Loading...

XML

Word

Printable

Type: CSR
Resolution: Approved
Priority: P4
Fix Version/s: 21
Component/s: security-libs
Labels:
None

Subcomponent:
javax.crypto:pkcs11
Compatibility Kind:

behavioral
Compatibility Risk:
low
Compatibility Risk Description:

Hide
If an application meets the following conditions: 1) invokes the Java Cryptographic Architecture (JCA) APIs directly or indirectly for Password-Based Cryptography without specifying a security provider (i.e. Cipher.getInstance("PBEWithHmacSHA1AndAES_128")); and, 2) a SunPKC11 security provider whose underlying library implements Password-Based Cryptography algorithms is installed; the SunPKCS11 service implementation may be used instead of the non-SunPKCS11 one, and keys automatically converted into PKCS #11 keys. While the change underneath should be transparent in terms of functionality (see interoperability notes in ~~JDK-8301553~~), there could be differences in performance.

To mitigate this behavioral change, the security providers preferred order can be changed in the java.security file. As an example, if the SunJCE security provider (or any other desired provider) is set to be preferred over SunPKCS11, all Password-Based Cryptography services will be served by SunJCE —SunPKCS11 implements a subset of SunJCE PBE algorithms—. Alternatively, the application can be explicit on which underlying security provider wants for a service at the time of invoking JCA APIs (i.e. Cipher.getInstance("PBEWithHmacSHA1AndAES_128", sunJCE)). Another mitigation would be to disable Password-Based Cryptography mechanisms in the PKCS #11 token (see SunPKCS11 disabledMechanisms and enabledMechanisms configuration directives in the PKCS#11 Reference Guide).

Show
If an application meets the following conditions: 1) invokes the Java Cryptographic Architecture (JCA) APIs directly or indirectly for Password-Based Cryptography without specifying a security provider (i.e. Cipher.getInstance("PBEWithHmacSHA1AndAES_128")); and, 2) a SunPKC11 security provider whose underlying library implements Password-Based Cryptography algorithms is installed; the SunPKCS11 service implementation may be used instead of the non-SunPKCS11 one, and keys automatically converted into PKCS #11 keys. While the change underneath should be transparent in terms of functionality (see interoperability notes in JDK-8301553 ), there could be differences in performance. To mitigate this behavioral change, the security providers preferred order can be changed in the java.security file. As an example, if the SunJCE security provider (or any other desired provider) is set to be preferred over SunPKCS11, all Password-Based Cryptography services will be served by SunJCE —SunPKCS11 implements a subset of SunJCE PBE algorithms—. Alternatively, the application can be explicit on which underlying security provider wants for a service at the time of invoking JCA APIs (i.e. Cipher.getInstance("PBEWithHmacSHA1AndAES_128", sunJCE)). Another mitigation would be to disable Password-Based Cryptography mechanisms in the PKCS #11 token (see SunPKCS11 disabledMechanisms and enabledMechanisms configuration directives in the PKCS#11 Reference Guide).
Interface Kind:

Other
Scope:
JDK

Summary

Update the SunPKCS11 security provider to support Password-Based Cryptography algorithms for Cipher, Mac and SecretKeyFactory services when the underlying PKCS #11 library implements the corresponding mechanisms.

Problem

The SunPKCS11 security provider does not support any Password-Based Cryptography algorithms at the moment, while the PKCS #11 standard defines mechanisms for them and different libraries (such as NSS) provide an implementation.

In addition to an application using PBE Cipher, Mac and SecretKeyFactory services directly, the lack of support for these algorithms prevents SunPKCS11 from being used for key privacy and integrity in PKCS #12 key stores implemented by the SUN security provider.

Read more information about PKCS #11 mechanisms for Password-Based Cryptography in the following sections of the standard:

Section 2.26 PKCS #5 and PKCS #5-style password-based encryption (PBE) of v2.40
Section 2.27 PKCS #12 password-based encryption/authentication mechanisms of v2.40
Section 2.37 PKCS #5 and PKCS #5-style password-based encryption (PBE) of v3.0
Section 2.38 PKCS #12 password-based encryption/authentication mechanisms of v3.0

Solution

Enhance the SunPKCS11 security provider to support the following Password-Based Cryptography services and algorithms:

Cipher

PBES2 (using PBKD2 underneath)

PBEWithHmacSHA1AndAES_128
PBEWithHmacSHA224AndAES_128
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA384AndAES_128
PBEWithHmacSHA512AndAES_128
PBEWithHmacSHA1AndAES_256
PBEWithHmacSHA224AndAES_256
PBEWithHmacSHA256AndAES_256
PBEWithHmacSHA384AndAES_256
PBEWithHmacSHA512AndAES_256

Mac

PKCS #12 General Method for Password Integrity

HmacPBESHA1
HmacPBESHA224 (*)
HmacPBESHA256 (*)
HmacPBESHA384 (*)
HmacPBESHA512 (*)

SecretKeyFactory

PBES2 (using PBKD2 underneath)

PBEWithHmacSHA1AndAES_128
PBEWithHmacSHA224AndAES_128
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA384AndAES_128
PBEWithHmacSHA512AndAES_128
PBEWithHmacSHA1AndAES_256
PBEWithHmacSHA224AndAES_256
PBEWithHmacSHA256AndAES_256
PBEWithHmacSHA384AndAES_256
PBEWithHmacSHA512AndAES_256

PBKD2

PBKDF2WithHmacSHA1
PBKDF2WithHmacSHA224
PBKDF2WithHmacSHA256
PBKDF2WithHmacSHA384
PBKDF2WithHmacSHA512

PKCS #12 General Method for Password Integrity

HmacPBESHA1
HmacPBESHA224 (*)
HmacPBESHA256 (*)
HmacPBESHA384 (*)
HmacPBESHA512 (*)

(*) Note: neither the current PKCS #11 standard (v3.0) nor the previous (v2.40) define mechanisms for these algorithms. Until a future revision of the standard introduces these mechanisms, NSS vendor-specific constants will be used. Thus, non-NSS PKCS #11 tokens will probably not support these algorithms.

Specification

Make the following changes to the PKCS#11 Reference Guide:

Update Table 5-3 "Java Algorithms Supported by the SunPKCS11 Provider" to add the following rows:

Java Algorithm	PKCS#11 Mechanisms
Cipher.PBEWithHmacSHA1AndAES_128	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA_1_HMAC required)
Cipher.PBEWithHmacSHA224AndAES_128	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA224_HMAC required)
Cipher.PBEWithHmacSHA256AndAES_128	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA256_HMAC required)
Cipher.PBEWithHmacSHA384AndAES_128	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA384_HMAC required)
Cipher.PBEWithHmacSHA512AndAES_128	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA512_HMAC required)
Cipher.PBEWithHmacSHA1AndAES_256	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA_1_HMAC required)
Cipher.PBEWithHmacSHA224AndAES_256	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA224_HMAC required)
Cipher.PBEWithHmacSHA256AndAES_256	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA256_HMAC required)
Cipher.PBEWithHmacSHA384AndAES_256	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA384_HMAC required)
Cipher.PBEWithHmacSHA512AndAES_256	CKM_AES_CBC_PAD, CKM_AES_CBC (CKM_PKCS5_PBKD2 and CKM_SHA512_HMAC required)
Mac.HmacPBESHA1	CKM_PBA_SHA1_WITH_SHA1_HMAC (CKM_SHA_1_HMAC required)
Mac.HmacPBESHA224	CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN (CKM_SHA224_HMAC required)
Mac.HmacPBESHA256	CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN (CKM_SHA256_HMAC required)
Mac.HmacPBESHA384	CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN (CKM_SHA384_HMAC required)
Mac.HmacPBESHA512	CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN (CKM_SHA512_HMAC required))
SecretKeyFactory.PBEWithHmacSHA1AndAES_128	CKM_PKCS5_PBKD2 (CKM_SHA_1_HMAC required)
SecretKeyFactory.PBEWithHmacSHA224AndAES_128	CKM_PKCS5_PBKD2 (CKM_SHA224_HMAC required)
SecretKeyFactory.PBEWithHmacSHA256AndAES_128	CKM_PKCS5_PBKD2 (CKM_SHA256_HMAC required)
SecretKeyFactory.PBEWithHmacSHA384AndAES_128	CKM_PKCS5_PBKD2 (CKM_SHA384_HMAC required)
SecretKeyFactory.PBEWithHmacSHA512AndAES_128	CKM_PKCS5_PBKD2 (CKM_SHA512_HMAC required)
SecretKeyFactory.PBEWithHmacSHA1AndAES_256	CKM_PKCS5_PBKD2 (CKM_SHA_1_HMAC required)
SecretKeyFactory.PBEWithHmacSHA224AndAES_256	CKM_PKCS5_PBKD2 (CKM_SHA224_HMAC required)
SecretKeyFactory.PBEWithHmacSHA256AndAES_256	CKM_PKCS5_PBKD2 (CKM_SHA256_HMAC required)
SecretKeyFactory.PBEWithHmacSHA384AndAES_256	CKM_PKCS5_PBKD2 (CKM_SHA384_HMAC required)
SecretKeyFactory.PBEWithHmacSHA512AndAES_256	CKM_PKCS5_PBKD2 (CKM_SHA512_HMAC required)
SecretKeyFactory.HmacPBESHA1	CKM_PBA_SHA1_WITH_SHA1_HMAC
SecretKeyFactory.HmacPBESHA224	CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN
SecretKeyFactory.HmacPBESHA256	CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN
SecretKeyFactory.HmacPBESHA384	CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN
SecretKeyFactory.HmacPBESHA512	CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN
SecretKeyFactory.PBKDF2WithHmacSHA1	CKM_PKCS5_PBKD2 (CKM_SHA_1_HMAC required)
SecretKeyFactory.PBKDF2WithHmacSHA224	CKM_PKCS5_PBKD2 (CKM_SHA224_HMAC required)
SecretKeyFactory.PBKDF2WithHmacSHA256	CKM_PKCS5_PBKD2 (CKM_SHA256_HMAC required)
SecretKeyFactory.PBKDF2WithHmacSHA384	CKM_PKCS5_PBKD2 (CKM_SHA384_HMAC required)
SecretKeyFactory.PBKDF2WithHmacSHA512	CKM_PKCS5_PBKD2 (CKM_SHA512_HMAC required)

csr of

JDK-8301553 Support Password-Based Cryptography in SunPKCS11

Resolved

relates to

JDK-8335288 SunPKCS11 initialization will call C_GetMechanismInfo on unsupported mechanisms

Closed

Assignee:: Martin Balao Alonso

Reporter:: Martin Balao Alonso

Reviewed By:: Valerie Peng

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023-05-23 13:02

Updated:: 2024-06-27 15:13

Resolved:: 2023-06-05 22:35

Details

Description

Summary

Problem

Solution

Specification

Attachments

Issue Links

Activity

People

Dates