JDK-8229243 : SunPKCS11-Solaris provider tests failing on Solaris 11.4
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 7u291,8u211,11.0.4-oracle,14
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris_11
  • CPU: generic
  • Submitted: 2019-08-07
  • Updated: 2023-12-12
  • Resolved: 2019-10-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 14 JDK 8 Other
11.0.6-oracleFixed 13.0.8Fixed 14 b18Fixed 8u241Fixed openjdk8u312Fixed
Related Reports
Duplicate :  
JDK-8226650 - PKCS11.C_EncryptInit does not forward the CK_GCM_PARAMS correctly
Relates :  
JDK-8261433 - Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
Relates :  
JDK-8080462 - Update SunPKCS11 provider with PKCS11 v2.40 support
Relates :  
JDK-8236897 - Fix the copyright header for pkcs11gcm2.h
Description
Newer versions of Solaris 11 seem to offer functionality at pkcs11 level which allows for extra pkcs11 testing. 

e.g. on Solaris 11.3, the following message is displayed:
====
Beginning test run TestKATForGCM...
Running test with provider SunPKCS11-Solaris (security manager disabled) ...
Skip testing SunPKCS11-Solaris, no support for AES/GCM/NoPadding
Completed test with provider SunPKCS11-Solaris (262 ms).
====

On Solaris 11.4, the SunPKCS11-Solaris provider is not skipped:
e.g.
====
Beginning test run TestKATForGCM...
Running test with provider SunPKCS11-Solaris (security manager disabled) ...
Failed Test Vector: key=11754cd72aec309bf52f7687212e8957, iv=3c819d9a9bed087615030b65, pt=null,aad=null, ct=null, tag=250327c674aaf477aef2675748cf6971
====

On Solaris 11.4, the following tests seem to fail : 
sun/security/pkcs11/Cipher/ReinitCipher.java 
sun/security/pkcs11/Cipher/Test4512704.java 
sun/security/pkcs11/Cipher/TestCICOWithGCM.java 
sun/security/pkcs11/Cipher/TestCICOWithGCMAndAAD.java 
sun/security/pkcs11/Cipher/TestGCMKeyAndIvCheck.java 
sun/security/pkcs11/Cipher/TestKATForGCM.java 
sun/security/pkcs11/Cipher/TestSymmCiphers.java 
sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java 
sun/security/pkcs11/Mac/MacSameTest.java 
sun/security/pkcs11/MessageDigest/ByteBuffers.java 
sun/security/pkcs11/ec/ReadCertificates.java 

Errors such as following are seen:

----------System.err:(611/41794)----------
java.security.InvalidKeyException: Could not initialize cipher
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11AEADCipher.implInit(P11AEADCipher.java:327)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11AEADCipher.engineInit(P11AEADCipher.java:247)
	at java.base/javax.crypto.Cipher.init(Cipher.java:1445)
	at java.base/javax.crypto.Cipher.init(Cipher.java:1378)
	at TestKATForGCM.execute(TestKATForGCM.java:261)
	at TestKATForGCM.main(TestKATForGCM.java:318)
	at PKCS11Test.premain(PKCS11Test.java:183)
	at PKCS11Test.testDefault(PKCS11Test.java:270)
	at PKCS11Test.main(PKCS11Test.java:218)
	at TestKATForGCM.main(TestKATForGCM.java:303)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:567)
	at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:298)
	at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_MECHANISM_PARAM_INVALID
	at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_EncryptInit(Native Method)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11AEADCipher.initialize(P11AEADCipher.java:394)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11AEADCipher.implInit(P11AEADCipher.java:325)
	... 15 more

Backports of PKCS11 v2.40 would also be impacted.
Comments
Fix request (8u): Request for backport for parity with Oracle and support Solaris 11.4 Review at https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-June/013988.html
09-06-2021
Fix request (13u) Request to backport for parity with 11u, applies cleanly.
17-05-2021
Fix request (11u): Requesting backport of this item for Oracle 11.0.6 parity. It is a necessary follow up after JDK-8080462. Patch applies cleanly, no regressions observed.
11-11-2019
URL: https://hg.openjdk.java.net/jdk/jdk/rev/2faeaa5933a6 User: valeriep Date: 2019-10-08 00:02:18 +0000
08-10-2019
Based on Solaris documentation, brainpool curves seems unsupported, i.e. not reported by "pktool genkeypair listcurves" command. Both Solaris 11.3 and Solaris 11.4 output same set of ECC curves for this command (see below): Supported ECC curve names: secp112r1, secp112r2, secp128r1, secp128r2, secp160k1 secp160r1, secp160r2, secp192k1, secp192r1, secp224k1 secp224r1, secp256k1, secp256r1, secp384r1, secp521r1 sect113r1, sect113r2, sect131r1, sect131r2, sect163k1 sect163r1, sect163r2, sect193r1, sect193r2, sect233k1 sect233r1, sect239k1, sect283k1, sect283r1, sect409k1 sect409r1, sect571k1, sect571r1, c2pnb163v1, c2pnb163v2 c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3 c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1 c2pnb304w1, c2tnb359v1, c2pnb368w1, c2tnb431r1, prime192v2 prime192v3 Different behavior is observed when using brainpool curves, calls of PKCS#11 C_GenerateKeyPair would lead to CKR_BUFFER_TOO_SMALL error code (Solaris 11.3) vs SIGSEGV or SIGBUS error (Solaris 11.4). Based on PKCS#11 v2.40, the flags field inside EC mechanism info MUST indicate which kind of field and type of parameters it uses (see table 29 in sec 2.3 of mech spec). But Solaris PKCS11 EC impl does NOT set these required additional info nor does it fail with CKR_CURVE_NOT_SUPPORTED error code as PKCS#11 v2.40 says the impl "should". For robustness, we may have to consider disabling EC related services of PKCS11-Solaris provider if we don't have a good way to work around the crash.
23-08-2019
+1 for disabling EC related services in PKCS11-Solaris provider. Can we open a bug into the Solaris team also ?
21-08-2019
Note that the test failures are due to different root causes and not all of them are address under this bug id: 1) Solaris 11.4 added AES GCM support (and the inconsistent params struct definition as stated above). In addition, all-0 IVs are rejected as invalid parameters. 2) Solaris 11.4 marked some mechanisms as legacy and no longer fully supported, e.g. CKM_RC4 can only be used for decryption (but not encryption). See JDK-8176837 3) Solaris 11.4 added support for SHA512_224 and SHA512_256 digest and mac. this exposes a bug in the P11Digest and P11Mac classes of SunPKCS11 provider In addition to above, there is also some difference in EC, when running ReadCertificates.java, SIGBUS or SIGSEGV crash are observed when calling SunPKCS11 EC KeyPairGenerator with brainpool curves, e.g. brainpoolP160r1.
16-08-2019
No new regression test necessary as this is found by running existing regression tests under test/jdk/sun/security/pkcs11/Cipher on Solaris 11.4 where Solaris CKM_AES_GCM support is added.
15-08-2019
Solaris PKCS11 uses the GCM parameter structure from the standard header files instead of the one specified in the mechanism specification as NSS. The former has an extra field which leads to memory faults as existing SunPKCS11 provider uses the same structure as NSS for GCM parameter structure.
15-08-2019
There are inconsistency between the header file and the standard itself: The mechanism specification for GCM (see below) does not have the ulIvBits field: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html#_Toc441850509 CK_GCM_PARAMS is a structure that provides the parameters to the CKM_AES_GCM mechanism. It is defined as follows: typedef struct CK_GCM_PARAMS { CK_BYTE_PTR pIv; CK_ULONG ulIvLen; CK_BYTE_PTR pAAD; CK_ULONG ulAADLen; CK_ULONG ulTagBits; } CK_GCM_PARAMS;
12-08-2019
FYI - as per https://github.com/Pkcs11Interop/Pkcs11Interop/issues/126, the header file is deemed to be the normative spec. Therefore, I think the JDK should include the "ulIvBits" field. That will bring other interoperability issues with software stacks that don't have this field in the CK_GCM_PARAMS structure though. hmmm.
12-08-2019
Current JDK representation of struct CK_GCM_PARAMS src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11t.h 1833 typedef struct CK_GCM_PARAMS { 1834 CK_BYTE_PTR pIv; 1835 CK_ULONG ulIvLen; 1836 CK_BYTE_PTR pAAD; 1837 CK_ULONG ulAADLen; 1838 CK_ULONG ulTagBits; 1839 } CK_GCM_PARAMS; However in Solaris 11.4 I see : /usr/include/security/pkcs11t.h typedef struct CK_GCM_PARAMS { CK_BYTE_PTR pIv; CK_ULONG ulIvLen; CK_ULONG ulIvBits; CK_BYTE_PTR pAAD; CK_ULONG ulAADLen; CK_ULONG ulTagBits; } CK_GCM_PARAMS; I'll check what an Solaris 11.3 box lookslike.
09-08-2019