diff options
| author | Jack Magne <jmagne@redhat.com> | 2014-10-13 13:40:59 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@redhat.com> | 2015-02-27 18:44:07 -0800 |
| commit | f39e3387f8a671ef97a08d1c0c3e4b2b6fd65ad3 (patch) | |
| tree | 256bd8cca169f87c99c8ef6874b173bed3f1db4e /base/server/cms/src/org/dogtagpki/server | |
| parent | 7b1d897ba4cf9de1459d2aad37e969ce9a93a05a (diff) | |
| download | pki-f39e3387f8a671ef97a08d1c0c3e4b2b6fd65ad3.tar.gz pki-f39e3387f8a671ef97a08d1c0c3e4b2b6fd65ad3.tar.xz pki-f39e3387f8a671ef97a08d1c0c3e4b2b6fd65ad3.zip | |
Ticket: TPS Rewrite: Implement Secure Channel Protocol 02 (#883).
First cut of gp211 and scp protocol 02 for tokens.
Allow token operations using a GP211 token over secure channel protocol 02.
This patch supports the following:
1. Token operations with a GP211 card and SCP02 protocol, implementation 15.
2. Token still supports GP201 cards with SCP01.
3. SCP02 tested with SC650 gp211/scp02 card.
Things still to do:
1. Right now the SCP02 support has been tested with the current gp201 applet and
enrollment and formatting works just fine. We need to modify and compile the applet
against the GP211 spec and retest to see if any further changes are needed.
2. The nistSP800 key derivation stuff is not completed for the SCP02 protocol. Some
of the routines are self contained vs similar SCP01 ones. We have another ticket to
complete the nistSP800 support from end to end. This work will be done for that ticket.
3. One of the new scp02 deriviation functions can make use of a new NSS derive mechanism.
As of now this work is done by simple encryption, this can be done later.
4. The security APDU level of "RMAC" is not supported because the card does not support it.
It could have been done to the spec, but it having the card to test is more convenient and there
were more crucial issues to this point.
Diffstat (limited to 'base/server/cms/src/org/dogtagpki/server')
| -rw-r--r-- | base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java b/base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java index a383a4b0f..ebaf12636 100644 --- a/base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java +++ b/base/server/cms/src/org/dogtagpki/server/connector/IRemoteRequest.java @@ -34,6 +34,9 @@ public interface IRemoteRequest { public static final String RESPONSE_STATUS_XML = "Status"; // TKS request params + public static final String CHANNEL_PROTOCOL = "protocol"; + public static final String SEQUENCE_COUNTER = "sequenceCounter"; + public static final String DERIVATION_CONSTANT = "derivationConstant"; public static final String SERVER_SIDE_KEYGEN = "serversideKeygen"; public static final String TOKEN_CARD_CHALLENGE = "card_challenge"; public static final String TOKEN_HOST_CHALLENGE = "host_challenge"; @@ -43,6 +46,7 @@ public interface IRemoteRequest { public static final String TOKEN_DATA_NUM_BYTES = "dataNumBytes"; public static final String TOKEN_NEW_KEYINFO = "newKeyInfo"; public static final String TOKEN_DATA = "data"; + public static final String WRAPPED_DEK_SESSION_KEY = "wrappedDekKey"; // TKS response params /* computeSessionKey responses */ |