RFR: 8271566: DSA signature length value is not accurate in P11Signature [v2]
Valerie Peng
valeriep at openjdk.java.net
Wed Aug 18 01:33:29 UTC 2021
On Fri, 13 Aug 2021 17:11:45 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> As described in JDK-8271566 [1], this patch proposal is intended to fix a problem that arises when using DSA keys that have a 256-bits (or larger) G parameter for signatures (either signing or verifying). There were some incorrect assumptions and hard-coded length values in the code before. Please note that, for example, the tuple (2048, 256) for DSA is valid according to FIPS PUB 186-4.
>>
>> Beyond the specific issues in signatures, I decided to provide a broader solution and enable key parameter retrieval for other key types (EC, DH) when possible. This is, when the key is not sensitive. One thing that I should note here is that token keys (those that have the CKA_TOKEN attribute equal to 'true') are considered sensitive in this regard, at least by the NSS Software Token implementation. I don't have access to other vendor implementations but if there is any concern, we can adjust the constraint to NSS-only. However, I'm not sure which use-case would require to get private keys out of a real token, weakening its security. I'd be more conservative here and not query the values if not sure that it will succeed.
>>
>> No regressions found in jdk/sun/security/pkcs11. A new test added: LargerDSAKey.
>>
>> --
>> [1] - https://bugs.openjdk.java.net/browse/JDK-8271566
>
> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>
> P11Key static inner classes refactorings.
I agree with the new class hierarchy and see the merits. But need to think more about this new Fetcher way of doing things. It seems that the Fetcher is the real key class where there is the common logic (sensitive, isPrivate, etc.) and you just cover it up with different wrapper classes which seems algorithm specific but yet do not contain any algorithm specific fields and the logic is all inside the corresponding Fetcher. In addition, there seems to be some duplicated code in retrieving the attributes in RSA*Fetcher vs P11Key.fetchAttributes(). Will try a few things before sharing my review comments. Thanks. Valerie
-------------
PR: https://git.openjdk.java.net/jdk/pull/4961
More information about the security-dev
mailing list