JEP 115: AEAD CipherSuites

AuthorXuelei Fan
OwnerBradford Wetmore
TypeFeature
ScopeJDK
StatusClosed / Delivered
Release8
Componentsecurity-libs
Discussionsecurity dash dev at openjdk dot java dot net
EffortM
DurationM
Endorsed byBrian Goetz
Created2011/07/25 20:00
Updated2017/08/11 19:22
Issue8046105

Summary

Support the AEAD/GCM cipher suites defined by SP-800-380D, RFC 5116, RFC 5246, RFC 5288, RFC 5289 and RFC 5430.

Goals

  1. Implement the AEAD/GCM crypto algorithm in the JCA/JCE providers.

  2. Update JCA/JCE, to support AEAD operations.

  3. Implement AEAD/GCM based cipher suites in JSSE.

Motivation

As part of the U.S. National Security Agency's Suite B effort (modernization of the national crypto infrastructure), the JDK needs to support the Galois Counter Mode (GCM) cipher mode for ciphers like AES. GCM is also being used in some new TLS cipher suites. GCM mode will be required for sales into the U.S. Government, and to other customers that need modern crypto technologies.

For Suite B TLS compliance, GCM cipher suites are REQUIRED to be used whenever both the client and the server support the necessary cipher suites. In order to be Suite-B compliant, GCM ciphers need to be supported in the default JSSE provider.

Description

Java SE has already defined the AEAD/GCM interfaces in JDK 7. In JDK 8 the JCA/JCE providers will implement these AEAD/GCM interfaces. For PKCS#11 standard, GCM support is defined in PKCS#11 V2.30 specification which is still a draft. Thus, SunPKCS11 provider will not be enhanced to support GCM in JDK 8.

This feature will support the following cipher suites in the default JSSE implementation:

Note that in order to support the GCM AEAD cipher suites in JSSE, the GCM cipher implementation must be available from at least one of the JCA/JCE providers. Thus, as part of this JEP, SunJCE provider will be enhanced accordingly to provider the required GCM support for JSSE AEAD cipher suites.

Testing

  1. Need to verify that the new interfaces behave as expected.
  2. Need to verify that the implementation doesn't break backward compatibility in unexpected ways.
  3. Need to verify that the implementation doesn't bring new interoperability issues in unexpected ways.

Impact