JDK-8325254 : CKA_TOKEN private and secret keys are not necessarily sensitive
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 17,21,23
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2024-02-05
  • Updated: 2024-04-02
  • Resolved: 2024-02-06
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 21 JDK 23
17.0.12Fixed 21.0.3Fixed 23 b09Fixed
Related Reports
Relates :  
JDK-8326942 - [17u] Backout "8325254: CKA_TOKEN private and secret keys are not necessarily sensitive"
Relates :  
JDK-8271566 - DSA signature length value is not accurate in P11Signature
Description
JDK-8271566 introduced a change in how sensitive PKCS #11 keys are identified. In addition to CKA_SENSITIVE = TRUE and CKA_EXTRACTABLE = FALSE, CKA_TOKEN = TRUE is used as a sufficient indicator of a private key being opaque. This change was motivated by the NSS Software Token but is non-standard and does not represent all PKCS #11 tokens.

For a token that has a private key with attributes CKA_TOKEN = TRUE, CKA_SENSITIVE = FALSE and CKA_EXTRACTABLE = TRUE, JDK-8271566 introduced an observable —and unintended— API change in KeyStore::getKey: a key object implementing the PrivateKey interface is returned (instance of P11RSAPrivateKeyInternal/P11DSAPrivateKeyInternal/Etc.) when one implementing the public interface RSAPrivateKey/DSAPrivateKey/Etc. should have been returned (instance of P11RSAPrivateKey/P11DSAPrivateKey/Etc).

The NSS Software Token considers private and secret keys with CKA_TOKEN = TRUE as sensitive, regardless of the CKA_SENSITIVE and CKA_EXTRACTABLE attributes. See NSC_GetAttributeValue [1], nsc_GetTokenAttributeValue [2]  and sftk_isSensitive [3]. When keys have CKA_TOKEN = FALSE, CKA_SENSITIVE has to be TRUE for a private or secret key to be sensitive. See here [4] and here [5].

Update: the token where the regression was observed uses the ICSF PKCS #11 library.

--
[1] - https://github.com/nss-dev/nss/blob/NSS_3_90_RTM/lib/softoken/pkcs11.c#L4838
[2] - https://github.com/nss-dev/nss/blob/NSS_3_90_RTM/lib/softoken/pkcs11.c#L4789
[3] -  https://github.com/nss-dev/nss/blob/NSS_3_90_RTM/lib/softoken/pkcs11u.c#L802
[4] - https://github.com/nss-dev/nss/blob/NSS_3_90_RTM/lib/softoken/pkcs11.c#L4864
[5] - https://github.com/nss-dev/nss/blob/NSS_3_90_RTM/lib/softoken/pkcs11.c#L4867
Comments
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2299 Date: 2024-03-14 20:05:23 +0000
14-03-2024
[jdk17u-fix-request] Approval Request from Martin Balao Alonso 17u is affected by this bug because it has 8271566 that introduced it. Risk is minimal.
26-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2223 Date: 2024-02-23 07:48:59 +0000
23-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21u-dev/pull/283 Date: 2024-02-22 17:33:00 +0000
22-02-2024
[jdk21u-fix-request] Approval Request from Martin Balao Alonso 21u is affected by this bug because it has 8271566 that introduced it. Risk is minimal.
22-02-2024
Changeset: 0f5f3c9b Author: Martin Balao <mbalao@openjdk.org> Date: 2024-02-06 19:49:30 +0000 URL: https://git.openjdk.org/jdk/commit/0f5f3c9b9718c610406088327401210486447462
06-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/17712 Date: 2024-02-05 18:23:30 +0000
05-02-2024