-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8328556: Do not extract large CKO_SECRET_KEY keys from the NSS Software Token #18389
Conversation
👋 Welcome back mbalao! A progress list of the required criteria for merging this PR into |
@martinuy This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 76 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
Webrevs
|
Would it be possible to add a regression test for this? I think you should be able to trigger a failure by calculating a HMAC using the same key two times. |
May be possible. To create a large secret key we can use a DH derivation + TLS pre-master generation trick as shown in the TestLargeKeys.java reproducer that I attached to JDK-8328556. Other attempts to create a large secret key may fail due to NSS checks. Then we would need to configure the NSS Software Token in FIPS mode. This is currently not supported by the PKCS11Test library, so we would need to extend it. Notice that there is currently one FIPS standalone test (FipsModeTLS12.java) but the right approach would be to do refactoring in PKCS11Test. The reason why FIPS mode is necessary is because, otherwise, the mechanism for rebuilding keys in the token would be C_CreateObject instead of C_UnwrapKey. Actually, it's not FIPS mode strictly what we need but keys with CKA_SENSITIVE = CK_TRUE. Perhaps we can modify the NSS configuration to set this attribute, but that would be a shortcut and the use case is better represented by FIPS mode. If there is interest in supporting FIPS scenarios, I can do this work. I didn't go this far in my proposal because this bug, in my view, is not very likely to be hit —as far as I know, it haven't been for years since the introduction of JDK-6913047— and the fix is trivial. |
Update: I found that an existing PKCS11Test configuration (p11-nss-sensitive.txt) sets CKA_SENSITIVE to CK_TRUE for secret keys. Combining this with the DH large secret key derivation trick led to a viable reproducer without having to introduce a FIPS configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding the test, the proposed changes look good to me.
/integrate |
Going to push as commit 13cf070.
Your commit was automatically rebased without conflicts. |
Hi,
I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY keys from the NSS Software Token". See more details in the JBS ticket [1].
No regressions observed in jdk/sun/security/pkcs11.
Thanks,
Martin.-
--
[1] - https://bugs.openjdk.org/browse/JDK-8328556
Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/18389/head:pull/18389
$ git checkout pull/18389
Update a local copy of the PR:
$ git checkout pull/18389
$ git pull https://git.openjdk.org/jdk.git pull/18389/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 18389
View PR using the GUI difftool:
$ git pr show -t 18389
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/18389.diff
Webrev
Link to Webrev Comment