On Mon, 2 Aug 2021 19:31:54 GMT, Martin Balao <mba...@openjdk.org> wrote:
> As described in JDK-8271566 [1], this patch proposal is intended to fix a > problem that arises when using DSA keys that have a 256-bits (or larger) G > parameter for signatures (either signing or verifying). There were some > incorrect assumptions and hard-coded length values in the code before. Please > note that, for example, the tuple (2048, 256) for DSA is valid according to > FIPS PUB 186-4. > > Beyond the specific issues in signatures, I decided to provide a broader > solution and enable key parameter retrieval for other key types (EC, DH) when > possible. This is, when the key is not sensitive. One thing that I should > note here is that token keys (those that have the CKA_TOKEN attribute equal > to 'true') are considered sensitive in this regard, at least by the NSS > Software Token implementation. I don't have access to other vendor > implementations but if there is any concern, we can adjust the constraint to > NSS-only. However, I'm not sure which use-case would require to get private > keys out of a real token, weakening its security. I'd be more conservative > here and not query the values if not sure that it will succeed. > > No regressions found in jdk/sun/security/pkcs11. A new test added: > LargerDSAKey. > > -- > [1] - https://bugs.openjdk.java.net/browse/JDK-8271566 Hmm, I ran more security regression tests against the proposed changes and had a second thought about this proposed P11Key change. When the underlying P11 DSA key is un-extractable and returned as a P11Key which implements DSAPrivateKey interface. With the proposed change, calling getX() upon this key object returns null which will lead to unexpected NPE. This is a serious problem. Same goes for other private keys, e.g. EC, DH. And not just the private value of these keys, but also the encodings may lead to NPE. Thus, for un-extractable keys, we will have to continue to return them as P11PrivateKey objects which does not implement any algorithm specific interface. ------------- PR: https://git.openjdk.java.net/jdk/pull/4961
