java.security.ProviderException: Unknown algorithm: ChaCha20-Poly1305
at jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsKeyMaterialGenerator.engineGenerateKey(P11TlsKeyMaterialGenerator.java:168)
at java.base/javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:564)
at java.base/sun.security.ssl.SSLTrafficKeyDerivation$LegacyTrafficKeyDerivation.<init>(SSLTrafficKeyDerivation.java:282)
at java.base/sun.security.ssl.SSLTrafficKeyDerivation$T12TrafficKeyDerivationGenerator.createKeyDerivation(SSLTrafficKeyDerivation.java:117)
at java.base/sun.security.ssl.SSLTrafficKeyDerivation.createKeyDerivation(SSLTrafficKeyDerivation.java:79)
at java.base/sun.security.ssl.DHClientKeyExchange$DHClientKeyExchangeProducer.produce(DHClientKeyExchange.java:221)
at java.base/sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440)
at java.base/sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
... 7 more
FAILED: SunJSSE/Default: TLSv1.2 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Problem:
Exception is thrown by P11TlsKeyMaterialGenerator.engineGenerateKey method [2], based on result of P11SecretKeyFactory.getKeyType method [3], which only "knows" "ChaCha20" key algorithm, but does not accept "ChaCha20-Poly1305" as algorithm. Algorithm value is passed from SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation class [4], which leads to algorithm field in SSLCipher class [5]. Value of that field comes from cipher name in JsseJce class [6] (ending at first slash, if any).
Fix:
This fix basically modifies P11SecretKeyFactory.getKeyType method to accept "ChaCha20-Poly1305" as alias for "ChaCha20".
Testing:
I ran jdk_security tests locally and they passed. Also failure in ssl-tests gets fixed.
[1] https://github.com/zzambers/ssl-tests
[2] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java#L168
[3] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java#L101
[4] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java#L270
[5] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/SSLCipher.java#L496
[6] https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/JsseJce.java#L81
- backported by
-
JDK-8293144 P11TlsKeyMaterialGenerator should work with ChaCha20-Poly1305
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
JDK-8255410 Add ChaCha20 and Poly1305 support to SunPKCS11 provider
-
- Resolved
-
- links to
-
Commit
openjdk/jdk11u-dev/66d4be30
-
Commit
openjdk/jdk17u-dev/00445e86
-
Commit
openjdk/jdk/b6bd190d
-
Review
openjdk/jdk11u-dev/1369
-
Review
openjdk/jdk17u-dev/650
-
Review
openjdk/jdk/9072
(4 links to)