diff options
| author | Ade Lee <alee@redhat.com> | 2017-05-26 22:57:07 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-05-31 22:15:23 -0400 |
| commit | 0984d8a114b326a75b2c32cd9da2b7dee23920bb (patch) | |
| tree | b2eb036cdda0d9119d23be0e187dc4288373b13f /base/java-tools/src | |
| parent | 4cdb7ca8dcafd7709c4ed97c1e1054da21443aae (diff) | |
| download | pki-0984d8a114b326a75b2c32cd9da2b7dee23920bb.tar.gz pki-0984d8a114b326a75b2c32cd9da2b7dee23920bb.tar.xz pki-0984d8a114b326a75b2c32cd9da2b7dee23920bb.zip | |
Convert CMC code to use AES
* Switched out CrytoUtil calls that use DES and replaced them
with AES equivalents. Removed these now unneeded methods.
* Added 16 byte constant IV for AES operations. This must be
replaced by a randomly generated IV. Added TODOs where IVs
should be replaced.
* Corrected misspellings of "enreypted" in both request fields
and variable names
* Removed some code from null checks where the result could
never be null. These cases were flagged in eclipse as dead
code.
Change-Id: Iec0c0e86fd772af8b3c9588f11a0ea1e517776fb
Diffstat (limited to 'base/java-tools/src')
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/CMCRequest.java | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java index 9c4140304..8d49b209b 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java @@ -52,6 +52,9 @@ import org.mozilla.jss.asn1.SET; import org.mozilla.jss.asn1.UTF8String; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.crypto.DigestAlgorithm; +import org.mozilla.jss.crypto.EncryptionAlgorithm; +import org.mozilla.jss.crypto.IVParameterSpec; +import org.mozilla.jss.crypto.KeyWrapAlgorithm; import org.mozilla.jss.crypto.ObjectNotFoundException; import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.crypto.Signature; @@ -1718,19 +1721,30 @@ public class CMCRequest { CryptoToken token = CryptoUtil.getKeyStorageToken(tokenName); SymmetricKey symKey = CryptoUtil.unwrap( token, + SymmetricKey.AES, + 128, SymmetricKey.Usage.DECRYPT, privKey, - recipient.getEncryptedKey().toByteArray()); + recipient.getEncryptedKey().toByteArray(), + KeyWrapAlgorithm.RSA); + if (symKey == null) { System.out.println(method + "symKey returned null from CryptoUtil.unwrap(). Abort!"); System.exit(1); } System.out.println(method + "symKey unwrapped."); + // TODO(alee) The code below should be replaced by code that generates a random IV + byte[] iv = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + IVParameterSpec default_iv = new IVParameterSpec(iv); + byte challenge[] = CryptoUtil.decryptUsingSymmetricKey( token, + default_iv, encCI.getEncryptedContent().toByteArray(), - symKey); + symKey, + EncryptionAlgorithm.AES_128_CBC); + if (challenge == null) { System.out .println(method + "challenge returned null from CryptoUtil.decryptUsingSymmetricKey(). Abort!"); |