RFR: 8368694: PKCS11-NSS generic keys generated by DH have leading zeroes stripped
Valerie Peng
valeriep at openjdk.org
Wed Oct 8 02:23:05 UTC 2025
On Thu, 25 Sep 2025 16:28:25 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> The DiffieHellman KeyAgreement supports 2 key algorithms: TlsPremasterSecret and Generic. The Generic algorithm is supposed to generate keys of a constant length, keeping leading zeroes as appropriate.
>
> This PR changes the SunPKCS11 implementation to pass a CKA_VALUE_LEN attribute when a fixed length is needed; when the attribute is absent, the PKCS11 provider strips the leading zeroes.
>
> Added a check to the existing test cases to verify the fix. The check passes with the fix, fails without it. Other tier1-3 tests continue to pass.
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java line 335:
> 333: new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
> 334: new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
> 335: new CK_ATTRIBUTE(CKA_VALUE_LEN, secretLen),
How about attributes in another `xxxGenerateSecret(...)` method? Should we also add `CKA_VALUE_LEN` attribute with `secretLen` value there as well, i.e. line 200-203,
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27494#discussion_r2412341167
More information about the security-dev
mailing list