diff options
author | Christina Fu <cfu@redhat.com> | 2014-12-02 14:38:08 -0800 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2014-12-19 11:17:34 -0800 |
commit | 4c910296a6c6c8bf74fbdace740680db2f1fecab (patch) | |
tree | 1d0d53e8f72c7f219830d387f228003074faf98a /base/server/cmsbundle | |
parent | 00b1c33272900613687448ccab7809ba794679f6 (diff) | |
download | pki-4c910296a6c6c8bf74fbdace740680db2f1fecab.tar.gz pki-4c910296a6c6c8bf74fbdace740680db2f1fecab.tar.xz pki-4c910296a6c6c8bf74fbdace740680db2f1fecab.zip |
Ticket #864 866 (part 1 symkey, common) NIST SP800-108 KDF
- this patch does not include TPS side of changes:
(#865 needs to be rewritten in Java)
Diffstat (limited to 'base/server/cmsbundle')
-rw-r--r-- | base/server/cmsbundle/src/LogMessages.properties | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/base/server/cmsbundle/src/LogMessages.properties b/base/server/cmsbundle/src/LogMessages.properties index dfa23c15b..ef3872c8d 100644 --- a/base/server/cmsbundle/src/LogMessages.properties +++ b/base/server/cmsbundle/src/LogMessages.properties @@ -2263,6 +2263,13 @@ LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4=<type=COMPU # SubjectID must be the CUID of the token establishing the secure channel # AgentID must be the trusted agent id used to make the request LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3=<type=COMPUTE_SESSION_KEY_REQUEST>:[AuditEvent=COMPUTE_SESSION_KEY_REQUEST][SubjectID={0}][Outcome={1}][AgentID={2}] TKS Compute session key request +## AC: KDF SPEC CHANGE - Need to log both the KDD and CUID, not just the +## CUID. Renamed to "CUID_encoded" and "KDD_encoded" to reflect fact that +## encoded parameters are being logged. +# CUID_encoded must be the special-encoded CUID of the token establishing the secure channel +# KDD_encoded must be the special-encoded KDD of the token establishing the secure channel +LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_4=<type=COMPUTE_SESSION_KEY_REQUEST>:[AuditEvent=COMPUTE_SESSION_KEY_REQUEST][CUID_encoded={0}][KDD_encoded={1}][Outcome={2}][AgentID={3}] TKS Compute session key request + # # # LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS @@ -2277,6 +2284,19 @@ LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3=<type=COMPUTE_SESSION_KEY_REQ # KeyNickName is the number keyset ex: #01#01 # LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8=<type=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS>:[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS][SubjectID={0}][Outcome={1}][status={2}][AgentID={3}][IsCryptoValidate={4}][IsServerSideKeygen={5}][SelectedToken={6}][KeyNickName={7}] TKS Compute session key request processed successfully +## AC: KDF SPEC CHANGE - Need to log both the KDD and CUID, not just the +## CUID. Renamed to "CUID_decoded" and "KDD_decoded" to reflect fact +## that decoded parameters are now logged. +## Also added TKSKeyset, KeyInfo_KeyVersion, +## NistSP800_108KdfOnKeyVersion, NistSP800_108KdfUseCuidAsKdd +# CUID_decoded must be the ASCII-HEX representation of the CUID of the token establishing the secure channel +# KDD_decoded must be the ASCII-HEX representation of the KDD of the token establishing the secure channel +# TKSKeyset is the name of the TKS keyset being used for this request. +# KeyInfo_KeyVersion is the key version number requested in hex. +# NistSP800_108KdfOnKeyVersion lists the value of the corresponding setting in hex. +# NistSP800_108KdfUseCuidAsKdd lists the value of the corresponding setting in hex. +LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_13=<type=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS>:[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS][CUID_decoded={0}][KDD_decoded={1}][Outcome={2}][status={3}][AgentID={4}][IsCryptoValidate={5}][IsServerSideKeygen={6}][SelectedToken={7}][KeyNickName={8}][TKSKeyset={9}][KeyInfo_KeyVersion={10}][NistSP800_108KdfOnKeyVersion={11}][NistSP800_108KdfUseCuidAsKdd={12}] TKS Compute session key request processed successfully + # # # LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE @@ -2293,6 +2313,16 @@ LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8=<type=COMPU # Error gives the error message LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9=<type=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE>:[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][SubjectID={0}][Outcome={1}][status={2}][AgentID={3}][IsCryptoValidate={4}][IsServerSideKeygen={5}][SelectedToken={7}][KeyNickName={7}][Error={8}] TKS Compute session key request failed # +## AC: KDF SPEC CHANGE - Need to log both the KDD and CUID, not just the CUID. Renamed to "CUID_decoded" and "KDD_decoded" to reflect fact that decoded parameters are now logged. +## Also added TKSKeyset, KeyInfo_KeyVersion, NistSP800_108KdfOnKeyVersion, NistSP800_108KdfUseCuidAsKdd +# CUID_decoded must be the ASCII-HEX representation of the CUID of the token establishing the secure channel +# KDD_decoded must be the ASCII-HEX representation of the KDD of the token establishing the secure channel +# TKSKeyset is the name of the TKS keyset being used for this request. +# KeyInfo_KeyVersion is the key version number requested in hex. +# NistSP800_108KdfOnKeyVersion lists the value of the corresponding setting in hex. +# NistSP800_108KdfUseCuidAsKdd lists the value of the corresponding setting in hex +LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_14=<type=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE>:[AuditEvent=COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded={0}][KDD_decoded={1}][Outcome={2}][status={3}][AgentID={4}][IsCryptoValidate={5}][IsServerSideKeygen={6}][SelectedToken={7}][KeyNickName={8}][TKSKeyset={9}][KeyInfo_KeyVersion={10}][NistSP800_108KdfOnKeyVersion={11}][NistSP800_108KdfUseCuidAsKdd={12}][Error={13}] TKS Compute session key request failed + # LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST # - request for TPS to TKS to do key change over @@ -2303,6 +2333,11 @@ LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9=<type=COMPU # newMasterKeyName is the new master key name LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5=<type=DIVERSIFY_KEY_REQUEST>:[AuditEvent=DIVERSIFY_KEY_REQUEST][SubjectID={0}][Outcome={1}][AgentID={2}][oldMasterKeyName={3}][newMasterKeyName={4}] TKS Key Change Over request # +## AC: KDF SPEC CHANGE - Need to log both the KDD and CUID, not just the CUID. Renamed to "CUID_encoded" and "KDD_encoded" to reflect fact that encoded parameters are being logged. +# CUID_encoded must be the special-encoded CUID of the token establishing the secure channel +# KDD_encoded must be the special-encoded KDD of the token establishing the secure channel +LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_6=<type=DIVERSIFY_KEY_REQUEST>:[AuditEvent=DIVERSIFY_KEY_REQUEST][CUID_encoded={0}][KDD_encoded={1}][Outcome={2}][AgentID={3}][oldMasterKeyName={4}][newMasterKeyName={5}] TKS Key Change Over request + ########################### # LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS # - request for TPS to TKS to do key change over request processed @@ -2314,6 +2349,17 @@ LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5=<type=DIVERSIFY_KEY_REQUEST>:[Audit # newMasterKeyName is the new master key name LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6=<type=DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS>:[AuditEvent=DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS][SubjectID={0}][Outcome={1}][status={2}][AgentID={3}][oldMasterKeyName={4}][newMasterKeyName={5}] TKS Key Change Over request processed successfully # +## AC: KDF SPEC CHANGE - Need to log both the KDD and CUID, not just the CUID. Renamed to "CUID_decoded" and "KDD_decoded" to reflect fact that decoded parameters are now logged. +## Also added TKSKeyset, OldKeyInfo_KeyVersion, NewKeyInfo_KeyVersion, NistSP800_108KdfOnKeyVersion, NistSP800_108KdfUseCuidAsKdd +# CUID_decoded must be the ASCII-HEX representation of the CUID of the token establishing the secure channel +# KDD_decoded must be the ASCII-HEX representation of the KDD of the token establishing the secure channel +# TKSKeyset is the name of the TKS keyset being used for this request. +# OldKeyInfo_KeyVersion is the old key version number in hex. +# NewKeyInfo_KeyVersion is the new key version number in hex. +# NistSP800_108KdfOnKeyVersion lists the value of the corresponding setting in hex. +# NistSP800_108KdfUseCuidAsKdd lists the value of the corresponding setting in hex. +LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_12=<type=DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS>:[AuditEvent=DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS][CUID_decoded={0}][KDD_decoded={1}][Outcome={2}][status={3}][AgentID={4}][oldMasterKeyName={5}][newMasterKeyName={6}][TKSKeyset={7}][OldKeyInfo_KeyVersion={8}][NewKeyInfo_KeyVersion={9}][NistSP800_108KdfOnKeyVersion={10}][NistSP800_108KdfUseCuidAsKdd={11}] TKS Key Change Over request processed successfully + # ########################### # LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE @@ -2327,6 +2373,16 @@ LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6=<type=DIVERSIFY_K # Error gives the error message LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7=<type=DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE>:[AuditEvent=DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE][SubjectID={0}][Outcome={1}][status={2}][AgentID={3}][oldMasterKeyName={4}][newMasterKeyName={5}][Error={6}] TKS Key Change Over request failed # +## AC: KDF SPEC CHANGE - Need to log both the KDD and CUID, not just the CUID. Renamed to "CUID_decoded" and "KDD_decoded" to reflect fact that decoded parameters are now logged. +## Also added TKSKeyset, OldKeyInfo_KeyVersion, NewKeyInfo_KeyVersion, NistSP800_108KdfOnKeyVersion, NistSP800_108KdfUseCuidAsKdd +# CUID_decoded must be the ASCII-HEX representation of the CUID of the token establishing the secure channel +# KDD_decoded must be the ASCII-HEX representation of the KDD of the token establishing the secure channel +# TKSKeyset is the name of the TKS keyset being used for this request. +# OldKeyInfo_KeyVersion is the old key version number in hex. +# NewKeyInfo_KeyVersion is the new key version number in hex. +# NistSP800_108KdfOnKeyVersion lists the value of the corresponding setting in hex. +# NistSP800_108KdfUseCuidAsKdd lists the value of the corresponding setting in hex +LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_13=<type=DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE>:[AuditEvent=DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE][CUID_decoded={0}][KDD_decoded={1}][Outcome={2}][status={3}][AgentID={4}][oldMasterKeyName={5}][newMasterKeyName={6}][TKSKeyset={7}][OldKeyInfo_KeyVersion={8}][NewKeyInfo_KeyVersion={9}][NistSP800_108KdfOnKeyVersion={10}][NistSP800_108KdfUseCuidAsKdd={11}][Error={12}] TKS Key Change Over request failed # LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST # - request from TPS to TKS to encrypt data @@ -2337,6 +2393,11 @@ LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7=<type=DIVERSIFY_K # isRandom tells if the data is randomly generated on TKS LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4=<type=ENCRYPT_DATA_REQUEST>:[AuditEvent=ENCRYPT_DATA_REQUEST][SubjectID={0}][status={1}][AgentID={2}][isRandom={3}] TKS encrypt data request # +## AC: KDF SPEC CHANGE - Need to log both the KDD and CUID, not just the CUID. Renamed to "CUID_encoded" and "KDD_encoded" to reflect fact that encoded parameters are being logged. +# CUID_encoded must be the special-encoded CUID of the token establishing the secure channel +# KDD_encoded must be the special-encoded KDD of the token establishing the secure channel +LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_5=<type=ENCRYPT_DATA_REQUEST>:[AuditEvent=ENCRYPT_DATA_REQUEST][CUID_encoded={0}][KDD_encoded={1}][status={2}][AgentID={3}][isRandom={4}] TKS encrypt data request + # # LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS # - request from TPS to TKS to encrypt data @@ -2350,6 +2411,16 @@ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4=<type=ENCRYPT_DATA_REQUEST>:[AuditEv # KeyNickName is the numeric keyset ex: #01#01 LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7=<type=ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS>:[AuditEvent=ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS][SubjectID={0}][Outcome={1}][status={2}][AgentID={3}][isRandom={4}][SelectedToken={5}][KeyNickName={6}] TKS encrypt data request processed successfully # +## AC: KDF SPEC CHANGE - Need to log both the KDD and CUID, not just the CUID. Renamed to "CUID_decoded" and "KDD_decoded" to reflect fact that decoded parameters are now logged. +## Also added TKSKeyset, KeyInfo_KeyVersion, NistSP800_108KdfOnKeyVersion, NistSP800_108KdfUseCuidAsKdd +# CUID_decoded must be the ASCII-HEX representation of the CUID of the token establishing the secure channel +# KDD_decoded must be the ASCII-HEX representation of the KDD of the token establishing the secure channel +# TKSKeyset is the name of the TKS keyset being used for this request. +# KeyInfo_KeyVersion is the key version number requested in hex. +# NistSP800_108KdfOnKeyVersion lists the value of the corresponding setting in hex. +# NistSP800_108KdfUseCuidAsKdd lists the value of the corresponding setting in hex. +LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_12=<type=ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS>:[AuditEvent=ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS][CUID_decoded={0}][KDD_decoded={1}][Outcome={2}][status={3}][AgentID={4}][isRandom={5}][SelectedToken={6}][KeyNickName={7}][TKSKeyset={8}][KeyInfo_KeyVersion={9}][NistSP800_108KdfOnKeyVersion={10}][NistSP800_108KdfUseCuidAsKdd={11}] TKS encrypt data request processed successfully + # # LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE # - request from TPS to TKS to encrypt data @@ -2364,6 +2435,15 @@ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7=<type=ENCRYPT_DATA # Error gives the error message LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8=<type=ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE>:[AuditEvent=ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE][SubjectID={0}][Outcome={1}][status={2}][AgentID={3}][isRandom={4}][SelectedToken={5}][KeyNickName={6}][Error={7}] TKS encrypt data request failed # +## AC: KDF SPEC CHANGE - Need to log both the KDD and CUID, not just the CUID. Renamed to "CUID_decoded" and "KDD_decoded" to reflect fact that decoded parameters are now logged. +## Also added TKSKeyset, KeyInfo_KeyVersion, NistSP800_108KdfOnKeyVersion, NistSP800_108KdfUseCuidAsKdd +# CUID_decoded must be the ASCII-HEX representation of the CUID of the token establishing the secure channel +# KDD_decoded must be the ASCII-HEX representation of the KDD of the token establishing the secure channel +# TKSKeyset is the name of the TKS keyset being used for this request. +# KeyInfo_KeyVersion is the key version number requested in hex. +# NistSP800_108KdfOnKeyVersion lists the value of the corresponding setting in hex. +# NistSP800_108KdfUseCuidAsKdd lists the value of the corresponding setting in hex. +LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_13=<type=ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE>:[AuditEvent=ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE][CUID_decoded={0}][KDD_decoded={1}][Outcome={2}][status={3}][AgentID={4}][isRandom={5}][SelectedToken={6}][KeyNickName={7}][TKSKeyset={8}][KeyInfo_KeyVersion={9}][NistSP800_108KdfOnKeyVersion={10}][NistSP800_108KdfUseCuidAsKdd={11}][Error={12}] TKS encrypt data request failed # # # LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE |