> TLS `*_CHACHA20_POLY1305_*` cipher suites are currently broken when > configuration with SunPKCS11 provider is used. I discovered this by my > ssl-tests testsuite [1]. > > > make TEST_PKCS11_FIPS=1 > SSLTESTS_SSL_CONFIG_FILTER=SunJSSE,Default,TLSv1.2,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > SSLTESTS_CUSTOM_JAVA_PARAMS=-Djdk.tls.ephemeralDHKeySize=2048 ssl-tests > ... > javax.net.ssl.SSLException: Unknown algorithm: ChaCha20-Poly1305 > at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:132) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314) > at > java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309) > at > java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1712) > at > java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:470) > at > java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426) > at SSLSocketClient.test(SSLSocketClient.java:72) > at SSLSocketTester.testConfiguration(SSLSocketTester.java:392) > at SSLSocketTester.testConfigurations(SSLSocketTester.java:322) > at SSLSocketTester.testProvider(SSLSocketTester.java:234) > at SSLSocketTester.testProviders(SSLSocketTester.java:190) > at Main.main(Main.java:30) > Caused by: java.security.ProviderException: Unknown algorithm: > ChaCha20-Poly1305 > at > jdk.crypto.cryptoki/sun.security.pkcs11.P11TlsKeyMaterialGenerator.engineGenerateKey(P11TlsKeyMaterialGenerator.java:168) > at > java.base/javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:564) > at > java.base/sun.security.ssl.SSLTrafficKeyDerivation$LegacyTrafficKeyDerivation.<init>(SSLTrafficKeyDerivation.java:282) > at > java.base/sun.security.ssl.SSLTrafficKeyDerivation$T12TrafficKeyDerivationGenerator.createKeyDerivation(SSLTrafficKeyDerivation.java:117) > at > java.base/sun.security.ssl.SSLTrafficKeyDerivation.createKeyDerivation(SSLTrafficKeyDerivation.java:79) > at > java.base/sun.security.ssl.DHClientKeyExchange$DHClientKeyExchangeProducer.produce(DHClientKeyExchange.java:221) > at > java.base/sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65) > at > java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:440) > at > java.base/sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182) > at > java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) > at > java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) > at > java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458) > at > java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) > at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) > at > java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510) > at > java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425) > at > java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) > ... 7 more > > FAILED: SunJSSE/Default: TLSv1.2 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > > > Problem: > Exception is thrown by P11TlsKeyMaterialGenerator.engineGenerateKey method > [2], based on result of P11SecretKeyFactory.getKeyType method [3], which only > "knows" "ChaCha20" key algorithm, but does not accept "ChaCha20-Poly1305" as > algorithm. Algorithm value is passed from > SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation class [4], which leads to > algorithm field in SSLCipher class [5]. Value of that field comes from cipher > name in JsseJce class [6] (ending at first slash, if any). > > Fix: > This fix basically modifies P11SecretKeyFactory.getKeyType method to accept > "ChaCha20-Poly1305" as alias for "ChaCha20". > > Testing: > I ran jdk_security tests locally and they passed. Also failure in ssl-tests > gets fixed. > > [1] https://github.com/zzambers/ssl-tests > [2] > https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsKeyMaterialGenerator.java#L168 > [3] > https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java#L101 > [4] > https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java#L270 > [5] > https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/SSLCipher.java#L496 > [6] > https://github.com/openjdk/jdk/blob/b7a34f728d0653d55ef01da045c9aad4c0471143/src/java.base/share/classes/sun/security/ssl/JsseJce.java#L81
zzambers has updated the pull request incrementally with one additional commit since the last revision: Updated copyright date in P11SecretKeyFactory.java ------------- Changes: - all: https://git.openjdk.org/jdk/pull/9072/files - new: https://git.openjdk.org/jdk/pull/9072/files/b9c070c3..804b2f0f Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=9072&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=9072&range=03-04 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/9072.diff Fetch: git fetch https://git.openjdk.org/jdk pull/9072/head:pull/9072 PR: https://git.openjdk.org/jdk/pull/9072
