JDK-8229243 : SunPKCS11-Solaris provider tests failing on Solaris 11.4
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 8u211,11.0.4-oracle,14
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris_11
  • CPU: generic
  • Submitted: 2019-08-07
  • Updated: 2020-06-01
  • Resolved: 2019-10-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 14 JDK 8
11.0.6Fixed 14 b18Fixed 8u241Fixed
Related Reports
Relates :  
Relates :  
Relates :  
Newer versions of Solaris 11 seem to offer functionality at pkcs11 level which allows for extra pkcs11 testing. 

e.g. on Solaris 11.3, the following message is displayed:
Beginning test run TestKATForGCM...
Running test with provider SunPKCS11-Solaris (security manager disabled) ...
Skip testing SunPKCS11-Solaris, no support for AES/GCM/NoPadding
Completed test with provider SunPKCS11-Solaris (262 ms).

On Solaris 11.4, the SunPKCS11-Solaris provider is not skipped:
Beginning test run TestKATForGCM...
Running test with provider SunPKCS11-Solaris (security manager disabled) ...
Failed Test Vector: key=11754cd72aec309bf52f7687212e8957, iv=3c819d9a9bed087615030b65, pt=null,aad=null, ct=null, tag=250327c674aaf477aef2675748cf6971

On Solaris 11.4, the following tests seem to fail : 

Errors such as following are seen:

java.security.InvalidKeyException: Could not initialize cipher
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11AEADCipher.implInit(P11AEADCipher.java:327)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11AEADCipher.engineInit(P11AEADCipher.java:247)
	at java.base/javax.crypto.Cipher.init(Cipher.java:1445)
	at java.base/javax.crypto.Cipher.init(Cipher.java:1378)
	at TestKATForGCM.execute(TestKATForGCM.java:261)
	at TestKATForGCM.main(TestKATForGCM.java:318)
	at PKCS11Test.premain(PKCS11Test.java:183)
	at PKCS11Test.testDefault(PKCS11Test.java:270)
	at PKCS11Test.main(PKCS11Test.java:218)
	at TestKATForGCM.main(TestKATForGCM.java:303)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:567)
	at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:298)
	at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_MECHANISM_PARAM_INVALID
	at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_EncryptInit(Native Method)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11AEADCipher.initialize(P11AEADCipher.java:394)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11AEADCipher.implInit(P11AEADCipher.java:325)
	... 15 more

Backports of PKCS11 v2.40 would also be impacted.
Fix request (11u): Requesting backport of this item for Oracle 11.0.6 parity. It is a necessary follow up after JDK-8080462. Patch applies cleanly, no regressions observed.

URL: https://hg.openjdk.java.net/jdk/jdk/rev/2faeaa5933a6 User: valeriep Date: 2019-10-08 00:02:18 +0000

Based on Solaris documentation, brainpool curves seems unsupported, i.e. not reported by "pktool genkeypair listcurves" command. Both Solaris 11.3 and Solaris 11.4 output same set of ECC curves for this command (see below): Supported ECC curve names: secp112r1, secp112r2, secp128r1, secp128r2, secp160k1 secp160r1, secp160r2, secp192k1, secp192r1, secp224k1 secp224r1, secp256k1, secp256r1, secp384r1, secp521r1 sect113r1, sect113r2, sect131r1, sect131r2, sect163k1 sect163r1, sect163r2, sect193r1, sect193r2, sect233k1 sect233r1, sect239k1, sect283k1, sect283r1, sect409k1 sect409r1, sect571k1, sect571r1, c2pnb163v1, c2pnb163v2 c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3 c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1 c2pnb304w1, c2tnb359v1, c2pnb368w1, c2tnb431r1, prime192v2 prime192v3 Different behavior is observed when using brainpool curves, calls of PKCS#11 C_GenerateKeyPair would lead to CKR_BUFFER_TOO_SMALL error code (Solaris 11.3) vs SIGSEGV or SIGBUS error (Solaris 11.4). Based on PKCS#11 v2.40, the flags field inside EC mechanism info MUST indicate which kind of field and type of parameters it uses (see table 29 in sec 2.3 of mech spec). But Solaris PKCS11 EC impl does NOT set these required additional info nor does it fail with CKR_CURVE_NOT_SUPPORTED error code as PKCS#11 v2.40 says the impl "should". For robustness, we may have to consider disabling EC related services of PKCS11-Solaris provider if we don't have a good way to work around the crash.

+1 for disabling EC related services in PKCS11-Solaris provider. Can we open a bug into the Solaris team also ?

Note that the test failures are due to different root causes and not all of them are address under this bug id: 1) Solaris 11.4 added AES GCM support (and the inconsistent params struct definition as stated above). In addition, all-0 IVs are rejected as invalid parameters. 2) Solaris 11.4 marked some mechanisms as legacy and no longer fully supported, e.g. CKM_RC4 can only be used for decryption (but not encryption). See JDK-8176837 3) Solaris 11.4 added support for SHA512_224 and SHA512_256 digest and mac. this exposes a bug in the P11Digest and P11Mac classes of SunPKCS11 provider In addition to above, there is also some difference in EC, when running ReadCertificates.java, SIGBUS or SIGSEGV crash are observed when calling SunPKCS11 EC KeyPairGenerator with brainpool curves, e.g. brainpoolP160r1.

No new regression test necessary as this is found by running existing regression tests under test/jdk/sun/security/pkcs11/Cipher on Solaris 11.4 where Solaris CKM_AES_GCM support is added.

Solaris PKCS11 uses the GCM parameter structure from the standard header files instead of the one specified in the mechanism specification as NSS. The former has an extra field which leads to memory faults as existing SunPKCS11 provider uses the same structure as NSS for GCM parameter structure.

There are inconsistency between the header file and the standard itself: The mechanism specification for GCM (see below) does not have the ulIvBits field: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html#_Toc441850509 CK_GCM_PARAMS is a structure that provides the parameters to the CKM_AES_GCM mechanism. It is defined as follows: typedef struct CK_GCM_PARAMS { CK_BYTE_PTR pIv; CK_ULONG ulIvLen; CK_BYTE_PTR pAAD; CK_ULONG ulAADLen; CK_ULONG ulTagBits; } CK_GCM_PARAMS;

FYI - as per https://github.com/Pkcs11Interop/Pkcs11Interop/issues/126, the header file is deemed to be the normative spec. Therefore, I think the JDK should include the "ulIvBits" field. That will bring other interoperability issues with software stacks that don't have this field in the CK_GCM_PARAMS structure though. hmmm.

Current JDK representation of struct CK_GCM_PARAMS src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11t.h 1833 typedef struct CK_GCM_PARAMS { 1834 CK_BYTE_PTR pIv; 1835 CK_ULONG ulIvLen; 1836 CK_BYTE_PTR pAAD; 1837 CK_ULONG ulAADLen; 1838 CK_ULONG ulTagBits; 1839 } CK_GCM_PARAMS; However in Solaris 11.4 I see : /usr/include/security/pkcs11t.h typedef struct CK_GCM_PARAMS { CK_BYTE_PTR pIv; CK_ULONG ulIvLen; CK_ULONG ulIvBits; CK_BYTE_PTR pAAD; CK_ULONG ulAADLen; CK_ULONG ulTagBits; } CK_GCM_PARAMS; I'll check what an Solaris 11.3 box lookslike.