List of Ciphers supported by Bouncy Castle FIPS Java library?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

List of Ciphers supported by Bouncy Castle FIPS Java library?

Ansari, Junaid
Hi All,

Could anyone please let me know the list of Ciphers supported by Bouncy Castle FIPS Java library? Is there any definitive list which Bouncy Castle FIPS Provider supports?

Bouncy Castle FIPS Provider is being started in approved mode, but I am still seeing the below error while using the Cipher list below (both short and longer form). 

11-Apr-2017 23:01:30.060 SEVERE [http-nio-8043-exec-2] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun 
 org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt to create key pair with unapproved RNG: EC

I am adding the Bouncy Castle to the top of security provider list in the servlet init().

P.S: Immediately after startup if access the page (in any of the browser Chrome/Firefox/IE it seems to work), now if I switch to any other browser and access the page it bombs with the above error. 
On an another machine the page doesn’t even comes up the first time and the above error is seen.

Shorter Cipher List (which is a subset of the longer list below)

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

 

 

Longer Cipher List

TLS_ECDHE_RSA_With_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_With_AES_256_GCM_SHA384,TLS_ECDHE_RSA_With_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_With_AES_256_CBC_SHA384,TLS_ECDHE_RSA_With_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_With_AES_256_CBC_SHA,

TLS_DHE_DSS_With_AES_256_GCM_SHA384,TLS_DHE_RSA_With_AES_256_GCM_SHA384,TLS_DHE_RSA_With_AES_256_CBC_SHA256,TLS_DHE_DSS_With_AES_256_CBC_SHA256,TLS_DHE_RSA_With_AES_256_CBC_SHA,TLS_DHE_DSS_With_AES_256_CBC_SHA,TLS_ECDH_RSA_With_AES_256_GCM_SHA384,

TLS_ECDH_ECDSA_With_AES_256_GCM_SHA384,TLS_ECDH_RSA_With_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_With_AES_256_CBC_SHA384,TLS_ECDH_RSA_With_AES_256_CBC_SHA,TLS_ECDH_ECDSA_With_AES_256_CBC_SHA,TLS_RSA_With_AES_256_GCM_SHA384,TLS_RSA_With_AES_256_CBC_SHA256,

TLS_RSA_With_AES_256_CBC_SHA,TLS_ECDHE_RSA_With_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_With_AES_128_GCM_SHA256,TLS_ECDHE_RSA_With_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_With_AES_128_CBC_SHA256,TLS_ECDHE_RSA_With_AES_128_CBC_SHA,

TLS_ECDHE_ECDSA_With_AES_128_CBC_SHA,TLS_DHE_DSS_With_AES_128_GCM_SHA256,TLS_DHE_RSA_With_AES_128_GCM_SHA256,TLS_DHE_RSA_With_AES_128_CBC_SHA256,TLS_DHE_DSS_With_AES_128_CBC_SHA256,TLS_DHE_RSA_With_AES_128_CBC_SHA,TLS_DHE_DSS_With_AES_128_CBC_SHA,

TLS_ECDH_RSA_With_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_With_AES_128_GCM_SHA256,TLS_ECDH_RSA_With_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_With_AES_128_CBC_SHA256,TLS_ECDH_RSA_With_AES_128_CBC_SHA,TLS_ECDH_ECDSA_With_AES_128_CBC_SHA,

TLS_RSA_With_AES_128_GCM_SHA256,TLS_RSA_With_AES_128_CBC_SHA256,TLS_RSA_With_AES_128_CBC_SHA,TLS_ECDHE_RSA_With_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_With_3DES_EDE_CBC_SHA,TLS_DHE_RSA_With_3DES_EDE_CBC_SHA,TLS_DHE_DSS_With_3DES_EDE_CBC_SHA,

TLS_ECDH_RSA_With_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_With_3DES_EDE_CBC_SHA,TLS_RSA_With_3DES_EDE_CBC_SHA



Thanks
Junaid
Reply | Threaded
Open this post in threaded view
|

Recall: List of Ciphers supported by Bouncy Castle FIPS Java library?

Ansari, Junaid
Ansari, Junaid would like to recall the message, "List of Ciphers supported by Bouncy Castle FIPS Java library?".
Reply | Threaded
Open this post in threaded view
|

List of Ciphers supported by Bouncy Castle FIPS Java library?

Ansari, Junaid
In reply to this post by Ansari, Junaid

Hi All,

 

Could anyone please let me know the list of Ciphers supported by Bouncy Castle FIPS Java library? Is there any definitive list which Bouncy Castle FIPS Provider supports?

 

Bouncy Castle FIPS Provider is being started in approved mode, but I am still seeing the below error while using the Cipher list below (both short and longer form). 

 

11-Apr-2017 23:01:30.060 SEVERE [http-nio-8043-exec-2] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun 

 org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt to create key pair with unapproved RNG: EC

 

I am adding the Bouncy Castle to the top of security provider list in the servlet init().

 

P.S: Immediately after startup if access the page (in any of the browser Chrome/Firefox/IE it seems to work), now if I switch to any other browser and access the page it bombs with the above error. 

On an another machine the page doesn’t even comes up the first time and the above error is seen.

Shorter Cipher List (which is a subset of the longer list below)

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Longer Cipher List

TLS_ECDHE_RSA_With_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_With_AES_256_GCM_SHA384,TLS_ECDHE_RSA_With_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_With_AES_256_CBC_SHA384,TLS_ECDHE_RSA_With_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_With_AES_256_CBC_SHA,

TLS_DHE_DSS_With_AES_256_GCM_SHA384,TLS_DHE_RSA_With_AES_256_GCM_SHA384,TLS_DHE_RSA_With_AES_256_CBC_SHA256,TLS_DHE_DSS_With_AES_256_CBC_SHA256,TLS_DHE_RSA_With_AES_256_CBC_SHA,TLS_DHE_DSS_With_AES_256_CBC_SHA,TLS_ECDH_RSA_With_AES_256_GCM_SHA384,

TLS_ECDH_ECDSA_With_AES_256_GCM_SHA384,TLS_ECDH_RSA_With_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_With_AES_256_CBC_SHA384,TLS_ECDH_RSA_With_AES_256_CBC_SHA,TLS_ECDH_ECDSA_With_AES_256_CBC_SHA,TLS_RSA_With_AES_256_GCM_SHA384,TLS_RSA_With_AES_256_CBC_SHA256,

TLS_RSA_With_AES_256_CBC_SHA,TLS_ECDHE_RSA_With_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_With_AES_128_GCM_SHA256,TLS_ECDHE_RSA_With_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_With_AES_128_CBC_SHA256,TLS_ECDHE_RSA_With_AES_128_CBC_SHA,

TLS_ECDHE_ECDSA_With_AES_128_CBC_SHA,TLS_DHE_DSS_With_AES_128_GCM_SHA256,TLS_DHE_RSA_With_AES_128_GCM_SHA256,TLS_DHE_RSA_With_AES_128_CBC_SHA256,TLS_DHE_DSS_With_AES_128_CBC_SHA256,TLS_DHE_RSA_With_AES_128_CBC_SHA,TLS_DHE_DSS_With_AES_128_CBC_SHA,

TLS_ECDH_RSA_With_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_With_AES_128_GCM_SHA256,TLS_ECDH_RSA_With_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_With_AES_128_CBC_SHA256,TLS_ECDH_RSA_With_AES_128_CBC_SHA,TLS_ECDH_ECDSA_With_AES_128_CBC_SHA,

TLS_RSA_With_AES_128_GCM_SHA256,TLS_RSA_With_AES_128_CBC_SHA256,TLS_RSA_With_AES_128_CBC_SHA,TLS_ECDHE_RSA_With_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_With_3DES_EDE_CBC_SHA,TLS_DHE_RSA_With_3DES_EDE_CBC_SHA,TLS_DHE_DSS_With_3DES_EDE_CBC_SHA,

TLS_ECDH_RSA_With_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_With_3DES_EDE_CBC_SHA,TLS_RSA_With_3DES_EDE_CBC_SHA

Thanks

Junaid

Reply | Threaded
Open this post in threaded view
|

Re: List of Ciphers supported by Bouncy Castle FIPS Java library?

Peter Dettman-3
Hi Junaid,

On 12/04/2017 12:50 AM, Ansari, Junaid wrote:
> Could anyone please let me know the list of Ciphers supported by Bouncy
> Castle FIPS Java library? Is there any definitive list which Bouncy
> Castle FIPS Provider supports?

The "Ciphers" you list are actually TLS cipher suites. The list of
supported cipher suites will depend on your TLS implementation, which I
assume here is SunJSSE (or are you using BCJSSE?), but also on which
underlying crypto algorithms are supported by other providers.

e.g. SunJSSE supports ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, but it relies
on crypto providers to implement ECDH, ECDSA, AES/CBC/PKCS7, SHA256 (and
to support the particular elliptic curve for EC algs).

At least all the cipher suites in your "Shorter Cipher List" should be
supported by SunJSSE (or BCSSE) and BCFIPS supports all the crypto
algorithms those cipher suites use.


> Bouncy Castle FIPS Provider is being started in approved mode, but I am
> still seeing the below error while using the Cipher list below (both
> short and longer form).
>
> *11-Apr-2017 23:01:30.060 SEVERE [http-nio-8043-exec-2]
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun *
>
> * org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt to
> create key pair with unapproved RNG: EC*

It might be quite useful if you could give the full stack trace of this
exception. It's clear that the exception has nothing to do with the
cipher (suite). I assume an ECDHE_* key exchange has been negotiated and
the server is trying to generate an ephemeral EC keypair, but the
SecureRandom that was passed to (I assume) KeyPairGenerator.getInstance
was not created by the BCFIPS provider. In approved mode, BCFIPS has to
be sure the SecureRandom instance is FIPS-approved, and the only way to
do that is for BCFIPS to create the SecureRandom itself.

If you can give the full stack trace, it might help us track down where
the SecureRandom was actually created.


> I am adding the Bouncy Castle to the top of security provider list in
> the servlet init().

Probably that is a bad place (as in too late) to add the provider.
Possibly an SSLContext and/or SSLEngine is created for your SSL-enabled
Tomcat connector before Servlet.init is even called. BCFIPS probably
needs to already be added before any JSSE code runs.

Is there a reason why you can not install the BCFIPS provider in
jre/lib/ext of your JRE/JDK (and add provider entry in java.security file)?


> P.S: Immediately after startup if access the page (in any of the browser
> Chrome/Firefox/IE it seems to work), now if I switch to any other
> browser and access the page it bombs with the above error.
>
> On an another machine the page doesn’t even comes up the first time and
> the above error is seen.

It seems possible that you are seeing caching of the page in the case
where it appears to work the first time. Maybe try using wget or similar
tool that will not cache, or fallback, etc.

Anyway, please post the stack trace and we'll investigate.

Regards,
Pete Dettman


Reply | Threaded
Open this post in threaded view
|

RE: List of Ciphers supported by Bouncy Castle FIPS Java library?

Ansari, Junaid
Thanks, Pete.

Here's the complete stacktrace...

INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 5405 ms
SEVERE [http-nio-8043-exec-3] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
 org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt to create key pair with unapproved RNG: EC
        at org.bouncycastle.crypto.fips.Utils.validateRandom(Utils.java:132)
        at org.bouncycastle.crypto.fips.Utils.validateKeyPairGenRandom(Utils.java:144)
        at org.bouncycastle.crypto.fips.FipsEC$KeyPairGenerator.<init>(FipsEC.java:510)
        at org.bouncycastle.jcajce.provider.ProvEC$ECKeyPairGenerator.initialize(ProvEC.java:956)
        at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63)
        at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1405)
        at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1203)
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1024)
        at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:739)
        at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
        at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:285)
        at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:343)
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:192)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1534)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

> Probably that is a bad place (as in too late) to add the provider.
> Possibly an SSLContext and/or SSLEngine is created for your SSL-enabled Tomcat connector before Servlet.init is even called. BCFIPS probably needs to already be added before any JSSE code runs.

> Is there a reason why you can not install the BCFIPS provider in jre/lib/ext of your JRE/JDK (and add provider entry in java.security file)?
Our application can be configured to run both in FIPS & non-FIPS Mode. So, we prefer modifying the security provider list dynamically. That's the reason we want to add the FIPS Provider in servlet init()

> The list of supported cipher suites will depend on your TLS implementation, which I assume here is SunJSSE (or are you using BCJSSE?)
We aren't using BCSSE.

> It seems possible that you are seeing caching of the page in the case where it appears to work the first time. Maybe try using wget or similar tool that will not cache, or fallback, etc.
Unfortunately, it's not cache issue. I tried in incognito mode too.

• We tried to run JSSE in FIPS mode by using the JSSE Provider constructor [again in servlet init()] … new com.sun.net.ssl.internal.ssl.Provider(“BCFIPS”) but faced the below

“java.security.ProviderException: SunJSSE already initialized in non-FIPS mode”

• Overcame the above error, by modifying java.security file manually as below…

security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
security.provider.2=com.sun.net.ssl.internal.ssl.Provider BCFIPS
security.provider.3=sun.security.provider.Sun

        Isn’t is possible to do the same programmatically. Our application can be configured to run both in FIPS & non-FIPS Mode. So, we prefer modifying the security provider list dynamically.

• After the above change we ran into the below error.

“13-Apr-2017 01:29:38.396 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["http-nio-8043"]
 java.security.KeyStoreException: FIPS mode: KeyStore must be from provider BCFIPS”

Looking the "User Guide" it says… “When using the JSSE in FIPS mode you will probably also find it requires the server and client private keys to be coming from a key store supported by the BCFIPS provider. Use the BCFKS for the key store format.”

• We converted the key store from JKS format to BCFKS and ran into the next issue…

“FIPS SecureRandom security strength not as high as required for operation”

• Overcame the above issue by setting the secure random as below…

org.bouncycastle.crypto.CryptoServicesRegistrar.setSecureRandom(FipsDRBG.SHA512_HMAC.fromEntropySource(new BasicEntropySourceProvider(SecureRandom.getInstance("SHA1PRNG"), true)).build(null, true));


Ideally, we would like to add the FIPS Provider dynamically using APIs rather than modifying security provider list in “java.security”. Is it feasible?

Thanks
Junaid


-----Original Message-----
From: Peter Dettman [mailto:[hidden email]]
Sent: Wednesday, April 12, 2017 1:39 AM
To: [hidden email]
Subject: Re: [dev-crypto] List of Ciphers supported by Bouncy Castle FIPS Java library?

Hi Junaid,

On 12/04/2017 12:50 AM, Ansari, Junaid wrote:
> Could anyone please let me know the list of Ciphers supported by
> Bouncy Castle FIPS Java library? Is there any definitive list which
> Bouncy Castle FIPS Provider supports?

The "Ciphers" you list are actually TLS cipher suites. The list of supported cipher suites will depend on your TLS implementation, which I assume here is SunJSSE (or are you using BCJSSE?), but also on which underlying crypto algorithms are supported by other providers.

e.g. SunJSSE supports ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, but it relies on crypto providers to implement ECDH, ECDSA, AES/CBC/PKCS7, SHA256 (and to support the particular elliptic curve for EC algs).

At least all the cipher suites in your "Shorter Cipher List" should be supported by SunJSSE (or BCSSE) and BCFIPS supports all the crypto algorithms those cipher suites use.


> Bouncy Castle FIPS Provider is being started in approved mode, but I
> am still seeing the below error while using the Cipher list below
> (both short and longer form).
>
> *11-Apr-2017 23:01:30.060 SEVERE [http-nio-8043-exec-2]
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun *
>
> * org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt
> to create key pair with unapproved RNG: EC*

It might be quite useful if you could give the full stack trace of this exception. It's clear that the exception has nothing to do with the cipher (suite). I assume an ECDHE_* key exchange has been negotiated and the server is trying to generate an ephemeral EC keypair, but the SecureRandom that was passed to (I assume) KeyPairGenerator.getInstance was not created by the BCFIPS provider. In approved mode, BCFIPS has to be sure the SecureRandom instance is FIPS-approved, and the only way to do that is for BCFIPS to create the SecureRandom itself.

If you can give the full stack trace, it might help us track down where the SecureRandom was actually created.


> I am adding the Bouncy Castle to the top of security provider list in
> the servlet init().

Probably that is a bad place (as in too late) to add the provider.
Possibly an SSLContext and/or SSLEngine is created for your SSL-enabled Tomcat connector before Servlet.init is even called. BCFIPS probably needs to already be added before any JSSE code runs.

Is there a reason why you can not install the BCFIPS provider in jre/lib/ext of your JRE/JDK (and add provider entry in java.security file)?


> P.S: Immediately after startup if access the page (in any of the
> browser Chrome/Firefox/IE it seems to work), now if I switch to any
> other browser and access the page it bombs with the above error.
>
> On an another machine the page doesn’t even comes up the first time
> and the above error is seen.

It seems possible that you are seeing caching of the page in the case where it appears to work the first time. Maybe try using wget or similar tool that will not cache, or fallback, etc.

Anyway, please post the stack trace and we'll investigate.

Regards,
Pete Dettman


Reply | Threaded
Open this post in threaded view
|

RE: List of Ciphers supported by Bouncy Castle FIPS Java library?

Eckenfels. Bernd
You can do it programmatically, but you need to do it before the server starts up. If you don't modify the server source you can wrap the main() method or use a premain() agent. (Or a custom connector). Tomcat might even have a hook tomcat might accept a FIPS extension patch or they already have a startup extension, I don't know.

--
http://www.seeburger.com
________________________________________
From: Ansari, Junaid [[hidden email]]
Sent: Wednesday, April 12, 2017 22:27
To: [hidden email]; [hidden email]
Subject: RE: [dev-crypto] List of Ciphers supported by Bouncy Castle FIPS Java library?

Thanks, Pete.

Here's the complete stacktrace...

INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 5405 ms
SEVERE [http-nio-8043-exec-3] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
 org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt to create key pair with unapproved RNG: EC
        at org.bouncycastle.crypto.fips.Utils.validateRandom(Utils.java:132)
        at org.bouncycastle.crypto.fips.Utils.validateKeyPairGenRandom(Utils.java:144)
        at org.bouncycastle.crypto.fips.FipsEC$KeyPairGenerator.<init>(FipsEC.java:510)
        at org.bouncycastle.jcajce.provider.ProvEC$ECKeyPairGenerator.initialize(ProvEC.java:956)
        at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:63)
        at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1405)
        at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1203)
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1024)
        at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:739)
        at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
        at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:285)
        at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:343)
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:192)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1534)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

> Probably that is a bad place (as in too late) to add the provider.
> Possibly an SSLContext and/or SSLEngine is created for your SSL-enabled Tomcat connector before Servlet.init is even called. BCFIPS probably needs to already be added before any JSSE code runs.

> Is there a reason why you can not install the BCFIPS provider in jre/lib/ext of your JRE/JDK (and add provider entry in java.security file)?
Our application can be configured to run both in FIPS & non-FIPS Mode. So, we prefer modifying the security provider list dynamically. That's the reason we want to add the FIPS Provider in servlet init()

> The list of supported cipher suites will depend on your TLS implementation, which I assume here is SunJSSE (or are you using BCJSSE?)
We aren't using BCSSE.

> It seems possible that you are seeing caching of the page in the case where it appears to work the first time. Maybe try using wget or similar tool that will not cache, or fallback, etc.
Unfortunately, it's not cache issue. I tried in incognito mode too.

•       We tried to run JSSE in FIPS mode by using the JSSE Provider constructor [again in servlet init()] … new com.sun.net.ssl.internal.ssl.Provider(“BCFIPS”) but faced the below

“java.security.ProviderException: SunJSSE already initialized in non-FIPS mode”

•       Overcame the above error, by modifying java.security file manually as below…

security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
security.provider.2=com.sun.net.ssl.internal.ssl.Provider BCFIPS
security.provider.3=sun.security.provider.Sun

        Isn’t is possible to do the same programmatically. Our application can be configured to run both in FIPS & non-FIPS Mode. So, we prefer modifying the security provider list dynamically.

•       After the above change we ran into the below error.

“13-Apr-2017 01:29:38.396 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["http-nio-8043"]
 java.security.KeyStoreException: FIPS mode: KeyStore must be from provider BCFIPS”

Looking the "User Guide" it says… “When using the JSSE in FIPS mode you will probably also find it requires the server and client private keys to be coming from a key store supported by the BCFIPS provider. Use the BCFKS for the key store format.”

•       We converted the key store from JKS format to BCFKS and ran into the next issue…

“FIPS SecureRandom security strength not as high as required for operation”

•       Overcame the above issue by setting the secure random as below…

org.bouncycastle.crypto.CryptoServicesRegistrar.setSecureRandom(FipsDRBG.SHA512_HMAC.fromEntropySource(new BasicEntropySourceProvider(SecureRandom.getInstance("SHA1PRNG"), true)).build(null, true));


Ideally, we would like to add the FIPS Provider dynamically using APIs rather than modifying security provider list in “java.security”. Is it feasible?

Thanks
Junaid


-----Original Message-----
From: Peter Dettman [mailto:[hidden email]]
Sent: Wednesday, April 12, 2017 1:39 AM
To: [hidden email]
Subject: Re: [dev-crypto] List of Ciphers supported by Bouncy Castle FIPS Java library?

Hi Junaid,

On 12/04/2017 12:50 AM, Ansari, Junaid wrote:
> Could anyone please let me know the list of Ciphers supported by
> Bouncy Castle FIPS Java library? Is there any definitive list which
> Bouncy Castle FIPS Provider supports?

The "Ciphers" you list are actually TLS cipher suites. The list of supported cipher suites will depend on your TLS implementation, which I assume here is SunJSSE (or are you using BCJSSE?), but also on which underlying crypto algorithms are supported by other providers.

e.g. SunJSSE supports ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, but it relies on crypto providers to implement ECDH, ECDSA, AES/CBC/PKCS7, SHA256 (and to support the particular elliptic curve for EC algs).

At least all the cipher suites in your "Shorter Cipher List" should be supported by SunJSSE (or BCSSE) and BCFIPS supports all the crypto algorithms those cipher suites use.


> Bouncy Castle FIPS Provider is being started in approved mode, but I
> am still seeing the below error while using the Cipher list below
> (both short and longer form).
>
> *11-Apr-2017 23:01:30.060 SEVERE [http-nio-8043-exec-2]
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun *
>
> * org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt
> to create key pair with unapproved RNG: EC*

It might be quite useful if you could give the full stack trace of this exception. It's clear that the exception has nothing to do with the cipher (suite). I assume an ECDHE_* key exchange has been negotiated and the server is trying to generate an ephemeral EC keypair, but the SecureRandom that was passed to (I assume) KeyPairGenerator.getInstance was not created by the BCFIPS provider. In approved mode, BCFIPS has to be sure the SecureRandom instance is FIPS-approved, and the only way to do that is for BCFIPS to create the SecureRandom itself.

If you can give the full stack trace, it might help us track down where the SecureRandom was actually created.


> I am adding the Bouncy Castle to the top of security provider list in
> the servlet init().

Probably that is a bad place (as in too late) to add the provider.
Possibly an SSLContext and/or SSLEngine is created for your SSL-enabled Tomcat connector before Servlet.init is even called. BCFIPS probably needs to already be added before any JSSE code runs.

Is there a reason why you can not install the BCFIPS provider in jre/lib/ext of your JRE/JDK (and add provider entry in java.security file)?


> P.S: Immediately after startup if access the page (in any of the
> browser Chrome/Firefox/IE it seems to work), now if I switch to any
> other browser and access the page it bombs with the above error.
>
> On an another machine the page doesn’t even comes up the first time
> and the above error is seen.

It seems possible that you are seeing caching of the page in the case where it appears to work the first time. Maybe try using wget or similar tool that will not cache, or fallback, etc.

Anyway, please post the stack trace and we'll investigate.

Regards,
Pete Dettman










SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1
D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de               Registergericht/Commercial Register:
e-mail: [hidden email]               HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.


This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.