8325164: Named groups and signature schemes unavailable with SunPKCS11 in FIPS mode

Reviewed-by: valeriep
2024-03-13 19:09:52 +00:00 · 2024-03-13 19:09:52 +00:00 · 8f9899b23e
commit 8f9899b23e
parent eb45d5bd64
10 changed files with 66 additions and 67 deletions
--- a/src/java.base/share/classes/sun/security/ec/ECKeyPairGenerator.java
+++ b/src/java.base/share/classes/sun/security/ec/ECKeyPairGenerator.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -29,7 +29,6 @@ import java.security.*;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.ECGenParameterSpec;
 import java.security.spec.ECParameterSpec;
-import java.security.spec.ECPoint;
 import java.security.spec.InvalidParameterSpecException;
 import java.util.Arrays;
 import java.util.Optional;
@ -37,7 +36,7 @@ import java.util.Optional;
 import sun.security.jca.JCAUtil;
 import sun.security.util.ECUtil;
 import sun.security.util.math.*;
-import sun.security.ec.point.*;
+
 import static sun.security.util.SecurityProviderConstants.DEF_EC_KEY_SIZE;
 import static sun.security.ec.ECOperations.IntermediateValueException;

@ -74,7 +73,7 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
    public void initialize(int keySize, SecureRandom random) {

        checkKeySize(keySize);
-        this.params = ECUtil.getECParameterSpec(null, keySize);
+        this.params = ECUtil.getECParameterSpec(keySize);
        if (params == null) {
            throw new InvalidParameterException(
                "No EC parameters available for key size " + keySize + " bits");
@ -91,14 +90,14 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {

        if (params instanceof ECParameterSpec) {
            ECParameterSpec ecParams = (ECParameterSpec) params;
-            ecSpec = ECUtil.getECParameterSpec(null, ecParams);
+            ecSpec = ECUtil.getECParameterSpec(ecParams);
            if (ecSpec == null) {
                throw new InvalidAlgorithmParameterException(
                    "Curve not supported: " + params);
            }
        } else if (params instanceof ECGenParameterSpec) {
            String name = ((ECGenParameterSpec) params).getName();
-            ecSpec = ECUtil.getECParameterSpec(null, name);
+            ecSpec = ECUtil.getECParameterSpec(name);
            if (ecSpec == null) {
                throw new InvalidAlgorithmParameterException(
                    "Unknown curve name: " + name);
@ -120,7 +119,7 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
        throws InvalidAlgorithmParameterException {

        // Check if ecSpec is a valid curve
-        AlgorithmParameters ecParams = ECUtil.getECParameters(null);
+        AlgorithmParameters ecParams = ECUtil.getECParameters();
        try {
            ecParams.init(ecSpec);
        } catch (InvalidParameterSpecException ex) {
--- a/src/java.base/share/classes/sun/security/util/ECUtil.java
+++ b/src/java.base/share/classes/sun/security/util/ECUtil.java
@ -140,21 +140,16 @@ public final class ECUtil {
        return (ECPrivateKey)keyFactory.generatePrivate(keySpec);
    }

-    public static AlgorithmParameters getECParameters(Provider p) {
+    public static AlgorithmParameters getECParameters() {
        try {
-            if (p != null) {
-                return AlgorithmParameters.getInstance("EC", p);
-            }
-
            return AlgorithmParameters.getInstance("EC");
        } catch (NoSuchAlgorithmException nsae) {
            throw new RuntimeException(nsae);
        }
    }

-    public static byte[] encodeECParameterSpec(Provider p,
-                                               ECParameterSpec spec) {
-        AlgorithmParameters parameters = getECParameters(p);
+    public static byte[] encodeECParameterSpec(ECParameterSpec spec) {
+        AlgorithmParameters parameters = getECParameters();

        try {
            parameters.init(spec);
@ -170,9 +165,8 @@ public final class ECUtil {
        }
    }

-    public static ECParameterSpec getECParameterSpec(Provider p,
-                                                     ECParameterSpec spec) {
-        AlgorithmParameters parameters = getECParameters(p);
+    public static ECParameterSpec getECParameterSpec(ECParameterSpec spec) {
+        AlgorithmParameters parameters = getECParameters();

        try {
            parameters.init(spec);
@ -182,10 +176,9 @@ public final class ECUtil {
        }
    }

-    public static ECParameterSpec getECParameterSpec(Provider p,
-                                                     byte[] params)
+    public static ECParameterSpec getECParameterSpec(byte[] params)
            throws IOException {
-        AlgorithmParameters parameters = getECParameters(p);
+        AlgorithmParameters parameters = getECParameters();

        parameters.init(params);

@ -196,8 +189,8 @@ public final class ECUtil {
        }
    }

-    public static ECParameterSpec getECParameterSpec(Provider p, String name) {
-        AlgorithmParameters parameters = getECParameters(p);
+    public static ECParameterSpec getECParameterSpec(String name) {
+        AlgorithmParameters parameters = getECParameters();

        try {
            parameters.init(new ECGenParameterSpec(name));
@ -207,8 +200,8 @@ public final class ECUtil {
        }
    }

-    public static ECParameterSpec getECParameterSpec(Provider p, int keySize) {
-        AlgorithmParameters parameters = getECParameters(p);
+    public static ECParameterSpec getECParameterSpec(int keySize) {
+        AlgorithmParameters parameters = getECParameters();

        try {
            parameters.init(new ECKeySizeParameterSpec(keySize));
@ -219,9 +212,9 @@ public final class ECUtil {

    }

-    public static String getCurveName(Provider p, ECParameterSpec spec) {
+    public static String getCurveName(ECParameterSpec spec) {
        ECGenParameterSpec nameSpec;
-        AlgorithmParameters parameters = getECParameters(p);
+        AlgorithmParameters parameters = getECParameters();

        try {
            parameters.init(spec);
--- a/src/java.base/share/classes/sun/security/util/KeyUtil.java
+++ b/src/java.base/share/classes/sun/security/util/KeyUtil.java
@ -153,7 +153,7 @@ public final class KeyUtil {

                // Note: the ECGenParameterSpec case should be covered by the
                // ECParameterSpec case above.
-                // See ECUtil.getECParameterSpec(Provider, String).
+                // See ECUtil.getECParameterSpec(String).

                break;
            case "DiffieHellman":
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECKeyFactory.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECKeyFactory.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -64,25 +64,25 @@ final class P11ECKeyFactory extends P11KeyFactory {
    }

    static ECParameterSpec getECParameterSpec(String name) {
-        return ECUtil.getECParameterSpec(getSunECProvider(), name);
+        return ECUtil.getECParameterSpec(name);
    }

    static ECParameterSpec getECParameterSpec(int keySize) {
-        return ECUtil.getECParameterSpec(getSunECProvider(), keySize);
+        return ECUtil.getECParameterSpec(keySize);
    }

    // Check that spec is a known supported curve and convert it to our
    // ECParameterSpec subclass. If not possible, return null.
    static ECParameterSpec getECParameterSpec(ECParameterSpec spec) {
-        return ECUtil.getECParameterSpec(getSunECProvider(), spec);
+        return ECUtil.getECParameterSpec(spec);
    }

    static ECParameterSpec decodeParameters(byte[] params) throws IOException {
-        return ECUtil.getECParameterSpec(getSunECProvider(), params);
+        return ECUtil.getECParameterSpec(params);
    }

    static byte[] encodeParameters(ECParameterSpec params) {
-        return ECUtil.encodeECParameterSpec(getSunECProvider(), params);
+        return ECUtil.encodeECParameterSpec(params);
    }

    static ECPoint decodePoint(byte[] encoded, EllipticCurve curve) throws IOException {
@ -220,7 +220,7 @@ final class P11ECKeyFactory extends P11KeyFactory {
    private PublicKey generatePublic(ECPoint point, ECParameterSpec params)
            throws PKCS11Exception {
        byte[] encodedParams =
-            ECUtil.encodeECParameterSpec(getSunECProvider(), params);
+            ECUtil.encodeECParameterSpec(params);
        byte[] encodedPoint =
            ECUtil.encodePoint(point, params.getCurve());

@ -254,7 +254,7 @@ final class P11ECKeyFactory extends P11KeyFactory {
    private PrivateKey generatePrivate(BigInteger s, ECParameterSpec params)
            throws PKCS11Exception {
        byte[] encodedParams =
-            ECUtil.encodeECParameterSpec(getSunECProvider(), params);
+            ECUtil.encodeECParameterSpec(params);
        CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
            new CK_ATTRIBUTE(CKA_CLASS, CKO_PRIVATE_KEY),
            new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_EC),
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -1378,7 +1378,7 @@ final class P11KeyStore extends KeyStoreSpi {
            byte[] encodedParams = attrs[0].getByteArray();
            try {
                ECParameterSpec params =
-                    ECUtil.getECParameterSpec(null, encodedParams);
+                    ECUtil.getECParameterSpec(encodedParams);
                keyLength = params.getCurve().getField().getFieldSize();
            } catch (IOException e) {
                // we do not want to accept key with unsupported parameters
@ -1776,7 +1776,7 @@ final class P11KeyStore extends KeyStoreSpi {
            }

            byte[] encodedParams =
-                ECUtil.encodeECParameterSpec(null, ecKey.getParams());
+                ECUtil.encodeECParameterSpec(ecKey.getParams());
            attrs = new CK_ATTRIBUTE[] {
                ATTR_TOKEN_TRUE,
                ATTR_CLASS_PKEY,
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java
@ -776,7 +776,7 @@ final class P11PSSSignature extends SignatureSpi {
    protected AlgorithmParameters engineGetParameters() {
        if (this.sigParams != null) {
            try {
-                AlgorithmParameters ap = AlgorithmParameters.getInstance("RSASSA-PSS");
+                AlgorithmParameters ap = AlgorithmParameters.getInstance("RSASSA-PSS", token.provider);
                ap.init(this.sigParams);
                return ap;
            } catch (GeneralSecurityException e) {
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@ -42,7 +42,9 @@ import javax.security.auth.callback.PasswordCallback;

 import com.sun.crypto.provider.ChaCha20Poly1305Parameters;

+import com.sun.crypto.provider.DHParameters;
 import jdk.internal.misc.InnocuousThread;
+import sun.security.rsa.PSSParameters;
 import sun.security.util.Debug;
 import sun.security.util.ResourcesMgr;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
@ -707,6 +709,14 @@ public final class SunPKCS11 extends AuthProvider {
                "com.sun.crypto.provider.ChaCha20Poly1305Parameters",
                m(CKM_CHACHA20_POLY1305));

+        dA(AGP, "RSASSA-PSS",
+                "sun.security.rsa.PSSParameters",
+                m(CKM_RSA_PKCS_PSS));
+
+        dA(AGP, "DiffieHellman",
+                "com.sun.crypto.provider.DHParameters",
+                m(CKM_DH_PKCS_DERIVE));
+
        d(KA, "DH",             P11KeyAgreement,
                dhAlias,
                m(CKM_DH_PKCS_DERIVE));
@ -1496,6 +1506,10 @@ public final class SunPKCS11 extends AuthProvider {
                    return new sun.security.util.GCMParameters();
                } else if (algorithm == "ChaCha20-Poly1305") {
                    return new ChaCha20Poly1305Parameters(); // from SunJCE
+                } else if (algorithm == "RSASSA-PSS") {
+                    return new PSSParameters(); // from SunRsaSign
+                } else if (algorithm == "DiffieHellman") {
+                    return new DHParameters(); // from SunJCE
                } else {
                    throw new NoSuchAlgorithmException("Unsupported algorithm: "
                            + algorithm);
--- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
+++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,7 @@ import java.security.interfaces.*;

 /*
 * @test
- * @bug 8080462 8226651 8242332
+ * @bug 8080462 8226651 8242332 8325164
 * @summary testing interoperability of PSS signatures of PKCS11 provider
 *         against SunRsaSign provider
 * @library /test/lib ..
@ -51,9 +51,12 @@ public class SigInteropPSS2 extends PKCS11Test {
    @Override
    public void main(Provider p) throws Exception {

+        Provider sunRsaSign = Security.getProvider("SunRsaSign");
+        Security.removeProvider("SunRsaSign");
+
        Signature sigPkcs11;
        Signature sigSunRsaSign =
-                Signature.getInstance("RSASSA-PSS", "SunRsaSign");
+                Signature.getInstance("RSASSA-PSS", sunRsaSign);

        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p);
            kpg.initialize(3072);
--- a/test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java
+++ b/test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java
@ -23,7 +23,7 @@

 /*
 * @test
- * @bug 8029661
+ * @bug 8029661 8325164
 * @summary Test TLS 1.2
 * @modules java.base/sun.security.internal.spec
 *          java.base/sun.security.util
@ -412,6 +412,18 @@ public final class FipsModeTLS12 extends SecmodTest {
            ssle = sslCtx.createSSLEngine("localhost", 443);
            ssle.setUseClientMode(client);
            SSLParameters sslParameters = ssle.getSSLParameters();
+            // verify that FFDHE named groups are available
+            boolean ffdheAvailable = Arrays.stream(sslParameters.getNamedGroups())
+                    .anyMatch(ng -> ng.startsWith("ffdhe"));
+            if (!ffdheAvailable) {
+                throw new RuntimeException("No FFDHE named groups available");
+            }
+            // verify that ECDHE named groups are available
+            boolean ecdheAvailable = Arrays.stream(sslParameters.getNamedGroups())
+                    .anyMatch(ng -> ng.startsWith("secp"));
+            if (!ecdheAvailable) {
+                throw new RuntimeException("No ECDHE named groups available");
+            }
            ssle.setSSLParameters(sslParameters);

            return ssle;
@ -426,28 +438,6 @@ public final class FipsModeTLS12 extends SecmodTest {
        //  1. SunPKCS11 (with an NSS FIPS mode backend)
        //  2. SUN (to handle X.509 certificates)
        //  3. SunJSSE (for a TLS engine)
-        //
-        // RSASSA-PSS algorithm is not currently supported in SunPKCS11
-        // but in SUN provider. As a result, it can be negotiated by the
-        // TLS engine. The problem is that SunPKCS11 keys are sensitive
-        // in FIPS mode and cannot be used in a SUN algorithm (conversion
-        // fails as plain values cannot be extracted).
-        //
-        // To workaround this issue, we disable RSASSA-PSS algorithm for
-        // TLS connections. Once JDK-8222937 is fixed, this workaround can
-        // (and should) be removed.
-        //
-        // On a final note, the list of disabled TLS algorithms
-        // (jdk.tls.disabledAlgorithms) has to be updated at this point,
-        // before it is read in sun.security.ssl.SSLAlgorithmConstraints
-        // class initialization.
-        String disabledAlgorithms =
-                Security.getProperty("jdk.tls.disabledAlgorithms");
-        if (disabledAlgorithms.length() > 0) {
-            disabledAlgorithms += ", ";
-        }
-        disabledAlgorithms += "RSASSA-PSS";
-        Security.setProperty("jdk.tls.disabledAlgorithms", disabledAlgorithms);

        if (initSecmod() == false) {
            return;
--- a/test/jdk/sun/security/tools/keytool/fakegen/java.base/sun/security/ec/ECKeyPairGenerator.java
+++ b/test/jdk/sun/security/tools/keytool/fakegen/java.base/sun/security/ec/ECKeyPairGenerator.java
@ -74,7 +74,7 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
                    " has been patched. Key size " + keySize +
                    " is not supported");
        }
-        ECParameterSpec ecParams = ECUtil.getECParameterSpec(null, keySize);
+        ECParameterSpec ecParams = ECUtil.getECParameterSpec(keySize);
        try {
            return new KeyPair(new ECPublicKeyImpl(new ECPoint(x, y), ecParams),
                    new ECPrivateKeyImpl(s, ecParams));