Closed
Bug 946504
Opened 11 years ago
Closed 6 months ago
Incorrect key size ranges for SHA1withDSA signature implementation
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: valeriep, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20100101 Firefox/17.0 (Beta/Release) Build ID: 20130308103912 Steps to reproduce: While running my java app against NSS 3.15.3 release through JDK's PKCS11 provider, I noticed that the supported key size range for CKM_DSA_SHA1 is 512 to 3072 instead of the range of 512 to 1024. However, when I tried to use the signature w/ a 2048-bit DSA key pair, it only errors out with CKR_ARGUMENTS_BAD when signing/verification is performed. Simple test app: public void main(String[] argv) throws Exception { // ... generate DSA 2048-bit key pair KeyPair pair2048 = kpg.generateKeyPair(); Signature sig = Signature.getInstance("SHA1withDSA", "SunPKCS11-NSS"); try { sig.initSign(pair.getPrivate()); status = false; } catch (InvalidKeyException ike) { System.out.println("Expected IKE thrown for initSign()"); } } Actual results: Caused by: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:588) at java.security.Signature$Delegate.engineSign(Signature.java:1162) at java.security.Signature.sign(Signature.java:554) at TestDSAKeyLength.main(TestDSAKeyLength.java:65) ... 10 more Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD at sun.security.pkcs11.wrapper.PKCS11.C_SignFinal(Native Method) at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:550) ... 13 more Expected results: First of all, the supported key range for CKM_DSA_SHA1 should be 512 - 1024. Secondly, if keys outside the supported range is given during initialization call, it should have failed with with an error code such as CKR_KEY_SIZE_RANGE, etc.
Updated•2 years ago
|
Severity: normal → S3
Updated•6 months ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 6 months ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•