PKCS#11 provider issues with min and max size
Valerie Peng
valerie.peng at oracle.com
Thu Feb 1 00:07:22 UTC 2018
Thanks for the feedback. I suppose we can ignore values which obviously
don't make sense such as 0 or max being less than min key size.
However, if the underlying PKCS11 library vendors forgot to update the
max value as in your comment#2, supposedly they should fix it.
I am not too keen to add an env var/system property to accommodate this
kind of PKCS11 library bugs since this should be rare I hope.
Valerie
On 1/30/2018 12:22 AM, Tomas Gustavsson wrote:
> Hi,
>
> At some revision in the PKCS#11 provider there was introduced checking
> of C_GetMechanismInfo min and max sizes.
>
> This has turned out to be a bit fragile. Let me give two real world
> examples:
>
> 1. Amazon Cloud HSM report minSize and maxSize for EC keys to 0. The
> Java PKCS#11 provider will happily take 0 as maxSize and refuse to
> generate any EC keys at all. Needless to say, without the Java check it
> would be no problem.
>
> 131: C_GetMechanismInfo
> 2018-01-30 07:52:20.740
> [in] slotID = 0x1
> CKM_EC_KEY_PAIR_GEN
> [out] pInfo:
> CKM_EC_KEY_PAIR_GEN : min:0 max:0 flags:0x10001 ( Hardware
> KeyPair )
> Returned: 0 CKR_OK
>
> (we are reporting this to Amazon as well)
>
> 2. Thales HSMs (some?) report maxSize for RSA_PKCS key generation as
> 4096, but will happily generate 8192 bit keys. I.e. the reported maxSize
> is not true.
> We have customers who used to generate 8192 bit RSA keys, but after a
> Java update can not do so anymore, because Java compares against this value.
>
>
> * Suggestions:
>
> 1. In the constructor of P11KeyPairGenerator where minKeyLen and
> maxKeyLen are calculated, never allow maxKeyLen to be less than minKeyLen.
>
> I.e. change the part:
> // auto-adjust default keysize in case it's out-of-range
> if ((minKeyLen != -1) && (keySize < minKeyLen)) {
> keySize = minKeyLen;
> }
> if ((maxKeyLen != -1) && (keySize > maxKeyLen)) {
> keySize = maxKeyLen;
> }
>
> To include something like:
> // auto-adjust default keysize in case it's out-of-range
> if ((minKeyLen != -1) && (keySize < minKeyLen)) {
> keySize = minKeyLen;
> }
> if ((maxKeyLen != -1) && (maxKeyLen < minKeyLen)) {
> maxKeyLen = minKeyLen;
> }
> if ((maxKeyLen != -1) && (keySize > maxKeyLen)) {
> keySize = maxKeyLen;
> }
>
> 2. Allow to ignore checking of maxKeyLen by some means, i.e. allow to
> ignore checking against C_GetMechanismInfo if you know that the HSM does
> not provide sane values. I.e. an environment variable for example
> reverting back to the old behavior when these were ignored.
>
> Regards,
> Tomas Gustavsson
>
More information about the security-dev
mailing list