Skip to content

Commit

Permalink
8325254: CKA_TOKEN private and secret keys are not necessarily sensitive
Browse files Browse the repository at this point in the history
Reviewed-by: mbalao
Backport-of: 0f5f3c9b9718c610406088327401210486447462
  • Loading branch information
franferrax authored and martinuy committed Apr 2, 2024
1 parent 7ced722 commit d29fe03
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -261,10 +261,8 @@ protected void engineSetPadding(String padding)
// no native padding support; use our own padding impl
paddingObj = new PKCS5Padding(blockSize);
padBuffer = new byte[blockSize];
char[] tokenLabel = token.tokenInfo.label;
// NSS requires block-sized updates in multi-part operations.
reqBlockUpdates = ((tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
&& tokenLabel[2] == 'S') ? true : false);
reqBlockUpdates = P11Util.isNSS(token);
}
} else {
throw new NoSuchPaddingException("Unsupported padding " + padding);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -139,9 +139,7 @@ abstract class P11Key implements Key, Length {
this.tokenObject = tokenObject;
this.sensitive = sensitive;
this.extractable = extractable;
char[] tokenLabel = this.token.tokenInfo.label;
isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
&& tokenLabel[2] == 'S');
isNSS = P11Util.isNSS(this.token);
boolean extractKeyInfo = (!DISABLE_NATIVE_KEYS_EXTRACTION && isNSS &&
extractable && !tokenObject);
this.keyIDHolder = new NativeKeyHolder(this, keyID, session,
Expand Down Expand Up @@ -395,8 +393,9 @@ static PrivateKey privateKey(Session session, long keyID, String algorithm,
new CK_ATTRIBUTE(CKA_EXTRACTABLE),
});

boolean keySensitive = (attrs[0].getBoolean() ||
attrs[1].getBoolean() || !attrs[2].getBoolean());
boolean keySensitive =
(attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
attrs[1].getBoolean() || !attrs[2].getBoolean();

switch (algorithm) {
case "RSA":
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,15 @@ private P11Util() {
// empty
}

static boolean isNSS(Token token) {
char[] tokenLabel = token.tokenInfo.label;
if (tokenLabel != null && tokenLabel.length >= 3) {
return (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
&& tokenLabel[2] == 'S');
}
return false;
}

static Provider getSunProvider() {
Provider p = sun;
if (p == null) {
Expand Down

1 comment on commit d29fe03

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.