Package com.netscape.cms.servlet.tks
Class NistSP800_108KDF
- java.lang.Object
-
- com.netscape.cms.servlet.tks.KDF
-
- com.netscape.cms.servlet.tks.NistSP800_108KDF
-
public class NistSP800_108KDF extends KDF
-
-
Field Summary
Fields Modifier and Type Field Description static byte
CARD_CRYPTO_KDF_CONSTANT
static byte
ENC_KDF_CONSTANT
static byte
HOST_CRYPTO_KDF_CONSTANT
static byte
MAC_KDF_CONSTANT
static byte
RMAC_KDF_CONSTANT
static int
SHA256_LENGTH
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static byte[]
computeAES_CMAC(org.mozilla.jss.crypto.SymmetricKey aesKey, byte[] input)
java.util.Map<java.lang.String,org.mozilla.jss.crypto.SymmetricKey>
computeCardKeys(org.mozilla.jss.crypto.SymmetricKey masterKey, byte[] context, org.mozilla.jss.crypto.CryptoToken token)
Generates three PK11SymKey objects using the KDF_CM_SHA256HMAC_L384() function for key data.byte[]
kdf_AES_CMAC_SCP03(org.mozilla.jss.crypto.SymmetricKey masterKey, byte[] context, byte kdfConstant, int kdfOutputSizeBytes)
static void
main(java.lang.String[] args)
static boolean
useThisKDF(byte nistSP800_108KDFonKeyVersion, byte requestedKeyVersion)
-
Methods inherited from class com.netscape.cms.servlet.tks.KDF
getDesParity, getDiversificationData_EMV, getDiversificationData_VISA2
-
-
-
-
Field Detail
-
SHA256_LENGTH
public static final int SHA256_LENGTH
- See Also:
- Constant Field Values
-
ENC_KDF_CONSTANT
public static final byte ENC_KDF_CONSTANT
- See Also:
- Constant Field Values
-
MAC_KDF_CONSTANT
public static final byte MAC_KDF_CONSTANT
- See Also:
- Constant Field Values
-
RMAC_KDF_CONSTANT
public static final byte RMAC_KDF_CONSTANT
- See Also:
- Constant Field Values
-
CARD_CRYPTO_KDF_CONSTANT
public static final byte CARD_CRYPTO_KDF_CONSTANT
- See Also:
- Constant Field Values
-
HOST_CRYPTO_KDF_CONSTANT
public static final byte HOST_CRYPTO_KDF_CONSTANT
- See Also:
- Constant Field Values
-
-
Method Detail
-
useThisKDF
public static boolean useThisKDF(byte nistSP800_108KDFonKeyVersion, byte requestedKeyVersion)
-
computeCardKeys
public java.util.Map<java.lang.String,org.mozilla.jss.crypto.SymmetricKey> computeCardKeys(org.mozilla.jss.crypto.SymmetricKey masterKey, byte[] context, org.mozilla.jss.crypto.CryptoToken token) throws EBaseException
Generates three PK11SymKey objects using the KDF_CM_SHA256HMAC_L384() function for key data. After calling KDF_CM_SHA256HMAC_L384, the function splits up the output, sets DES parity, and imports the keys into the token. Careful: This function currently generates the key data **IN RAM** using calls to NSS sha256. The key data is then "unwrapped" (imported) to the NSS token and then erased from RAM. (This means that a malicious actor on the box could steal the key data.) Note: Returned key material from the KDF is converted into keys according to the following: Bytes 0 - 15 : enc/auth key Bytes 16 - 31 : mac key Bytes 32 - 47 : kek key We chose this order to conform with the key order used by the PUT KEY command.- Throws:
EBaseException
-
kdf_AES_CMAC_SCP03
public byte[] kdf_AES_CMAC_SCP03(org.mozilla.jss.crypto.SymmetricKey masterKey, byte[] context, byte kdfConstant, int kdfOutputSizeBytes) throws EBaseException
- Throws:
EBaseException
-
computeAES_CMAC
public static byte[] computeAES_CMAC(org.mozilla.jss.crypto.SymmetricKey aesKey, byte[] input) throws EBaseException
- Throws:
EBaseException
-
main
public static void main(java.lang.String[] args)
-
-