RFR: 8328556: Do not extract large CKO_SECRET_KEY keys from the NSS Software Token

[Martin Balao]

On Thu, 21 Mar 2024 06:32:56 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:

> Would it be possible to add a regression test for this? I think you should be able to trigger a failure by calculating a HMAC using the same key two times.

May be possible. To create a large secret key we can use a DH derivation + TLS pre-master generation trick as shown in the TestLargeKeys.java reproducer that I attached to JDK-8328556. Other attempts to create a large secret key may fail due to NSS checks. Then we would need to configure the NSS Software Token in FIPS mode. This is currently not supported by the PKCS11Test library, so we would need to extend it. Notice that there is currently one FIPS standalone test (FipsModeTLS12.java) but the right approach would be to do refactoring in PKCS11Test. The reason why FIPS mode is necessary is because, otherwise, the mechanism for rebuilding keys in the token would be C_CreateObject instead of C_UnwrapKey. Actually, it's not FIPS mode strictly what we need but keys with CKA_SENSITIVE = CK_TRUE. Perhaps we can modify the NSS configuration to set this attribute, but that would be a shortcut and the use case is better represented by FIPS mode. If there is interest in supporting FIPS scena
 rios, I can do this work. I didn't go this far in my proposal because this bug, in my view, is not very likely to be hit —as far as I know, it haven't been for years since the introduction of JDK-6913047— and the fix is trivial.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/18389#issuecomment-2012876315