-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
26
-
None
with the following exception:
javax.net.ssl.SSLHandshakeException: Could not generate secret
at java.base/sun.security.ssl.SSLTrafficKeyDerivation$T13TrafficKeyDerivation.deriveKey(SSLTrafficKeyDerivation.java:156)
at java.base/sun.security.ssl.KeyUpdate$KeyUpdateProducer.produce(KeyUpdate.java:302)
at java.base/sun.security.ssl.KeyUpdate$KeyUpdateKickstartProducer.produce(KeyUpdate.java:172)
at java.base/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:567)
at java.base/sun.security.ssl.PostHandshakeContext.kickstart(PostHandshakeContext.java:67)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:256)
at java.base/sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:104)
at java.base/sun.security.ssl.SSLEngineImpl.tryKeyUpdate(SSLEngineImpl.java:403)
at java.base/sun.security.ssl.SSLEngineImpl.encode(SSLEngineImpl.java:348)
at java.base/sun.security.ssl.SSLEngineImpl.writeRecord(SSLEngineImpl.java:248)
at java.base/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:143)
at java.base/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:120)
at java.base/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:518)
(snip)
Caused by: java.security.InvalidAlgorithmParameterException: The specified SunPKCS11-NSSKeyStore provider does not support this input
at java.base/javax.crypto.KDF.rethrow(KDF.java:495)
at java.base/javax.crypto.KDF.deriveKey(KDF.java:546)
at java.base/sun.security.ssl.SSLTrafficKeyDerivation$T13TrafficKeyDerivation.deriveKey(SSLTrafficKeyDerivation.java:154)
... 18 more
Caused by: java.security.InvalidAlgorithmParameterException: Key length was 384 but must be between 128 and 256 bits
at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyGenerator.checkKeySize(P11KeyGenerator.java:161)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyGenerator.checkKeySize(P11KeyGenerator.java:131)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.derive(P11HKDF.java:169)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.engineDeriveKey(P11HKDF.java:109)
at java.base/javax.crypto.KDF.deriveKey(KDF.java:544)
... 19 more
That's because the TlsUpdateNplus1 traffic secret incorrectly uses the bulk cipher's algorithm type, in this case AES. The algorithm type is ignored by SunJCE, but SunPKCS11 uses it to validate other key properties.
javax.net.ssl.SSLHandshakeException: Could not generate secret
at java.base/sun.security.ssl.SSLTrafficKeyDerivation$T13TrafficKeyDerivation.deriveKey(SSLTrafficKeyDerivation.java:156)
at java.base/sun.security.ssl.KeyUpdate$KeyUpdateProducer.produce(KeyUpdate.java:302)
at java.base/sun.security.ssl.KeyUpdate$KeyUpdateKickstartProducer.produce(KeyUpdate.java:172)
at java.base/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:567)
at java.base/sun.security.ssl.PostHandshakeContext.kickstart(PostHandshakeContext.java:67)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:256)
at java.base/sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:104)
at java.base/sun.security.ssl.SSLEngineImpl.tryKeyUpdate(SSLEngineImpl.java:403)
at java.base/sun.security.ssl.SSLEngineImpl.encode(SSLEngineImpl.java:348)
at java.base/sun.security.ssl.SSLEngineImpl.writeRecord(SSLEngineImpl.java:248)
at java.base/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:143)
at java.base/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:120)
at java.base/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:518)
(snip)
Caused by: java.security.InvalidAlgorithmParameterException: The specified SunPKCS11-NSSKeyStore provider does not support this input
at java.base/javax.crypto.KDF.rethrow(KDF.java:495)
at java.base/javax.crypto.KDF.deriveKey(KDF.java:546)
at java.base/sun.security.ssl.SSLTrafficKeyDerivation$T13TrafficKeyDerivation.deriveKey(SSLTrafficKeyDerivation.java:154)
... 18 more
Caused by: java.security.InvalidAlgorithmParameterException: Key length was 384 but must be between 128 and 256 bits
at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyGenerator.checkKeySize(P11KeyGenerator.java:161)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyGenerator.checkKeySize(P11KeyGenerator.java:131)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.derive(P11HKDF.java:169)
at jdk.crypto.cryptoki/sun.security.pkcs11.P11HKDF.engineDeriveKey(P11HKDF.java:109)
at java.base/javax.crypto.KDF.deriveKey(KDF.java:544)
... 19 more
That's because the TlsUpdateNplus1 traffic secret incorrectly uses the bulk cipher's algorithm type, in this case AES. The algorithm type is ignored by SunJCE, but SunPKCS11 uses it to validate other key properties.
- links to
-
Review(master)
openjdk/jdk/27498