Skip to content

Commit

Permalink
Phase 1: Bug 1698059 - pki-core implements crypto. (#230)
Browse files Browse the repository at this point in the history 
Phase 1 consists of commenting out illegal implementations of CMAC and HMAC
cyrpto algorithms. The HMACDigest jave class has been removed and replaced with
legal JSS / NSS HMAC based algorithms.
  • Loading branch information
@jmagne
jmagne authored Jul 19, 2019
1 parent 8297ef9 commit 3d03e65
Show file tree
Hide file tree
Showing 8 changed files with 197 additions and 243 deletions.
21 changes: 20 additions & 1 deletion base/common/src/org/dogtagpki/tps/main/Util.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,15 @@ public static TPSBuffer computeMACdes3des(PK11SymKey symKey, TPSBuffer input, TP
}

//Use AES-CMAC (SCP03, counter method) to calculate cryptogram, constant determines whether it is a card or host cryptogram
//Stub for temporarily commented out routine.

public static TPSBuffer compute_AES_CMAC_Cryptogram(SymmetricKey symKey, TPSBuffer context, byte kdfConstant)
throws EBaseException {

throw new EBaseException("Not Implemented");
}

/*
public static TPSBuffer compute_AES_CMAC_Cryptogram(SymmetricKey symKey, TPSBuffer context, byte kdfConstant)
throws EBaseException {
Expand Down Expand Up @@ -402,10 +411,20 @@ public static TPSBuffer compute_AES_CMAC_Cryptogram(SymmetricKey symKey, TPSBuff
return output.substr(0,8);
}
*/

// Implements agorithm http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf
// Input an aes key of 128, 192, or 256 bits
//


//Stub for temporarily commented out routine.

public static TPSBuffer computeAES_CMAC(SymmetricKey aesKey, TPSBuffer input) throws EBaseException {
throw new EBaseException("Not Implemented!");
}

/*
public static TPSBuffer computeAES_CMAC(SymmetricKey aesKey, TPSBuffer input) throws EBaseException {
String method = "Util.computeAES_CMAC:";
Expand Down Expand Up @@ -532,7 +551,7 @@ private static byte[] getAES_CMAC_SubKey(byte[] input) {
}
return output;
}

*/
public static TPSBuffer computeMAC(PK11SymKey symKey, TPSBuffer input, TPSBuffer icv) throws EBaseException {
TPSBuffer output = null;
TPSBuffer result = null;
Expand Down
57 changes: 31 additions & 26 deletions base/java-tools/src/com/netscape/cmstools/CMCRequest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,12 @@
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Key;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.StringTokenizer;
import javax.crypto.Mac;

import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.asn1.ANY;
Expand Down Expand Up @@ -111,7 +113,6 @@
import org.mozilla.jss.util.Password;

import com.netscape.cmsutil.crypto.CryptoUtil;
import com.netscape.cmsutil.util.HMACDigest;

/**
* Tool for creating CMC full request
Expand Down Expand Up @@ -1071,14 +1072,15 @@ private static int addIdentityProofV2Attr(int bpid,
return -1;
}

MessageDigest mac;
Mac hmac;
try {
mac = MessageDigest.getInstance(CryptoUtil.getHMACtoMessageDigestName(macAlgString));
HMACDigest hmacDigest = new HMACDigest(mac, key);
hmacDigest.update(b);
finalDigest = hmacDigest.digest();
} catch (NoSuchAlgorithmException ex) {
System.out.println(method + "No such algorithm!");
hmac = Mac.getInstance(CryptoUtil.getHMACAlgName(macAlgString),"Mozilla-JSS");
Key secKey = CryptoUtil.importHmacSha1Key(key);
hmac.init(secKey);
hmac.update(b);
finalDigest = hmac.doFinal();
} catch (Exception ex) {
System.out.println(method + "Can't calucualte hmac digest: " + ex);
return -1;
}

Expand Down Expand Up @@ -1126,14 +1128,16 @@ private static int addIdentityProofAttr(int bpid, SEQUENCE seq, SEQUENCE reqSequ
return -1;
}

Mac hmac;
try {
MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key);
hmacDigest.update(b);
finalDigest = hmacDigest.digest();
} catch (NoSuchAlgorithmException ex) {
hmac = Mac.getInstance("HmacSHA1","Mozilla-JSS");
Key secKey = CryptoUtil.importHmacSha1Key(key);
hmac.init(secKey);
hmac.update(b);
finalDigest = hmac.doFinal();
} catch (Exception ex) {
System.out.println("CMCRequest::addIdentityProofAttr() - "
+ "No such algorithm!");
+ "Can't calculate hmac Digest!");
return -1;
}

Expand Down Expand Up @@ -1547,16 +1551,16 @@ private static PopLinkWitnessV2 createPopLinkWitnessV2Attr(
return null;
}

MessageDigest mac;
Mac hmac;
// (3) compute MAC over R from (1) using key from (2)
try {
mac = MessageDigest.getInstance(
CryptoUtil.getHMACtoMessageDigestName(macAlgString));
HMACDigest hmacDigest = new HMACDigest(mac, key);
hmacDigest.update(random_R);
finalDigest = hmacDigest.digest();
} catch (NoSuchAlgorithmException ex) {
System.out.println(method + "No such algorithm!");
hmac = Mac.getInstance(CryptoUtil.getHMACAlgName(macAlgString),"Mozilla-JSS");
Key secKey = CryptoUtil.importHmacSha1Key(key);
hmac.init(secKey);
hmac.update(random_R);
finalDigest = hmac.doFinal();
} catch (Exception ex) {
System.out.println(method + "Can't calculate Hmac digest! " + ex);
return null;
}

Expand Down Expand Up @@ -1887,10 +1891,11 @@ private static PKIData constructDecryptedPopRequest(
byte[] popProofValue = null;
try {
System.out.println(method + "calculating POP Proof Value");
MessageDigest SHA2Digest = MessageDigest.getInstance("SHA256");
HMACDigest hmacDigest = new HMACDigest(SHA2Digest, challenge);
hmacDigest.update(ASN1Util.encode(request));
popProofValue = hmacDigest.digest();
Mac hmac = Mac.getInstance("HmacSHA256","Mozilla-JSS");
Key secKey = CryptoUtil.importHmacSha1Key(challenge);
hmac.init(secKey);
hmac.update(ASN1Util.encode(request));
popProofValue = hmac.doFinal();
System.out.println(method + "popProofValue length = " + popProofValue.length);
} catch (Exception ex) {
CryptoUtil.obscureBytes(challenge, "random");
Expand Down
14 changes: 8 additions & 6 deletions base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,11 @@
import java.net.URLEncoder;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.PublicKey;
import javax.crypto.Mac;

import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.CommandLineParser;
Expand Down Expand Up @@ -88,7 +90,6 @@
import com.netscape.certsrv.client.ClientConfig;
import com.netscape.certsrv.client.PKIClient;
import com.netscape.cmsutil.crypto.CryptoUtil;
import com.netscape.cmsutil.util.HMACDigest;

/**
* A command-line utility used to generate a Certificate Request Message
Expand Down Expand Up @@ -756,11 +757,12 @@ public OCTET_STRING createIDPOPLinkWitness() throws Exception {
0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14,
0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69
};

MessageDigest digest2 = MessageDigest.getInstance("SHA1");
HMACDigest hmacDigest = new HMACDigest(digest2, key1);
hmacDigest.update(b);
byte[] finalDigest = hmacDigest.digest();

Mac hmac = Mac.getInstance("HmacSHA1","Mozilla-JSS");
Key secKey = CryptoUtil.importHmacSha1Key(key1);
hmac.init(secKey);
hmac.update(b);
byte[] finalDigest = hmac.doFinal();

return new OCTET_STRING(finalDigest);
}
Expand Down
9 changes: 6 additions & 3 deletions base/java-tools/src/com/netscape/cmstools/PKCS10Client.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,9 +279,12 @@ public static void main(String args[]) throws Exception {
0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14,
0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69 };
HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key1);
hmacDigest.update(b);
finalDigest = hmacDigest.digest();
Mac hmac = Mac.getInstance("HmacSHA1","Mozilla-JSS");
Key secKey = CryptoUtil.importHmacSha1Key(key1);
hmac.init(secKey);
hmac.update(b);
finalDigest = hmac.doFinal();
OCTET_STRING ostr = new OCTET_STRING(finalDigest);
Attribute attr = new Attribute(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr);
Expand Down
31 changes: 23 additions & 8 deletions base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
Expand All @@ -33,7 +34,7 @@
import java.util.Enumeration;
import java.util.Locale;
import java.util.StringTokenizer;

import javax.crypto.Mac;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.ASN1Value;
Expand Down Expand Up @@ -129,7 +130,6 @@
import com.netscape.cmscore.apps.CMSEngine;
import com.netscape.cmscore.security.JssSubsystem;
import com.netscape.cmsutil.crypto.CryptoUtil;
import com.netscape.cmsutil.util.HMACDigest;

/**
* This class implements a generic enrollment profile.
Expand Down Expand Up @@ -1257,9 +1257,15 @@ private BigInteger verifyDecryptedPOP(Locale locale,
logger.warn(msg);
return null;
}
HMACDigest hmacDigest = new HMACDigest(digest, challenge_b);
hmacDigest.update(cmc_msg);
byte[] proofValue = hmacDigest.digest();

Mac hmac;
String hmacAlgName = CryptoUtil.getHMACAlgName(CryptoUtil.getDefaultHashAlgName() + "-HMAC");
hmac = Mac.getInstance(hmacAlgName,"Mozilla-JSS");
Key secKey = CryptoUtil.importHmacSha1Key(challenge_b);
hmac.init(secKey);
hmac.update(cmc_msg);
byte[] proofValue = hmac.doFinal();

if (proofValue == null) {
msg = method + "proofValue null after hmacDigest.digest returned";
logger.warn(msg);
Expand Down Expand Up @@ -1618,11 +1624,20 @@ private boolean verifyDigest(byte[] sharedSecret, byte[] text, byte[] bv,
}
key = hashAlg.digest(sharedSecret);

Mac hmac;
byte[] finalDigest = null;
HMACDigest hmacDigest = new HMACDigest(macAlg, key);
hmacDigest.update(text);

finalDigest = hmacDigest.digest();
try {
hmac = Mac.getInstance(CryptoUtil.getHMACAlgName(macAlg.getAlgorithm() + "-HMAC"),"Mozilla-JSS");
Key secKey = CryptoUtil.importHmacSha1Key(key);
hmac.init(secKey);
hmac.update(text);
finalDigest = hmac.doFinal();
} catch (Exception e) {
logger.debug(method + "hmac exception: " + e);
//Old code expected to get something for finalDigest, possibly null
finalDigest = null;
}

if (finalDigest.length != bv.length) {
logger.warn(method + " The length of two HMAC digest are not the same.");
Expand Down
47 changes: 46 additions & 1 deletion base/server/cms/src/com/netscape/cms/servlet/tks/NistSP800_108KDF.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,18 @@ public Map<String, SymmetricKey> computeCardKeys(SymmetricKey masterKey, byte[]
}

//Compute the AES based CMAC operation. Used to derive session keys and cryptograms
//

// Stub version:

public byte[] kdf_AES_CMAC_SCP03(SymmetricKey masterKey, byte[] context, byte kdfConstant,
int kdfOutputSizeBytes) throws EBaseException {

throw new EBaseException("Not Implemented!");
}

// Comment out for now until can be moved
/*
public byte[] kdf_AES_CMAC_SCP03(SymmetricKey masterKey, byte[] context, byte kdfConstant,
int kdfOutputSizeBytes) throws EBaseException {
Expand Down Expand Up @@ -213,12 +225,22 @@ public byte[] kdf_AES_CMAC_SCP03(SymmetricKey masterKey, byte[] context, byte kd
return output.toByteArray();
}
*/

/*******************************************************************************
Key Derivation Function in Counter Mode using PRF = SHA256HMAC (NIST SP 800-108)
Calculates 384 bits of diversified output from the provided master key (K_I)
*******************************************************************************/

// Stub:
private byte[] kdf_CM_SHA256_HMAC_L384(SymmetricKey masterKey, byte[] context, byte kdfLabel,
int kdfOutputSizeBytes, CryptoToken token) throws EBaseException {
throw new EBaseException("Not Implemented.");
}

// Comment out for now.

/*
private byte[] kdf_CM_SHA256_HMAC_L384(SymmetricKey masterKey, byte[] context, byte kdfLabel,
int kdfOutputSizeBytes, CryptoToken token) throws EBaseException {
Expand Down Expand Up @@ -279,7 +301,10 @@ private byte[] kdf_CM_SHA256_HMAC_L384(SymmetricKey masterKey, byte[] context, b
return finalOutput;
}
*/


// This should be ok since it just uses the HMAC digest exposed by JSS from NSS.
private byte[] sha256HMAC(SymmetricKey masterKey, // HMAC Secret Key (K_I)
byte[] hmac_data_input, // HMAC Input (i||04||00||context||0180)
int hMAC_DATA_INPUT_SIZE, // Input Length
Expand Down Expand Up @@ -316,6 +341,15 @@ private byte[] sha256HMAC(SymmetricKey masterKey, // HMAC Secret Key (K_I)
// For now calling code only using 128
// Will move later to common class used by both tks and tps

// Stub:

public static byte[] computeAES_CMAC(SymmetricKey aesKey, byte[] input) throws EBaseException {
throw new EBaseException("Not Implemented.");
}

//Comment out for now.

/*
public static byte[] computeAES_CMAC(SymmetricKey aesKey, byte[] input) throws EBaseException {
String method = "NistSP800_108KDF.computeAES_CMAC:";
Expand Down Expand Up @@ -441,8 +475,18 @@ public static byte[] computeAES_CMAC(SymmetricKey aesKey, byte[] input) throws E
return encData;
}

*/
// SCP03 AES-CMAC support function
//
// Stub:

private static byte[] getAES_CMAC_SubKey(byte[] input) {
return null;
}

// Comment out for now.

/*
private static byte[] getAES_CMAC_SubKey(byte[] input) {
byte[] output = new byte[input.length];
Expand All @@ -459,6 +503,7 @@ private static byte[] getAES_CMAC_SubKey(byte[] input) {
}
return output;
}
*/

// Collection of informal invocations of api used to create various session keys
// Done with test data.
Expand Down
Loading

0 comments on commit 3d03e65

Please sign in to comment.