diff options
| author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-06-02 15:40:52 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-06-02 16:34:56 -0700 |
| commit | a614eb15476adb00df571d3ea05fdd8ea282141d (patch) | |
| tree | d76d963d47b473ca75deaa2c5ecff830bbe1fedd | |
| parent | 29dbed75f1c214a065cd3bcc438d0584fd980d4f (diff) | |
| download | pki-a614eb15476adb00df571d3ea05fdd8ea282141d.tar.gz pki-a614eb15476adb00df571d3ea05fdd8ea282141d.tar.xz pki-a614eb15476adb00df571d3ea05fdd8ea282141d.zip | |
Resolve #1663 Add SCP03 support .
This particular fix resolves a simple issue when formatting a token in FIPS mode for SCP03.
| -rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java | 7 | ||||
| -rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java | 4 |
2 files changed, 8 insertions, 3 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java index 5e5646b40..3b80f2743 100644 --- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java +++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java @@ -421,10 +421,11 @@ public class SecureChannel { throw new TPSException(method + "Failed to calculate card cryptogram!", TPSStatus.STATUS_ERROR_SECURE_CHANNEL); } - CMS.debug(method + " dumped macSessionKey: " + new TPSBuffer(macSessionKey.getEncoded()).toHexString() ); + if(cardCryptogram != null) + CMS.debug(method + " actual card cryptogram " + cardCryptogram.toHexString()); - CMS.debug(method + " actual card cryptogram " + cardCryptogram.toHexString()); - CMS.debug(method + " calculated card cryptogram " + calculatedCardCryptogram.toHexString()); + if(calculatedCardCryptogram != null) + CMS.debug(method + " calculated card cryptogram " + calculatedCardCryptogram.toHexString()); ExternalAuthenticateAPDUGP211 externalAuth = new ExternalAuthenticateAPDUGP211(hostCryptogram, /* secLevel */secLevelGP211); diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 0f9691556..e1a574878 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -957,6 +957,10 @@ public class TPSProcessor { kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + CMS.debug(" encSessionKeySCP03 " + encSessionKeySCP03); + CMS.debug(" macSessionKeySCP03 " + macSessionKeySCP03); + CMS.debug(" kekSessionKeySCP03 " + kekSessionKeySCP03); + channel = new SecureChannel(this, encSessionKeySCP03, macSessionKeySCP03, kekSessionKeySCP03, drmDesKeyBuff, kekDesKeyBuff, keyCheckBuff, keyDiversificationData, cardChallenge, |