RH2023467: Enable FIPS keys export v6

Co-Authored-By: Martin Balao <[email protected]>

Author: franferrax

src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java

@@ -65,10 +65,13 @@ public SunRsaSignEntries(Provider p) {
             attrs.put("SupportedKeyClasses",
                     "java.security.interfaces.RSAPublicKey" +
                     "|java.security.interfaces.RSAPrivateKey");
+        }
 
-            add(p, "KeyFactory", "RSA",
-                    "sun.security.rsa.RSAKeyFactory$Legacy",
-                    getAliases("PKCS1"), null);
+        add(p, "KeyFactory", "RSA",
+                "sun.security.rsa.RSAKeyFactory$Legacy",
+                getAliases("PKCS1"), null);
+
+        if (!systemFipsEnabled) {
             add(p, "KeyPairGenerator", "RSA",
                     "sun.security.rsa.RSAKeyPairGenerator$Legacy",
                     getAliases("PKCS1"), null);
@@ -98,9 +101,12 @@ public SunRsaSignEntries(Provider p) {
                    "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
             addA(p, "Signature", "SHA3-512withRSA",
                     "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
+        }
+
+        addA(p, "KeyFactory", "RSASSA-PSS",
+                "sun.security.rsa.RSAKeyFactory$PSS", attrs);
 
-            addA(p, "KeyFactory", "RSASSA-PSS",
-                    "sun.security.rsa.RSAKeyFactory$PSS", attrs);
+        if (!systemFipsEnabled) {
             addA(p, "KeyPairGenerator", "RSASSA-PSS",
                     "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
             addA(p, "Signature", "RSASSA-PSS",

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java

@@ -29,7 +29,7 @@
 import java.security.KeyFactory;
 import java.security.Provider;
 import java.security.Security;
-import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.RSAPrivateCrtKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.util.HashMap;
 import java.util.Map;
@@ -48,6 +48,8 @@
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 import static sun.security.pkcs11.wrapper.PKCS11Exception.*;
 import sun.security.pkcs11.wrapper.PKCS11Exception;
+import sun.security.rsa.RSAPrivateCrtKeyImpl;
+import sun.security.rsa.RSAUtil;
 import sun.security.rsa.RSAUtil.KeyType;
 import sun.security.util.Debug;
 import sun.security.util.ECUtil;
@@ -271,7 +273,8 @@ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attribu
     }
 
     static void exportKey(SunPKCS11 sunPKCS11, long hSession, long hObject,
-            long keyClass, CK_ATTRIBUTE[] attributes) throws PKCS11Exception {
+            long keyClass, long keyType, Map<Long, CK_ATTRIBUTE> sensitiveAttrs)
+            throws PKCS11Exception {
         Token token = sunPKCS11.getToken();
         if (debug != null) {
             debug.println("Private or Secret key will be exported in" +
@@ -316,60 +319,12 @@ static void exportKey(SunPKCS11 sunPKCS11, long hSession, long hObject,
                 exporterKeyLock.unlock();
             }
             if (keyClass == CKO_PRIVATE_KEY) {
-                long keyType = 0L;
-                for (CK_ATTRIBUTE attr : attributes) {
-                    if (attr.type == CKA_KEY_TYPE) {
-                        keyType = attr.getLong();
-                    }
-                }
-                if (keyType == CKK_RSA) {
-                    RSAPrivateKey rsaKey = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(
-                            sun.security.rsa.RSAUtil.KeyType.RSA,
-                            "PKCS#8",
-                            plainExportedKey);
-                    for (CK_ATTRIBUTE attr : attributes) {
-                        if (attr.type == CKA_MODULUS) {
-                            attr.pValue = rsaKey.getModulus().toByteArray();
-                        } else if (attr.type == CKA_PRIVATE_EXPONENT) {
-                            attr.pValue = rsaKey.getPrivateExponent().toByteArray();
-                        }
-                    }
-                } else if (keyType == CKK_DSA) {
-                    sun.security.provider.DSAPrivateKey dsaKey =
-                            new sun.security.provider.DSAPrivateKey(plainExportedKey);
-                    for (CK_ATTRIBUTE attr : attributes) {
-                        if (attr.type == CKA_VALUE) {
-                            attr.pValue = dsaKey.getX().toByteArray();
-                        } else if (attr.type == CKA_PRIME) {
-                            attr.pValue = dsaKey.getParams().getP().toByteArray();
-                        } else if (attr.type == CKA_SUBPRIME) {
-                            attr.pValue = dsaKey.getParams().getQ().toByteArray();
-                        } else if (attr.type == CKA_BASE) {
-                            attr.pValue = dsaKey.getParams().getG().toByteArray();
-                        }
-                    }
-                } else if (keyType == CKK_EC) {
-                    ECPrivateKey ecKey =
-                            ECUtil.decodePKCS8ECPrivateKey(plainExportedKey);
-                    for (CK_ATTRIBUTE attr : attributes) {
-                        if (attr.type == CKA_VALUE) {
-                            attr.pValue = ecKey.getS().toByteArray();
-                        } else if (attr.type == CKA_EC_PARAMS) {
-                            attr.pValue = sun.security.util.CurveDB.lookup(
-                                    ecKey.getParams()).getEncoded();
-                        }
-                    }
-                } else {
-                    throw new PKCS11Exception(CKR_GENERAL_ERROR,
-                            " fips key exporter");
-                }
+                exportPrivateKey(sensitiveAttrs, keyType, plainExportedKey);
             } else if (keyClass == CKO_SECRET_KEY) {
-                for (CK_ATTRIBUTE attr : attributes) {
-                    if (attr.type == CKA_VALUE) {
-                        attr.pValue = plainExportedKey;
-                        break;
-                    }
-                }
+                checkAttrs(sensitiveAttrs, "CKO_SECRET_KEY", CKA_VALUE);
+                // CKA_VALUE is guaranteed to be present, since sensitiveAttrs'
+                // size is greater than 0 and no invalid attributes exist
+                sensitiveAttrs.get(CKA_VALUE).pValue = plainExportedKey;
             } else {
                 throw new PKCS11Exception(CKR_GENERAL_ERROR,
                         " fips key exporter");
@@ -385,6 +340,76 @@ static void exportKey(SunPKCS11 sunPKCS11, long hSession, long hObject,
         }
     }
 
+    private static void exportPrivateKey(
+            Map<Long, CK_ATTRIBUTE> sensitiveAttrs, long keyType,
+            byte[] plainExportedKey) throws Throwable {
+        if (keyType == CKK_RSA) {
+            checkAttrs(sensitiveAttrs, "CKO_PRIVATE_KEY CKK_RSA",
+                    CKA_PRIVATE_EXPONENT, CKA_PRIME_1, CKA_PRIME_2,
+                    CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT);
+            RSAPrivateKey rsaPKey = RSAPrivateCrtKeyImpl.newKey(
+                    RSAUtil.KeyType.RSA, "PKCS#8", plainExportedKey
+            );
+            CK_ATTRIBUTE attr;
+            if ((attr = sensitiveAttrs.get(CKA_PRIVATE_EXPONENT)) != null) {
+                attr.pValue = rsaPKey.getPrivateExponent().toByteArray();
+            }
+            if (rsaPKey instanceof RSAPrivateCrtKey) {
+                RSAPrivateCrtKey rsaPCrtKey = (RSAPrivateCrtKey) rsaPKey;
+                if ((attr = sensitiveAttrs.get(CKA_PRIME_1)) != null) {
+                    attr.pValue = rsaPCrtKey.getPrimeP().toByteArray();
+                }
+                if ((attr = sensitiveAttrs.get(CKA_PRIME_2)) != null) {
+                    attr.pValue = rsaPCrtKey.getPrimeQ().toByteArray();
+                }
+                if ((attr = sensitiveAttrs.get(CKA_EXPONENT_1)) != null) {
+                    attr.pValue = rsaPCrtKey.getPrimeExponentP().toByteArray();
+                }
+                if ((attr = sensitiveAttrs.get(CKA_EXPONENT_2)) != null) {
+                    attr.pValue = rsaPCrtKey.getPrimeExponentQ().toByteArray();
+                }
+                if ((attr = sensitiveAttrs.get(CKA_COEFFICIENT)) != null) {
+                    attr.pValue = rsaPCrtKey.getCrtCoefficient().toByteArray();
+                }
+            } else {
+                checkAttrs(sensitiveAttrs, "CKO_PRIVATE_KEY CKK_RSA",
+                        CKA_PRIVATE_EXPONENT);
+            }
+        } else if (keyType == CKK_DSA) {
+            checkAttrs(sensitiveAttrs, "CKO_PRIVATE_KEY CKK_DSA", CKA_VALUE);
+            // CKA_VALUE is guaranteed to be present, since sensitiveAttrs'
+            // size is greater than 0 and no invalid attributes exist
+            sensitiveAttrs.get(CKA_VALUE).pValue =
+                    new sun.security.provider.DSAPrivateKey(plainExportedKey)
+                            .getX().toByteArray();
+        } else if (keyType == CKK_EC) {
+            checkAttrs(sensitiveAttrs, "CKO_PRIVATE_KEY CKK_EC", CKA_VALUE);
+            // CKA_VALUE is guaranteed to be present, since sensitiveAttrs'
+            // size is greater than 0 and no invalid attributes exist
+            sensitiveAttrs.get(CKA_VALUE).pValue =
+                    ECUtil.decodePKCS8ECPrivateKey(plainExportedKey)
+                            .getS().toByteArray();
+        } else {
+            throw new PKCS11Exception(CKR_GENERAL_ERROR,
+                    " unsupported CKO_PRIVATE_KEY key type: " + keyType);
+        }
+    }
+
+    private static void checkAttrs(Map<Long, CK_ATTRIBUTE> sensitiveAttrs,
+                                     String keyName, long... validAttrs)
+            throws PKCS11Exception {
+        int sensitiveAttrsCount = sensitiveAttrs.size();
+        if (sensitiveAttrsCount <= validAttrs.length) {
+            int validAttrsCount = 0;
+            for (long validAttr : validAttrs) {
+                if (sensitiveAttrs.containsKey(validAttr)) validAttrsCount++;
+            }
+            if (validAttrsCount == sensitiveAttrsCount) return;
+        }
+        throw new PKCS11Exception(CKR_GENERAL_ERROR,
+                " invalid attribute types for a " + keyName + " key object");
+    }
+
     private static void createImporterKey(Token token) {
         if (debug != null) {
             debug.println("Generating Importer Key...");

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java

@@ -384,7 +384,8 @@ static PrivateKey privateKey(Session session, long keyID, String algorithm,
             new CK_ATTRIBUTE(CKA_SENSITIVE),
             new CK_ATTRIBUTE(CKA_EXTRACTABLE),
         });
-        if (attributes[1].getBoolean() || (attributes[2].getBoolean() == false)) {
+        if (!plainKeySupportEnabled && (attributes[1].getBoolean() ||
+                (attributes[2].getBoolean() == false))) {
             return new P11PrivateKey
                 (session, keyID, algorithm, keyLength, attributes);
         } else {

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java

@@ -86,8 +86,8 @@ public final class SunPKCS11 extends AuthProvider {
                 fipsExportKeyTmp = MethodHandles.lookup().findStatic(
                         FIPSKeyImporter.class, "exportKey",
                         MethodType.methodType(void.class, SunPKCS11.class,
-                        long.class, long.class, long.class,
-                        CK_ATTRIBUTE[].class));
+                        long.class, long.class,
+                        long.class, long.class, Map.class));
             } catch (Throwable t) {
                 throw new SecurityException("FIPS key importer-exporter" +
                         " initialization failed", t);

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java

@@ -2053,96 +2053,41 @@ static void C_GetAttributeValue(MethodHandle hC_GetAttributeValue,
                 sensitiveAttrs, nonSensitiveAttrs);
         try {
             if (sensitiveAttrs.size() > 0) {
-                CK_ATTRIBUTE[] keyClsAttrs = new CK_ATTRIBUTE[] {
-                        new CK_ATTRIBUTE(CKA_CLASS)
-                };
-                hC_GetAttributeValue.invoke(hSession, hObject, keyClsAttrs);
-                long keyClass = keyClsAttrs[0].getLong();
+                long keyClass = -1L;
+                long keyType = -1L;
+                try {
+                    // Secret and private keys have both class and type
+                    // attributes, so we can query them at once.
+                    CK_ATTRIBUTE[] queryAttrs = new CK_ATTRIBUTE[]{
+                            new CK_ATTRIBUTE(CKA_CLASS),
+                            new CK_ATTRIBUTE(CKA_KEY_TYPE),
+                    };
+                    hC_GetAttributeValue.invoke(hSession, hObject, queryAttrs);
+                    keyClass = queryAttrs[0].getLong();
+                    keyType = queryAttrs[1].getLong();
+                } catch (PKCS11Exception e) {
+                    // If the query fails, the object is neither a secret nor a
+                    // private key. As this case won't be handled with the FIPS
+                    // Key Exporter, we keep keyClass initialized to -1L.
+                }
                 if (keyClass == CKO_SECRET_KEY || keyClass == CKO_PRIVATE_KEY) {
-                    if (keyClass == CKO_PRIVATE_KEY) {
-                        CK_ATTRIBUTE[] keyTypeAttrs = new CK_ATTRIBUTE[] {
-                                new CK_ATTRIBUTE(CKA_KEY_TYPE)
-                        };
-                        hC_GetAttributeValue.invoke(hSession, hObject, keyTypeAttrs);
-                        long keyType = keyTypeAttrs[0].getLong();
-                        if (keyType == CKK_RSA) {
-                            if (!(sensitiveAttrs.size() == 2 &&
-                                    sensitiveAttrs.containsKey(CKA_MODULUS) &&
-                                    sensitiveAttrs.containsKey(CKA_PRIVATE_EXPONENT))) {
-                                throw new PKCS11Exception(CKR_GENERAL_ERROR,
-                                        " cannot get attribute values from" +
-                                        " a CKO_PRIVATE_KEY key object");
-                            }
-                            CK_ATTRIBUTE[] rsaAttrs = new CK_ATTRIBUTE[]{
-                                    new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_RSA),
-                                    sensitiveAttrs.get(CKA_MODULUS),
-                                    sensitiveAttrs.get(CKA_PRIVATE_EXPONENT)
-                            };
-                            fipsKeyExporter.invoke(hSession, hObject, keyClass,
-                                    rsaAttrs);
-                        } else if (keyType == CKK_DSA) {
-                            if (!(sensitiveAttrs.size() == 4 &&
-                                    sensitiveAttrs.containsKey(CKA_VALUE) &&
-                                    sensitiveAttrs.containsKey(CKA_PRIME) &&
-                                    sensitiveAttrs.containsKey(CKA_SUBPRIME) &&
-                                    sensitiveAttrs.containsKey(CKA_BASE))) {
-                                throw new PKCS11Exception(CKR_GENERAL_ERROR,
-                                        " cannot get attribute values from" +
-                                        " a CKO_PRIVATE_KEY key object");
-                            }
-                            CK_ATTRIBUTE[] dsaAttrs = new CK_ATTRIBUTE[]{
-                                    new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_DSA),
-                                    sensitiveAttrs.get(CKA_VALUE),
-                                    sensitiveAttrs.get(CKA_PRIME),
-                                    sensitiveAttrs.get(CKA_SUBPRIME),
-                                    sensitiveAttrs.get(CKA_BASE)
-                            };
-                            fipsKeyExporter.invoke(hSession, hObject, keyClass,
-                                    dsaAttrs);
-                        } else if (keyType == CKK_EC) {
-                            if (!(sensitiveAttrs.size() == 2 &&
-                                    sensitiveAttrs.containsKey(CKA_VALUE) &&
-                                    sensitiveAttrs.containsKey(CKA_EC_PARAMS))) {
-                                throw new PKCS11Exception(CKR_GENERAL_ERROR,
-                                        " cannot get attribute values from" +
-                                        " a CKO_PRIVATE_KEY key object");
-                            }
-                            CK_ATTRIBUTE[] ecAttrs = new CK_ATTRIBUTE[]{
-                                    new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_EC),
-                                    sensitiveAttrs.get(CKA_VALUE),
-                                    sensitiveAttrs.get(CKA_EC_PARAMS)
-                            };
-                            fipsKeyExporter.invoke(hSession, hObject, keyClass,
-                                    ecAttrs);
-                        } else {
-                            throw new PKCS11Exception(CKR_GENERAL_ERROR,
-                                    " cannot get attribute values from" +
-                                    " a CKO_PRIVATE_KEY key object");
-                        }
-                    } else if (keyClass == CKO_SECRET_KEY) {
-                        // If the key is a secret key, we can extract the
-                        // CKA_VALUE attribute with the FIPS Key Exporter.
-                        if (!sensitiveAttrs.containsKey(CKA_VALUE) ||
-                                sensitiveAttrs.size() > 1) {
-                            throw new PKCS11Exception(CKR_GENERAL_ERROR,
-                                    " cannot get attribute values from" +
-                                    " a CKO_SECRET_KEY key object");
-                        }
-                        CK_ATTRIBUTE[] keyValueAttrs = new CK_ATTRIBUTE[]{
-                                sensitiveAttrs.get(CKA_VALUE)
-                        };
-                        fipsKeyExporter.invoke(hSession, hObject, keyClass,
-                                keyValueAttrs);
-                    }
+                    fipsKeyExporter.invoke(hSession, hObject, keyClass, keyType,
+                            sensitiveAttrs);
                     if (nonSensitiveAttrs.size() > 0) {
                         CK_ATTRIBUTE[] pNonSensitiveAttrs =
                                 new CK_ATTRIBUTE[nonSensitiveAttrs.size()];
                         int i = 0;
-                        for (CK_ATTRIBUTE nonSensitiveAttr : nonSensitiveAttrs) {
-                            pNonSensitiveAttrs[i++] = nonSensitiveAttr;
+                        for (CK_ATTRIBUTE nonSensAttr : nonSensitiveAttrs) {
+                            pNonSensitiveAttrs[i++] = nonSensAttr;
                         }
                         hC_GetAttributeValue.invoke(hSession, hObject,
                                 pNonSensitiveAttrs);
+                        // libj2pkcs11 allocates new CK_ATTRIBUTE objects, so we
+                        // update the reference on the previous CK_ATTRIBUTEs
+                        i = 0;
+                        for (CK_ATTRIBUTE nonSensAttr : nonSensitiveAttrs) {
+                            nonSensAttr.pValue = pNonSensitiveAttrs[i++].pValue;
+                        }
                     }
                     return;
                 }
@@ -2161,12 +2106,11 @@ private static void getAttributesBySensitivity(CK_ATTRIBUTE[] pTemplate,
             List<CK_ATTRIBUTE> nonSensitiveAttrs) {
         for (CK_ATTRIBUTE attr : pTemplate) {
             long type = attr.type;
+            // Aligned with NSS' sftk_isSensitive in lib/softoken/pkcs11u.c
             if (type == CKA_VALUE || type == CKA_PRIVATE_EXPONENT ||
                     type == CKA_PRIME_1 || type == CKA_PRIME_2 ||
                     type == CKA_EXPONENT_1 || type == CKA_EXPONENT_2 ||
-                    type == CKA_COEFFICIENT || type == CKA_MODULUS ||
-                    type == CKA_PRIME || type == CKA_SUBPRIME ||
-                    type == CKA_BASE || type == CKA_EC_PARAMS) {
+                    type == CKA_COEFFICIENT) {
                 sensitiveAttrs.put(type, attr);
             } else {
                 nonSensitiveAttrs.add(attr);