JDK-2205522 : PKCS11 should support "RSA" and "RSA/ECB/NoPadding" ciphers
  • Type: Backport
  • Backport of: JDK-6994008
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2011-01-24
  • Updated: 2011-05-25
  • Resolved: 2011-04-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7 b134Fixed
Description
JDK 5.0/Weblogic/Solaris 10 fails to use T2000 onboard crypto accelerator for SSL operations.
(The following description is from the duplicated bug 7015812)

In the default configuration, the WLS/BEA/certicom algorithm currently uses these algorithms, and these aren't recognized by SunPKCS11, and thus can't be hardware-accelerated.

From a discussion with Sean:

Since I'm not able to see their code...sigh...I'm taking some guesses as to what is happening here.

If they are using "RSA/ECB/NoPadding", the current PKCS11 impl does not support that.  SunPKCS11 currently only supports PKCS1Padding.  In the debug log you posted, there are two instances of "RSA", and two of "RSA/ECB/NoPadding".

In JSSE, when we are doing client certificate verification, we use Signature.getInstance("NONEwithRSA"), which is what I'm guessing they might be doing with their call to Cipher "RSA/ECB/NoPadding".

So, to use this with today's JDK, I think they (weblogic) would want to:

1)  specify "RSA/ECB/PKCS1Padding" where they were using "RSA".
2)  change their sig mechanism to use Signature "NONEwithRSA" instead of the Cipher "RSA/ECB/NoPadding".

If we want to look at adding these mechanisms into our PKCS11 provider:

We've already talked about adding "RSA" as an alias for "RSA/ECB/PKCS1Padding".

For "RSA/ECB/NoPadding", in looking at the code for our JCE RSA impl and the PKCS11 specification, it sure looks like CKM_RSA_X_509 would be the equivalent mechanism of "RSA/ECB/NoPadding" but I haven't tested to confirm.

According to the SunPKCS11 source:

 * RSA Cipher implementation class. We currently only support
 * PKCS#1 v1.5 padding on top of CKM_RSA_PKCS.

and

     // XXX RSA_X_509, RSA_OAEP not yet supported

I don't know if that means that it's not supported in the Solaris provider or just in our provider.  It's most likely the latter.  Either way, Valerie probably knows more about this.

If that's the case, then it shouldn't be too hard to implement, just adding some code in the PKCS11 provider and making the appropriate calls.
*** (#1 of 1): 2011-01-28 16:42:30 PST ###@###.###
Comments
EVALUATION Release note wording suggestion: SunPKCS11 provider now supports Raw RSA encryption, i.e. Cipher.getInstance("RSA/ECB/NoPadding") calls, when the underlying PKCS11 library supports CKM_RSA_X_509 mechanism. In addition, SunPKCS11 provider recognizes "RSA" as an alias for the "RSA/ECB/PKCS1Padding" transformation when requesting a Cipher object.
23-05-2011
EVALUATION We can support this by adding the RSA_X_509 mechanism support into SunPKCS11 and P11RSACipher classes.
24-02-2011
EVALUATION May want to consider adding "RSA" to the PKCS11 provider in JDK 7 (or later)?
24-01-2011