Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8271566

DSA signature length value is not accurate in P11Signature

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 18
    • Component/s: security-libs
    • Labels:
      None

      Backports

        Description

        In DSA signatures, the length of 'q' (CKA_SUBPRIME) does not derive from the length of 'p' (CKA_PRIME). Even when some tuples are common (as seen in OpenJDK for example [1]), they are an implementation-dependent assumption. I've seen for example 'p' values of 2048 with 'q' of 256, instead of 2048 with 224.

        The length of a DSA signature is the length of 'q' * 2. Thus, this [2] and this [3] does not look good to me (in the latter case assuming a CKM_DSA_SHA1 or similar DSA-based mechanism). Even when we can say 'larger does not harm', here [4] it does not hold true if we use a 256 'q'. Furthermore, with an accurate value we can avoid passing '0' here [5] and having 2 C_SignFinal native calls with 1 extra buffer allocation in the heap.

        In my view, we should use an accurate value for the signature length in DSA, and we already have an API to get it from the actual key [6] (which translates to a PKCS#11 call to get the CKA_SUBPRIME attribute from a key). This API works even when the key is CKA_SENSITIVE = true (the value retrieved is not sensitive).

        --
        [1] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/java.base/share/classes/sun/security/provider/ParameterCache.java#L89
        [2] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L301
        [3] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L303
        [4] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L827
        [5] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L621
        [6] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java#L773

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                mbalao Martin Balao
                Reporter:
                mbalao Martin Balao
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: