JDK-8343498 : SunPKCS11 provider checks on PKCS11 Mechanism are problematic
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Priority: P3
  • Status: Provisional
  • Resolution: Unresolved
  • Fix Versions: 8-pool,11-pool,17-pool,21-pool
  • Submitted: 2024-11-03
  • Updated: 2024-11-04
Related Reports
CSR :  
JDK-8337403 - SunPKCS11 provider checks on PKCS11 Mechanism are problematic
Relates :  
JDK-8329300 - SunPKCS11 provider checks on PKCS11 Mechanism are problematic
Description
Summary
-------

As some crypto algorithms become legacy (e.g. not strong enough for modern computers and thus being phased out), some PKCS11 library implementations may start limiting the usage for these algorithms. For example, for Cipher, only decryption is allowed but not encryption. This way, earlier encrypted data can be recovered but data won't be encrypted with legacy algorithm. Under https://bugs.openjdk.org/browse/JDK-8176837 , SunPKCS11 provider is updated to check and disable the legacy mechanisms. Further adjustment will be made to fine-tune the check and also provide a configuration attribute "allowLegacy" to disable the check if desired.

Note, this backport CSR is same as original CSR (JDK-8329300).

Problem
-------

Under the existing check for identifying legacy algorithms, an algorithm would be disabled if it supports decryption but not encryption, or if it supports verification but not signing. For example, an algorithm would be disabled if it supports decryption, signing, and verification but not encryption. The check should be fine-tuned to only disable the algorithm for Cipher crypto service but not Signature crypto service since both signing and verification are supported. In addition, once an algorithm is identified as legacy and disabled, there is no setting to enable them for the supported usage.

Solution
--------

Provide a "allowLegacy" configuration attribute in SunPKCS11 provider configuration file to allow applications to bypass the legacy check if needed. In addition, existing check will be updated to disable algorithms based on the registered crypto service. Using the earlier example of the algorithm supporting decryption, signing, and verification but not encryption, it will be disabled for Cipher crypto service but remain enabled for Signature crypto service.

Specification
-------------

Update the "SunPKCS11 Configuration" paragraph under the "PKCS#11 Reference Guide" section of "Security Developer's Guide" document with the new "allowLegacy" configuration attribute.

<table>
<tr>
<th>Attribute</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td>allowLegacy</td>
<td>Boolean value, default: false</td>
<td>For Cipher crypto service registrations, PKCS11 mechanisms supporting decryption but not encryption are considered legacy and will be disabled by default. Similarly, for Signature crypto service registrations, PKCS11 mechanisms supporting verification but not signing are considered legacy and will be disabled by default. If set to <code>true</code>, SunPKCS11 provider will not disable legacy mechanisms.</td>
</tr>
</table>
Comments
Moving to Provisional.
04-11-2024