United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6763530 Cannot decode PublicKey (Provider SunPKCS11, curve prime256v1)
JDK-6763530 : Cannot decode PublicKey (Provider SunPKCS11, curve prime256v1)

Details
Type:
Bug
Submit Date:
2008-10-24
Status:
Resolved
Updated Date:
2011-12-05
Project Name:
JDK
Resolved Date:
2010-02-16
Component:
security-libs
OS:
generic,solaris_10,windows_xp
Sub-Component:
java.security
CPU:
x86,sparc,generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
6u10,6u18,7
Fixed Versions:

Related Reports
Backport:
Backport:
Backport:
Backport:
Backport:
Duplicate:

Sub Tasks

Description
FULL PRODUCT VERSION :
java version "1.6.0_10"
Java(TM) SE Runtime Environment (build 1.6.0_10-b33)
Java HotSpot(TM) Client VM (build 11.0-b15, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

EXTRA RELEVANT SYSTEM CONFIGURATION :
PKCS#11 library interface version 2.01
                            flags 0
                   manufacturerID "nCipher Corp. Ltd"
               libraryDescription "nCipher PKCS#11 1.58.48"
           implementation version 1.58

A DESCRIPTION OF THE PROBLEM :
A public key from a key pair, generated with SunPKCS11 provider and nCipher (elliptic curve key with curve e.g. prime256v1) could not encode with publicKey.getEncoded()

nCipher returns DER encoded key correct (debug output):

2008-10-17 15:30:32 [4048] t3700: pkcs11: 000008CB <    CKA_EC_POINT
  pAtt->pValue= 67 bytes
    04410438 70a3889c eb8aca99 5cca05b2 7667ccaa 8f272e0c 7a535af5 79d31993
    8f962902 dbd859d7 24d6f1c1 b870654b 8faf41f2 41202134 7b59fc72 2a681023
                                                                      5ab4e6

2008-10-17 15:30:32 [4048] t3700: pkcs11: 000008CB <    CKA_EC_PARAMS
  pAtt->pValue= 10 bytes
                                                      06082a86 48ce3d03 0107




STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Generate a ec key pair with SunPKCS11 provider.
Get the public key.
Try getEncoded.



EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The DER encoded public ec key
ACTUAL -
java.lang.RuntimeException

ERROR MESSAGES/STACK TRACES THAT OCCUR :
java.lang.RuntimeException: Could not parse key values
	at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:1005)
	at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1015)
	at sun.security.pkcs11.P11Key.getEncoded(P11Key.java:109)
	at Test.run(Test.java:45)
	at Test.main(Test.java:52)
Caused by: java.io.IOException: Point does not match field size
	at sun.security.ec.ECParameters.decodePoint(ECParameters.java:75)
	at sun.security.pkcs11.P11ECKeyFactory.decodePoint(P11ECKeyFactory.java:61)
	at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:1002)
	... 4 more


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.PrintStream;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;

import sun.security.pkcs11.SunPKCS11;


public class Test {
    
    private Test(){
      ByteArrayOutputStream   byteStream  = new ByteArrayOutputStream();
      PrintStream ps = new PrintStream(byteStream);
      ps.println("name = nCipher");
      ps.println("library = c:/nfast/toolkits/pkcs11/cknfast.dll");
 
      ps.println("attributes = compatibility");
      ps.println("slotListIndex = 0"); // nCipher module slot
      
      ps.println("attributes(*, CKO_PRIVATE_KEY, *) = {");
      ps.println("  CKA_DERIVE = false");
      ps.println("  CKA_SENSITIVE = true");
      ps.println("  CKA_EXTRACTABLE = false");
      ps.println("  CKA_TOKEN = true");
      ps.println("}");
      
      ps.println("attributes(*, CKO_PUBLIC_KEY, *) = {");
      ps.println("  CKA_TOKEN = true");
      ps.println("}");
      
      InputStream config = new ByteArrayInputStream(byteStream.toByteArray());
      Provider pkcs11Provider = new SunPKCS11(config);
      Security.addProvider(pkcs11Provider);
        
    }
    
    private void run() throws Exception{
        KeyPairGenerator asymKeyGen = KeyPairGenerator.getInstance("EC", "SunPKCS11-nCipher");
        asymKeyGen.initialize(new ECGenParameterSpec("1.2.840.10045.3.1.7"));
        byte[] encodedPublicKey = asymKeyGen.genKeyPair().getPublic().getEncoded();
        // ...

    }
    
    public static void main(String [] args) {
        try {
            (new Test()).run();
        }catch (Throwable e){
            e.printStackTrace();
            System.exit(1);
        }
        System.exit(0);
    }
}
---------- END SOURCE ----------

                                    

Comments
EVALUATION

Apply the supplied patch.
                                     
2010-01-22



Hardware and Software, Engineered to Work Together