search

corretto / amazon-corretto-crypto-provider

The Amazon Corretto Crypto Provider is a collection of high-performance cryptographic implementations exposed via standard JCA/JCE interfaces.
Apache License 2.0
238 stars 56 forks source link

Using correto ACCP with Bouncy castle for TLS in Fips mode issues #291

Closed chavdarch closed 1 year ago

chavdarch commented 1 year ago

Hi,

My company is trying to use ACCP for JCA/JCE and Bouncy Castle for TLS in Fips mode, but we are facing issues with the DH key exchange see https://github.com/bcgit/bc-java/issues/1369. It looks like BC don't like the FIPs secure random provided by ACCP and TLS connections are failing.

Do you have any example/recommendation on using ACCP in FIPs mode along with FIPs-enabled TLS(provided by Bouncy Castle)

geedo0 commented 1 year ago

Hi there, thanks for bringing this up. We made a change very recently which made the registration of an ACCP-backed SecureRandom configurable. For the FIPS build, we actually chose to default this to false which is exactly what you need in this case (i.e. BC-FIPS' TLS won't hit the ACCP provided RNG since it won't be there). Can you try pulling in the latest changes and letting us know if that works for you?

WillChilds-Klein commented 1 year ago

just as an observation, I noticed something odd in the linked ticket's stacktrace:

Caused by: org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt to create key pair with unapproved RNG: DH
    at org.bouncycastle.fips.core/org.bouncycastle.crypto.fips.Utils.validateRandom(Unknown Source)
    at org.bouncycastle.fips.core/org.bouncycastle.crypto.fips.Utils.validateKeyPairGenRandom(Unknown Source)
    at org.bouncycastle.fips.core/org.bouncycastle.crypto.fips.FipsDH$KeyPairGenerator.<init>(Unknown Source)

DH isn't the name of any SecureRandom algorithm provided by java nor by ACCP. according to the JCA docs DH is, however, the algorithm name returned by Key.getAlgorithm(). this makes me wonder if some wires are getting crossed somewhere in BC JCA or JSSE provider(s) such that a Key instance's algorithm is being used to request a particular flavor of SecureRandom algorithm (e.g. SHA1PRNG, NativePRNG, DEFAULT, ACCP's LibCryptoRng, etc.).

EDIT: official BC FIPS source code is hard to find online (there's no FIPS repo from the bc-git user), but there seems to be an unofficial mirror here. Searching around on the above exception, i found this bit of code that gets called with "Attempt to create key pair with unapproved RNG" as themessage` parameter:

    static void validateRandom(SecureRandom random, FipsAlgorithm algorithm, String message)
    {
        if (!(random instanceof FipsSecureRandom) && !(random.getProvider() instanceof BouncyCastleFipsProvider))
        {
            throw new FipsUnapprovedOperationError(message, algorithm);
        }
    }

BC FIPS does this when validating generated DH keys, so it seems pretty clear that without changes to BC FIPS, it won't work with ACCP's SecureRandom. @geedo0 's recommendation above of not registering ACCP's SecureRandom should unblock this particular issue.

chavdarch commented 1 year ago

Thank you so much! We will try your recommendations and post the results here.

chavdarch commented 1 year ago

We can confirm that your change has indeed fixed the problem for us. Thank you so much!

When do you think you will be able to make a release with that change?

WillChilds-Klein commented 1 year ago

Glad to hear that worked for you @chavdarch . We're putting together a release to Maven Central. Please keep an eye out here for 2.1.0

WillChilds-Klein commented 1 year ago

These changes were released in 2.1. Please re-open this issue if needed.