Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8308719

Support Password-Based Cryptography in SunPKCS11

    XMLWordPrintable

Details

    • CSR
    • Resolution: Approved
    • P4
    • 21
    • security-libs
    • None
    • behavioral
    • low
    • Hide
      If an application meets the following conditions: 1) invokes the Java Cryptographic Architecture (JCA) APIs directly or indirectly for Password-Based Cryptography without specifying a security provider (i.e. Cipher.getInstance("PBEWithHmacSHA1AndAES_128")); and, 2) a SunPKC11 security provider whose underlying library implements Password-Based Cryptography algorithms is installed; the SunPKCS11 service implementation may be used instead of the non-SunPKCS11 one, and keys automatically converted into PKCS #11 keys. While the change underneath should be transparent in terms of functionality (see interoperability notes in JDK-8301553), there could be differences in performance.

      To mitigate this behavioral change, the security providers preferred order can be changed in the java.security file. As an example, if the SunJCE security provider (or any other desired provider) is set to be preferred over SunPKCS11, all Password-Based Cryptography services will be served by SunJCE —SunPKCS11 implements a subset of SunJCE PBE algorithms—. Alternatively, the application can be explicit on which underlying security provider wants for a service at the time of invoking JCA APIs (i.e. Cipher.getInstance("PBEWithHmacSHA1AndAES_128", sunJCE)). Another mitigation would be to disable Password-Based Cryptography mechanisms in the PKCS #11 token (see SunPKCS11 disabledMechanisms and enabledMechanisms configuration directives in the PKCS#11 Reference Guide).
      Show
      If an application meets the following conditions: 1) invokes the Java Cryptographic Architecture (JCA) APIs directly or indirectly for Password-Based Cryptography without specifying a security provider (i.e. Cipher.getInstance("PBEWithHmacSHA1AndAES_128")); and, 2) a SunPKC11 security provider whose underlying library implements Password-Based Cryptography algorithms is installed; the SunPKCS11 service implementation may be used instead of the non-SunPKCS11 one, and keys automatically converted into PKCS #11 keys. While the change underneath should be transparent in terms of functionality (see interoperability notes in JDK-8301553 ), there could be differences in performance. To mitigate this behavioral change, the security providers preferred order can be changed in the java.security file. As an example, if the SunJCE security provider (or any other desired provider) is set to be preferred over SunPKCS11, all Password-Based Cryptography services will be served by SunJCE —SunPKCS11 implements a subset of SunJCE PBE algorithms—. Alternatively, the application can be explicit on which underlying security provider wants for a service at the time of invoking JCA APIs (i.e. Cipher.getInstance("PBEWithHmacSHA1AndAES_128", sunJCE)). Another mitigation would be to disable Password-Based Cryptography mechanisms in the PKCS #11 token (see SunPKCS11 disabledMechanisms and enabledMechanisms configuration directives in the PKCS#11 Reference Guide).
    • Other
    • JDK

    Description

      Summary

      Update the SunPKCS11 security provider to support Password-Based Cryptography algorithms for Cipher, Mac and SecretKeyFactory services when the underlying PKCS #11 library implements the corresponding mechanisms.

      Problem

      The SunPKCS11 security provider does not support any Password-Based Cryptography algorithms at the moment, while the PKCS #11 standard defines mechanisms for them and different libraries (such as NSS) provide an implementation.

      In addition to an application using PBE Cipher, Mac and SecretKeyFactory services directly, the lack of support for these algorithms prevents SunPKCS11 from being used for key privacy and integrity in PKCS #12 key stores implemented by the SUN security provider.

      Read more information about PKCS #11 mechanisms for Password-Based Cryptography in the following sections of the standard:

      Solution

      Enhance the SunPKCS11 security provider to support the following Password-Based Cryptography services and algorithms:

      Cipher

      PBES2 (using PBKD2 underneath)

      • PBEWithHmacSHA1AndAES_128
      • PBEWithHmacSHA224AndAES_128
      • PBEWithHmacSHA256AndAES_128
      • PBEWithHmacSHA384AndAES_128
      • PBEWithHmacSHA512AndAES_128
      • PBEWithHmacSHA1AndAES_256
      • PBEWithHmacSHA224AndAES_256
      • PBEWithHmacSHA256AndAES_256
      • PBEWithHmacSHA384AndAES_256
      • PBEWithHmacSHA512AndAES_256

      Mac

      PKCS #12 General Method for Password Integrity

      • HmacPBESHA1
      • HmacPBESHA224 (*)
      • HmacPBESHA256 (*)
      • HmacPBESHA384 (*)
      • HmacPBESHA512 (*)

      SecretKeyFactory

      PBES2 (using PBKD2 underneath)

      • PBEWithHmacSHA1AndAES_128
      • PBEWithHmacSHA224AndAES_128
      • PBEWithHmacSHA256AndAES_128
      • PBEWithHmacSHA384AndAES_128
      • PBEWithHmacSHA512AndAES_128
      • PBEWithHmacSHA1AndAES_256
      • PBEWithHmacSHA224AndAES_256
      • PBEWithHmacSHA256AndAES_256
      • PBEWithHmacSHA384AndAES_256
      • PBEWithHmacSHA512AndAES_256

      PBKD2

      • PBKDF2WithHmacSHA1
      • PBKDF2WithHmacSHA224
      • PBKDF2WithHmacSHA256
      • PBKDF2WithHmacSHA384
      • PBKDF2WithHmacSHA512

      PKCS #12 General Method for Password Integrity

      • HmacPBESHA1
      • HmacPBESHA224 (*)
      • HmacPBESHA256 (*)
      • HmacPBESHA384 (*)
      • HmacPBESHA512 (*)

      (*) Note: neither the current PKCS #11 standard (v3.0) nor the previous (v2.40) define mechanisms for these algorithms. Until a future revision of the standard introduces these mechanisms, NSS vendor-specific constants will be used. Thus, non-NSS PKCS #11 tokens will probably not support these algorithms.

      Specification

      Make the following changes to the PKCS#11 Reference Guide:

      Java Algorithm PKCS#11 Mechanisms
      Cipher.PBEWithHmacSHA1AndAES_128 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA_1_HMAC required)
      Cipher.PBEWithHmacSHA224AndAES_128 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA224_HMAC required)
      Cipher.PBEWithHmacSHA256AndAES_128 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA256_HMAC required)
      Cipher.PBEWithHmacSHA384AndAES_128 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA384_HMAC required)
      Cipher.PBEWithHmacSHA512AndAES_128 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA512_HMAC required)
      Cipher.PBEWithHmacSHA1AndAES_256 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA_1_HMAC required)
      Cipher.PBEWithHmacSHA224AndAES_256 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA224_HMAC required)
      Cipher.PBEWithHmacSHA256AndAES_256 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA256_HMAC required)
      Cipher.PBEWithHmacSHA384AndAES_256 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA384_HMAC required)
      Cipher.PBEWithHmacSHA512AndAES_256 CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA512_HMAC required)
      Mac.HmacPBESHA1 CKM_PBA_SHA1_WITH_SHA1_HMAC (CKM_SHA_1_HMAC required)
      Mac.HmacPBESHA224 CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN (CKM_SHA224_HMAC required)
      Mac.HmacPBESHA256 CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN (CKM_SHA256_HMAC required)
      Mac.HmacPBESHA384 CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN (CKM_SHA384_HMAC required)
      Mac.HmacPBESHA512 CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN (CKM_SHA512_HMAC required))
      SecretKeyFactory.PBEWithHmacSHA1AndAES_128 CKM_PKCS5_PBKD2 (CKM_SHA_1_HMAC required)
      SecretKeyFactory.PBEWithHmacSHA224AndAES_128 CKM_PKCS5_PBKD2 (CKM_SHA224_HMAC required)
      SecretKeyFactory.PBEWithHmacSHA256AndAES_128 CKM_PKCS5_PBKD2 (CKM_SHA256_HMAC required)
      SecretKeyFactory.PBEWithHmacSHA384AndAES_128 CKM_PKCS5_PBKD2 (CKM_SHA384_HMAC required)
      SecretKeyFactory.PBEWithHmacSHA512AndAES_128 CKM_PKCS5_PBKD2 (CKM_SHA512_HMAC required)
      SecretKeyFactory.PBEWithHmacSHA1AndAES_256 CKM_PKCS5_PBKD2 (CKM_SHA_1_HMAC required)
      SecretKeyFactory.PBEWithHmacSHA224AndAES_256 CKM_PKCS5_PBKD2 (CKM_SHA224_HMAC required)
      SecretKeyFactory.PBEWithHmacSHA256AndAES_256 CKM_PKCS5_PBKD2 (CKM_SHA256_HMAC required)
      SecretKeyFactory.PBEWithHmacSHA384AndAES_256 CKM_PKCS5_PBKD2 (CKM_SHA384_HMAC required)
      SecretKeyFactory.PBEWithHmacSHA512AndAES_256 CKM_PKCS5_PBKD2 (CKM_SHA512_HMAC required)
      SecretKeyFactory.HmacPBESHA1 CKM_PBA_SHA1_WITH_SHA1_HMAC
      SecretKeyFactory.HmacPBESHA224 CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN
      SecretKeyFactory.HmacPBESHA256 CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN
      SecretKeyFactory.HmacPBESHA384 CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN
      SecretKeyFactory.HmacPBESHA512 CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN
      SecretKeyFactory.PBKDF2WithHmacSHA1 CKM_PKCS5_PBKD2 (CKM_SHA_1_HMAC required)
      SecretKeyFactory.PBKDF2WithHmacSHA224 CKM_PKCS5_PBKD2 (CKM_SHA224_HMAC required)
      SecretKeyFactory.PBKDF2WithHmacSHA256 CKM_PKCS5_PBKD2 (CKM_SHA256_HMAC required)
      SecretKeyFactory.PBKDF2WithHmacSHA384 CKM_PKCS5_PBKD2 (CKM_SHA384_HMAC required)
      SecretKeyFactory.PBKDF2WithHmacSHA512 CKM_PKCS5_PBKD2 (CKM_SHA512_HMAC required)

      Attachments

        Issue Links

          Activity

            People

              mbalao Martin Balao
              mbalao Martin Balao
              Valerie Peng
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: