Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8271566

DSA signature length value is not accurate in P11Signature

XMLWordPrintable

        In DSA signatures, the length of 'q' (CKA_SUBPRIME) does not derive from the length of 'p' (CKA_PRIME). Even when some tuples are common (as seen in OpenJDK for example [1]), they are an implementation-dependent assumption. I've seen for example 'p' values of 2048 with 'q' of 256, instead of 2048 with 224.

        The length of a DSA signature is the length of 'q' * 2. Thus, this [2] and this [3] does not look good to me (in the latter case assuming a CKM_DSA_SHA1 or similar DSA-based mechanism). Even when we can say 'larger does not harm', here [4] it does not hold true if we use a 256 'q'. Furthermore, with an accurate value we can avoid passing '0' here [5] and having 2 C_SignFinal native calls with 1 extra buffer allocation in the heap.

        In my view, we should use an accurate value for the signature length in DSA, and we already have an API to get it from the actual key [6] (which translates to a PKCS#11 call to get the CKA_SUBPRIME attribute from a key). This API works even when the key is CKA_SENSITIVE = true (the value retrieved is not sensitive).

        --
        [1] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/java.base/share/classes/sun/security/provider/ParameterCache.java#L89
        [2] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L301
        [3] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L303
        [4] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L827
        [5] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java#L621
        [6] - https://github.com/openjdk/jdk/blob/a066c7bed0f9aa45fb9384f75ae84943548cd859/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java#L773

              mbalao Martin Balao Alonso
              mbalao Martin Balao Alonso
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: