diff options
| author | Ade Lee <alee@redhat.com> | 2017-06-08 16:08:30 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-06-08 20:20:46 -0400 |
| commit | 5bf30f2f6a52b7164ba31ab12ed2317b2c572610 (patch) | |
| tree | d6ed45eb8266a328c1308198dba659e4eceec753 /base/java-tools/src | |
| parent | 0e7cf72f4a6ec81fcbb8b3ac83f1eb2921f9bdb0 (diff) | |
| download | pki-5bf30f2f6a52b7164ba31ab12ed2317b2c572610.tar.gz pki-5bf30f2f6a52b7164ba31ab12ed2317b2c572610.tar.xz pki-5bf30f2f6a52b7164ba31ab12ed2317b2c572610.zip | |
Stop using hardcoded IV in CMC
Bugzilla #BZ 1458055
Change-Id: I229d7f18c46f0b55ec83f051614de1b59e125b82
Diffstat (limited to 'base/java-tools/src')
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/CMCRequest.java | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java index 8d49b209b..4adf22ba3 100644 --- a/base/java-tools/src/com/netscape/cmstools/CMCRequest.java +++ b/base/java-tools/src/com/netscape/cmstools/CMCRequest.java @@ -40,6 +40,7 @@ import java.util.StringTokenizer; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.asn1.ANY; import org.mozilla.jss.asn1.ASN1Util; +import org.mozilla.jss.asn1.ASN1Value; import org.mozilla.jss.asn1.BIT_STRING; import org.mozilla.jss.asn1.ENUMERATED; import org.mozilla.jss.asn1.GeneralizedTime; @@ -1708,6 +1709,12 @@ public class CMCRequest { try { TaggedRequest request = encryptedPop.getRequest(); AlgorithmIdentifier thePOPAlgID = encryptedPop.getThePOPAlgID(); + + ASN1Value v = thePOPAlgID.getParameters(); + v = ((ANY) v).decodeWith(new OCTET_STRING.Template()); + byte iv[] = ((OCTET_STRING) v).toByteArray(); + IVParameterSpec ivps = new IVParameterSpec(iv); + AlgorithmIdentifier witnessAlgID = encryptedPop.getWitnessAlgID(); OCTET_STRING witness = encryptedPop.getWitness(); ContentInfo cms = encryptedPop.getContentInfo(); @@ -1734,13 +1741,9 @@ public class CMCRequest { } System.out.println(method + "symKey unwrapped."); - // TODO(alee) The code below should be replaced by code that generates a random IV - byte[] iv = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; - IVParameterSpec default_iv = new IVParameterSpec(iv); - byte challenge[] = CryptoUtil.decryptUsingSymmetricKey( token, - default_iv, + ivps, encCI.getEncryptedContent().toByteArray(), symKey, EncryptionAlgorithm.AES_128_CBC); |