JDK-6994008 : PKCS11 should support "RSA" and "RSA/ECB/NoPadding" ciphers
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: solaris_10u10,5.0u12,7
  • Priority: P2
  • Status: Closed
  • Resolution: Won't Fix
  • OS: generic,solaris_10
  • CPU: generic,sparc
  • Submitted: 2010-10-21
  • Updated: 2011-05-23
  • Resolved: 2011-04-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 5.0/Weblogic/Solaris 10 fails to use T2000 onboard crypto accelerator for SSL operations

customer uses kstat to verify use of ncp0 

bash-3.00# kstat -n ncp0 -s rsaprivate
module: ncp                             instance: 0   
name:   ncp0                            class:    misc
        rsaprivate                      35247
bash-3.00# kstat -n ncp0 -s rsaprivate
module: ncp                             instance: 0   
name:   ncp0                            class:    misc
        rsaprivate                      35247

The rsaprivate number does not increase over time while weblogic is doing ssl ops.

Customer has verified:

-that java.security file has pkcs11 provider listed first (default file settings, actually)

-that he's not using any java options to disable pkcs11 provider.

-there are crypto operations being performed by WLS

-that WLS is configured to listen and respond on secure port

<Aug 12, 2010 12:23:15 PM EDT> <Notice> <Server> <BEA-002613> <Channel "DefaultAdministration" is now listening on for protocols admin, ldaps, https.>
Customer has also verified that openSSL is offloading to the hw accelerator, by running `kstat -n ncp0 -s rsaprivate` and seeing the rsaprivate number increasing.

java.security and sunpkcs11-solaris.cfg files are attached along with weblogic log from a run with security debug flag set to all (also included are weblogic policy file and java options).  These are in initial_settings* tar file attached.

From these, it was noticed that 1) the settings in pkcs11 config file did not match the log, and 2) JCE provider was being used instead of PKCS provider. 

We verified with customer that the /tools/weblogic9/jdk1.5.0_12/jre/lib/security/sunpkcs11-solaris.cfg file was the same one he sent us.  However, an anomaly remains, as the initial debug log file reports:
DISABLED in configuration

But the sunpkcs11 config file does not have this mechanism in the disabled list.

For observation 2, we tried disabling JCE provider and seeing what happens, but per the attached noJCE* debug log, it looks like JCE provider is still being used.  

Additionally, customer has tried enabling and disabling various mechanisms according to documentation, such as these instructions from "Wire-speed Cryptography for Securing Oracle SOA & Java EE Applications on Solaris (Emphasis on using Sun Chip Multi-threading (CMT) systems)" by Chad Prucha, Solutions Engineer, and Ramesh Nagappan, Security Architect...

Option 2: SSL Acceleration for Weblogic
1.Setup SSL listener for your Weblogic Server instance
> Follow your Admin guide instructions for configuring SSL
> Install the SSL certificates
2.Enable cryptographic acceleration for Weblogic SSL by
editing JRE's SunPKCS11 provider configuration.
> SunPKCS#11 provider is a generic provider to utilize any PKCS11 provider
> The sunpkcs11 configuration file contains the attributes for accessing the
hardware accelerator.
? Located at <weblogic-java-home>/jre/lib/security/sunpkcs11-solaris.cfg
> Mechanisms/attributes supported by the underlying hardware accelerator can
be enabled or disabled at SunPKCS11 configuration file.
? Include the RSA mechanisms in disableMechanisms list of SunPKCS11 softoken.
? Helps to force those RSA mechanisms performed by NCP (Sun CMT accelerator)
3.Restart the Weblogic server instance.

Example: SunPKCS11 Provider configuration
Disabling Soft-token and enabling RSA mechanisms to use HW accelerator
name = Solaris
description = SunPKCS11 accessing Solaris Cryptographic Framework
library = /usr/lib/$ISA/libpkcs11.so
handleStartupErrors = ignoreAll
attributes = compatibility
disabledMechanisms = {

Customer disabled all the mechanisms in the example, but still does not see the Weblogic server using the hw accelerator.  Also, customer has enabled all mechanisms and that had no effect either.

EVALUATION Release note wording suggestion: SunPKCS11 provider now supports Raw RSA encryption, i.e. Cipher.getInstance("RSA/ECB/NoPadding") calls, when the underlying PKCS11 library supports CKM_RSA_X_509 mechanism. In addition, SunPKCS11 provider recognizes "RSA" as an alias for the "RSA/ECB/PKCS1Padding" transformation when requesting a Cipher object.

EVALUATION Since I'm not able to see the calling code...sigh...Sean/I had to instrument the JCA to get some info as to what is happening here. In the debug log Sean posted, there are instances of Cipher.getInstance with the arguments: "RSA" and "RSA/ECB/NoPadding". It appears as though there is a Certicom JSSE/SSL provider, and it wants to use the Ciphers "RSA" and "RSA/ECB/NoPadding" for SSL. These modes are currently unsupported in SunPKCS11, and thus the implementations fall back to SunJCE. "RSA/ECB/PKCS1Padding" is the only currently supported mode/padding in SunPKCS11. "RSA" defaults to platform-dependent modes/padding, so using "RSA" is very risky. In JSSE, when we are doing client certificate verification, we use Signature.getInstance("NONEwithRSA"), which is what I'm guessing they might be wanting to do with their call to Cipher "RSA/ECB/NoPadding". So, to use this with today's JDK, I think WLS/Certicom would want to: 1) specify "RSA/ECB/PKCS1Padding" where they were using "RSA". 2) change their sig mechanism to use Signature "NONEwithRSA" instead of the Cipher "RSA/ECB/NoPadding". How easy is it to change the Certicom code? P.S. I haven't confirmed, but switching to the SunJSSE SSL/TLS implementation should use the on-chip SSL accelerations.