Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8207031

CKM_SSL3_PRE_MASTER_KEY_GEN used without need in P11RSACipher.class

    Details

      Description

      ADDITIONAL SYSTEM INFORMATION :
      Windows 7
      java version "1.8.0_171"
      Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
      Java HotSpot(TM) Client VM (build 25.171-b11, mixed mode, sharing)

      A DESCRIPTION OF THE PROBLEM :
      In old versions of Java 8, the CKM_SSL3_PRE_MASTER_KEY_GEN mechanism would only be used if required.
      Since change http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/ab54163c8610 this mechanism is always used,
      even if the result will be -discarded-.

      This is an issue for us because we use a PKCS11 smart card library which does not support CKM_SSL3_PRE_MASTER_KEY_GEN.
      Since this change we can no longer use SSL with this library.

      The relevant code is in P11RSACipher.polishPreMasterSecretKey

      The old version worked like so:
              if (failover != null) {
      // Do Stuff with CKM_SSL3_PRE_MASTER_KEY_GEN which creates secretKey, only called if failover needed
              }
              return secretKey;

      The new version works like so:
              SecretKey newKey;
              // Do Stuff with CKM_SSL3_PRE_MASTER_KEY_GEN which creates secretKey, now called always
              return (failover == null) ? unwrappedKey : newKey;

      Solution would be to add the if statement surrounding the keygeneration again so it isnt mandatory. See code below:

      private static SecretKey polishPreMasterSecretKey(
                  Token token, Session session,
                  Exception failover, SecretKey unwrappedKey,
                  int clientVersion, int serverVersion) {

              SecretKey newKey = null;
              if (failover != null) {
                  CK_VERSION version = new CK_VERSION(
                          (clientVersion >>> 8) & 0xFF, clientVersion & 0xFF);
                  try {
                      CK_ATTRIBUTE[] attributes = token.getAttributes(
                              O_GENERATE, CKO_SECRET_KEY,
                              CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
                      long keyID = token.p11.C_GenerateKey(session.id(),
                              new CK_MECHANISM(CKM_SSL3_PRE_MASTER_KEY_GEN, version),
                              attributes);
                      newKey = P11Key.secretKey(session,
                              keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
                  } catch (PKCS11Exception e) {
                      throw new ProviderException(
                              "Could not generate premaster secret", e);
                  }
              }

              return (failover == null) ? unwrappedKey : newKey;
          }


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      This can be reproduced for example with cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 and TLSv1.2 on the server side.
      The result is that the CKM_SSL3_PRE_MASTER_KEY_GEN mechanism is used, even when not needed.


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Finishing the client and server handshakes.
      ACTUAL -
      When this mechanism isnt implemented in the custom pkcs11 implemention, an exception will be triggered like below:

      RSA premaster secret decryption error:
      java.security.ProviderException: Could not generate premaster secret
                      at sun.security.pkcs11.P11RSACipher.polishPreMasterSecretKey(P11RSACipher.java:584)
                      at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:548)
                      at javax.crypto.Cipher.unwrap(Cipher.java:2549)
                      at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:187)
                      at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:253)
                      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
                      at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
                      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
                      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
                      at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
                      at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
      Exception in thread "main" javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate dummy secret
                      at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)
                      at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
                      at mytest.Server.main(Server.java:23)
                      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
      Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_NOT_SUPPORTED
                      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1921)
                      at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKey(Native Method)
                      at sun.security.pkcs11.P11RSACipher.polishPreMasterSecretKey(P11RSACipher.java:578)
                      ... 12 more
      main, handling exception: java.lang.RuntimeException: Could not generate dummy secret
      %% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_GCM_SHA384]
      main, SEND TLSv1.2 ALERT: fatal, description = internal_error
                      at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1904)
      main, WRITE: TLSv1.2 Alert, length = 2
                      at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1830)
      [Raw write]: length = 7
      0000: 15 03 03 00 02 02 50 ......P
                      at sun.security.ssl.AppInputStream.read(AppInputStream.java:116)
      main, called closeSocket()
                      at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)
                      at mytest.Server.main(Server.java:23)
      Caused by: java.lang.RuntimeException: Could not generate dummy secret
                      at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:200)
                      at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:253)
                      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
                      at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
                      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
                      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
                      at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
                      at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
                      ... 2 more
      Caused by: java.security.ProviderException: Could not generate premaster secret
                      at sun.security.pkcs11.P11RSACipher.polishPreMasterSecretKey(P11RSACipher.java:584)
                      at sun.security.pkcs11.P11RSACipher.engineUnwrap(P11RSACipher.java:548)
                      at javax.crypto.Cipher.unwrap(Cipher.java:2549)
                      at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:187)
                      ... 9 more
      Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_NOT_SUPPORTED
                      at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKey(Native Method)
                      at sun.security.pkcs11.P11RSACipher.polishPreMasterSecretKey(P11RSACipher.java:578)
                      ... 12 more


      CUSTOMER SUBMITTED WORKAROUND :
      Using java version "1.8.0_45"

      FREQUENCY : always


        Attachments

          Activity

            People

            • Assignee:
              igerasim Ivan Gerasimov
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: