Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8226650

PKCS11.C_EncryptInit does not forward the CK_GCM_PARAMS correctly

    Details

      Description

      A DESCRIPTION OF THE PROBLEM :
      Tested OpenJDK 13 EA with SoftHSM2 v2.5.1 (current development version). Calling PKCS11.C_EncryptInit ends always with the error CKR_ARGUMENTS_BAD. The following code block in SoftHSM.cpp is responsible for this error:

      case CKM_AES_GCM:
      algo = SymAlgo::AES;
      mode = SymMode::GCM;
      if (pMechanism->pParameter == NULL_PTR ||
      pMechanism->ulParameterLen != sizeof(CK_GCM_PARAMS))
      {
      DEBUG_MSG("GCM mode requires parameters");
      return CKR_ARGUMENTS_BAD;
      }

      It seems that PKCS11.C_EncryptInit() does not forward the CK_GCM_PARAMS correctly to the underlying Cryptoki library.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      No error.
      ACTUAL -
      Got error sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD

      ---------- BEGIN SOURCE ----------
        public static void main(String[] args) {
          try {
            final String pkcs11ModuleName = "/usr/local/lib/softhsm/libsofthsm2.so";
            final String functionList = "C_GetFunctionList";
            final boolean omitInitialize = false;
            PKCS11 pkcs11Module = PKCS11.getInstance(pkcs11ModuleName, functionList,
                  null, omitInitialize);
            long slotId = pkcs11Module.C_GetSlotList(true)[0];
            
            //final long CKF_RW_SESSION = 0x00000002L;
            //final long CKF_SERIAL_SESSION = 0x00000004L;
            long flags = PKCS11Constants.CKF_SERIAL_SESSION | PKCS11Constants.CKF_RW_SESSION;
            long hSession = pkcs11Module.C_OpenSession(slotId, flags, null, null);
            char[] pin = "123456".toCharArray();
            pkcs11Module.C_Login(hSession, PKCS11Constants.CKU_USER, pin);

            // generate an AES key
            CK_MECHANISM pMechanism = new CK_MECHANISM(PKCS11Constants.CKM_AES_KEY_GEN);
            List<CK_ATTRIBUTE> attrs = new LinkedList<>();
            attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_CLASS, PKCS11Constants.CKO_SECRET_KEY));
            attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_KEY_TYPE, PKCS11Constants.CKK_AES));
            attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_VALUE_LEN, 16));
            attrs.add(new CK_ATTRIBUTE(PKCS11Constants.CKA_SENSITIVE, true));
            
            long hKey = pkcs11Module.C_GenerateKey(
                          hSession, pMechanism, attrs.toArray(new CK_ATTRIBUTE[0]));
            
            byte[] iv = new byte[12];
            new SecureRandom().nextBytes(iv);
            byte[] aad = "hello".getBytes();
            CK_GCM_PARAMS params = new CK_GCM_PARAMS(128, iv, aad);
            pMechanism = new CK_MECHANISM(PKCS11Constants.CKM_AES_GCM, params);
            
            pkcs11Module.C_EncryptInit(hSession, pMechanism, hKey);
          } catch (Exception ex) {
            ex.printStackTrace();
          }
        }
      ---------- END SOURCE ----------

      FREQUENCY : always


        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                valeriep Valerie Peng
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: