RFR: 8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec [v4]
Valerie Peng
valeriep at openjdk.java.net
Tue Mar 23 01:03:40 UTC 2021
On Sat, 20 Mar 2021 19:24:45 GMT, SalusaSecondus <github.com+829871+SalusaSecondus at openjdk.org> wrote:
>> We seem to have a choice and I'm not sure the best way to approach this.
>>
>> 1. We trust the properties in `P11Key` and just ask it if the values are both sensitive and extractable. [1]
>> 2. But if we already trust P11Key, why not also trust that it properly implements the RSAPrivateKey interfaces [2]. This is the strategy used by the snippet I posted earlier (delegating to `implGetSoftwareFactory()`)
>> 3. We don't trust P11Key except to use getKeyId(), this yields the current design where we pull the attributes every time the factory needs them.
>>
>> We should probably reduce calls to `C_GetAttributeValue` as they may be very slow. At the least they cross the JNI boundary and at worst they interact with a slow piece of hardware (possibly over a network). The current design will have two calls in a worst case, but is likely to have only one call the vast majority of the time.
>>
>> [1] https://github.com/openjdk/jdk/blob/master/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java#L92
>> [2] https://github.com/openjdk/jdk/blob/master/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java#L375-L406
>
> P11PrivateKey is private so we cannot check that. Our options to figure out if something is sensitive are:
> 1. See if it doesn't implement `RSAPrivateKey` (this yields the prior snippet with `implGetSoftwareFactory()`)
> 2. Try to access the attributes directly from the token (this yields the current solution which we're modifying)
> 3. Check the value of `p11Key.extractable` (which is package-private and thus visible)
>
> The smallest change would be to keep our strategy as 2. While I like it the least (my favorite is number 1) it has the smallest risk of changing some undocumented behavior on a PKCS#11 device that we're unfamiliar with (and not testing because we may not have the hardware costing tens of thousands of dollars). Option 3 somewhat spits the difference between 1 and 2.
Or, how about changing the scope of P11PrivateKey/P11RSAPrivateKey/P11RSAPrivateNonCRTKey to pkg private? This way we can take advantage of the info implied by the type of class and avoid the potential double failure of querying the attributes.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2949
More information about the security-dev
mailing list