Skip to content

Commit

Permalink
8288985: P11TlsKeyMaterialGenerator should work with ChaCha20-Poly1305
Browse files Browse the repository at this point in the history 
Reviewed-by: valeriep
  • Loading branch information
@zzambers
zzambers authored and Valerie Peng committed Jun 29, 2022
1 parent ba670ec commit b6bd190
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -69,6 +69,7 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
addKeyType("AES", CKK_AES);
addKeyType("Blowfish", CKK_BLOWFISH);
addKeyType("ChaCha20", CKK_CHACHA20);
addKeyType("ChaCha20-Poly1305", CKK_CHACHA20);

// we don't implement RC2 or IDEA, but we want to be able to generate
// keys for those SSL/TLS ciphersuites.
Expand Down
94 changes: 94 additions & 0 deletions test/jdk/sun/security/pkcs11/tls/TestKeyMaterialChaCha20.java
View file
@@ -0,0 +1,94 @@
/*
* Copyright (c) 2022, Red Hat, Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* @test
* @bug 8288985
* @summary Tests that P11TlsKeyMaterialGenerator works with ChaCha20-Poly1305
* @library /test/lib ..
* @modules java.base/sun.security.internal.spec
* jdk.crypto.cryptoki
* @run main/othervm TestKeyMaterialChaCha20
*/

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.security.Provider;
import java.security.NoSuchAlgorithmException;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.internal.spec.TlsMasterSecretParameterSpec;
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;


public class TestKeyMaterialChaCha20 extends PKCS11Test {

public static void main(String[] args) throws Exception {
main(new TestKeyMaterialChaCha20(), args);
}

@Override
public void main(Provider provider) throws Exception {
KeyGenerator kg1, kg2, kg3;
try {
kg1 = KeyGenerator.getInstance("SunTlsRsaPremasterSecret", provider);
} catch (Exception e) {
System.out.println("Skipping, SunTlsRsaPremasterSecret KeyGenerator not supported");
return;
}
try {
kg2 = KeyGenerator.getInstance("SunTls12MasterSecret", provider);
} catch (Exception e) {
System.out.println("Skipping, SunTls12MasterSecret KeyGenerator not supported");
return;
}
try {
kg3 = KeyGenerator.getInstance("SunTls12KeyMaterial", provider);
} catch (Exception e) {
System.out.println("Skipping, SunTls12KeyMaterial KeyGenerator not supported");
return;
}

kg1.init(new TlsRsaPremasterSecretParameterSpec(0x0303, 0x0303));
SecretKey preMasterSecret = kg1.generateKey();

TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
preMasterSecret,
3, 3,
new byte[32],
new byte[32],
"SHA-256", 32, 64);
kg2.init(spec);
SecretKey masterSecret = kg2.generateKey();

TlsKeyMaterialParameterSpec params = new TlsKeyMaterialParameterSpec(
masterSecret, 3, 3,
new byte[32],
new byte[32],
"ChaCha20-Poly1305", 32, 32,
12, 0,
"SHA-256", 32, 64);
kg3.init(params);
kg3.generateKey();
}

}

3 comments on commit b6bd190

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

@gnu-andrew
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk17u-dev

@openjdk
Copy link

@openjdk openjdk bot commented on b6bd190 Jul 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gnu-andrew the backport was successfully created on the branch gnu-andrew-backport-b6bd190d in my personal fork of openjdk/jdk17u-dev. To create a pull request with this backport targeting openjdk/jdk17u-dev:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit b6bd190d from the openjdk/jdk repository.

The commit being backported was authored by Zdenek Zambersky on 29 Jun 2022 and was reviewed by Valerie Peng.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk17u-dev:

$ git fetch https://github.com/openjdk-bots/jdk17u-dev gnu-andrew-backport-b6bd190d:gnu-andrew-backport-b6bd190d
$ git checkout gnu-andrew-backport-b6bd190d
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk17u-dev gnu-andrew-backport-b6bd190d

Please sign in to comment.