do sunpkcs11 supports CK_sensitive attribute for derived key using ECDH

1.2k views Asked by At

I am trying to generate a shared secret through ECDH using SUNpkcs11 with certain attributes:

CKA_TOKEN= false
CKA_SENSITIVE=true
CKA_EXTRACTABLE=true"
CKA_ENCRYPT=true"

While my base key has CKA_DERIVE, SENSITIVE etc set to true but while doing so error comes template inconsistent:

Performing ECDH key agreement
java.security.ProviderException: Could not derive key
    at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:144)
    at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586)

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE
    at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native Method)
    at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:139)

While the ECC keys are pre-generated using an HSM.

1

There are 1 answers

0
Neil Madden On BEST ANSWER

The SunPKCS11 P11ECDHKeyAgreement class always wants to return the bytes of the derived shared secret as the result of the generateSecret() method. In order to do this the derived secret must be marked as non-sensitive and extractable, otherwise the HSM will refuse to reveal the raw bytes. This is what the CKR_ATTRIBUTE_SENSITIVE error message means - Java tried to access the raw bytes of the derived key, but it is marked as sensitive.

The Java KeyAgreement class does support a version of generateSecret() that will return a Key object, but you have to pass the algorithm string "TlsPremasterSecret" (anything else will be rejected by the P11ECDHKeyAgreement class). This will generally stop the key being useful because it will be rejected for having the wrong algorithm when you try to use it. (Not to mention that this key is the raw shared secret, which should really be passed through a KDF/hash before being used as a cryptographic key).

So really your only option is to mark derived keys as non-sensitive and extractable by adding lines like the following to your PKCS#11 configuration file:

attributes(generate,CKO_SECRET_KEY,CKK_GENERIC_SECRET) = {
  CKA_SENSITIVE = false
  CKA_EXTRACTABLE = true
}