Quantcast

CryptoServicesPermission" "exportPrivateKey" clarification/risks

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

CryptoServicesPermission" "exportPrivateKey" clarification/risks

Melanie Coggan

Hi everyone,

 

We're working on getting our software to run in FIPS mode, so we're integrating with the Bouncy Castle FIPS modules. We also happen to be running with Java's Security Manager on. As a result, when trying to write to an SSLSocket, we're getting the following:

Access denied

Permission that failed: ("org.bouncycastle.crypto.CryptoServicesPermission" "exportPrivateKey" "[exportPrivateKey]")

Stack trace causing the failure:

       java.lang.SecurityManager.checkPermission(SecurityManager.java:549)

       org.bouncycastle.crypto.asymmetric.KeyUtils.checkPermission(Unknown Source)

       org.bouncycastle.crypto.asymmetric.AsymmetricRSAPrivateKey.checkCanRead(Unknown Source)

       org.bouncycastle.crypto.asymmetric.AsymmetricRSAPrivateKey.getP(Unknown Source)

       org.bouncycastle.jcajce.provider.ProvRSA$RSAKeyFactory.toProviderKey(Unknown Source)

       org.bouncycastle.jcajce.provider.ProvRSA$RSAKeyFactory.generatePrivate(Unknown Source)

       org.bouncycastle.jcajce.provider.ProvRSA$RSAKeyFactory.generatePrivate(Unknown Source)

       org.bouncycastle.jcajce.provider.ProvRSA$RSAKeyFactory.engineGeneratePrivate(Unknown Source)

       org.bouncycastle.jcajce.provider.ProvBCFKS$BCFIPSKeyStoreSpi.engineGetKey(Unknown Source)

       sun.security.ssl.X509KeyManagerImpl.getEntry(X509KeyManagerImpl.java:276)

       sun.security.ssl.X509KeyManagerImpl.getPrivateKey(X509KeyManagerImpl.java:114)

       sun.security.ssl.ServerHandshaker.setupPrivateKeyAndChain(ServerHandshaker.java:1461)

       sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1202)

       sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1025)

       sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:740)

       sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:223)

       sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

       sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

       sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

       sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

       sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)

       sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

       sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)

       sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)

       sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)

       sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)

       java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)

       java.io.BufferedWriter.flush(BufferedWriter.java:254)

       java.io.PrintWriter.newLine(PrintWriter.java:482)

       java.io.PrintWriter.println(PrintWriter.java:629)

       java.io.PrintWriter.println(PrintWriter.java:740)

       com.test.testSocket.TestSocketManager.doOpenSSLServerSocket(TestSocketManager.java:135)

                               

The offending call is:

// Acquire the sslsocket through custom socket factory

PrintWriter out = new PrintWriter(sslsocket.getOutputStream(), true);

out.println(new Date().toString()); // <--- this guy right here

 

 

Now, we can easily grant our code the exportPrivateKey permission. In fact, we've done so in a few other places. However, we are a framework, and have third parties who build software with our code, and we're typically a lot stricter about what permissions we open up in those cases.

 

The Question

Here’s what I need to know: what are the potential risks of granting this permission? What could an attacker do with it? Is this restricted to pulling the private key out of the BCFIPS key store, or is it used in other places?

 

Bonus Points

Ideally, we would hide the offending code behind an API and wrap it in a doPrivileged block, removing the need to grant this permission to anyone but our core code. We can't create a custom X509KeyManager implementation, due to restrictions of the JSSE in FIPS mode.  We do offer custom socket factories, so we could, in theory, use a custom SSLSocket implementation, although that comes with its own set of complications. If anyone can think of another good place we could hook into to wrap this code in a doPrivileged block, that'd be pretty neat. J

 

Thanks!

-Melanie

 


smime.p7s (7K) Download Attachment
Loading...