Package com.netscape.cms.servlet.tks
Class NistSP800_108KDF
- java.lang.Object
-
- com.netscape.cms.servlet.tks.KDF
-
- com.netscape.cms.servlet.tks.NistSP800_108KDF
-
public class NistSP800_108KDF extends KDF
-
-
Field Summary
Fields Modifier and Type Field Description static byteCARD_CRYPTO_KDF_CONSTANTstatic byteENC_KDF_CONSTANTstatic byteHOST_CRYPTO_KDF_CONSTANTstatic byteMAC_KDF_CONSTANTstatic byteRMAC_KDF_CONSTANTstatic intSHA256_LENGTH
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static byte[]computeAES_CMAC(org.mozilla.jss.crypto.SymmetricKey aesKey, byte[] input)java.util.Map<java.lang.String,org.mozilla.jss.crypto.SymmetricKey>computeCardKeys(org.mozilla.jss.crypto.SymmetricKey masterKey, byte[] context, org.mozilla.jss.crypto.CryptoToken token)Generates three PK11SymKey objects using the KDF_CM_SHA256HMAC_L384() function for key data.byte[]kdf_AES_CMAC_SCP03(org.mozilla.jss.crypto.SymmetricKey masterKey, byte[] context, byte kdfConstant, int kdfOutputSizeBytes)static voidmain(java.lang.String[] args)static booleanuseThisKDF(byte nistSP800_108KDFonKeyVersion, byte requestedKeyVersion)-
Methods inherited from class com.netscape.cms.servlet.tks.KDF
getDesParity, getDiversificationData_EMV, getDiversificationData_VISA2
-
-
-
-
Field Detail
-
SHA256_LENGTH
public static final int SHA256_LENGTH
- See Also:
- Constant Field Values
-
ENC_KDF_CONSTANT
public static final byte ENC_KDF_CONSTANT
- See Also:
- Constant Field Values
-
MAC_KDF_CONSTANT
public static final byte MAC_KDF_CONSTANT
- See Also:
- Constant Field Values
-
RMAC_KDF_CONSTANT
public static final byte RMAC_KDF_CONSTANT
- See Also:
- Constant Field Values
-
CARD_CRYPTO_KDF_CONSTANT
public static final byte CARD_CRYPTO_KDF_CONSTANT
- See Also:
- Constant Field Values
-
HOST_CRYPTO_KDF_CONSTANT
public static final byte HOST_CRYPTO_KDF_CONSTANT
- See Also:
- Constant Field Values
-
-
Method Detail
-
useThisKDF
public static boolean useThisKDF(byte nistSP800_108KDFonKeyVersion, byte requestedKeyVersion)
-
computeCardKeys
public java.util.Map<java.lang.String,org.mozilla.jss.crypto.SymmetricKey> computeCardKeys(org.mozilla.jss.crypto.SymmetricKey masterKey, byte[] context, org.mozilla.jss.crypto.CryptoToken token) throws EBaseExceptionGenerates three PK11SymKey objects using the KDF_CM_SHA256HMAC_L384() function for key data. After calling KDF_CM_SHA256HMAC_L384, the function splits up the output, sets DES parity, and imports the keys into the token. Careful: This function currently generates the key data **IN RAM** using calls to NSS sha256. The key data is then "unwrapped" (imported) to the NSS token and then erased from RAM. (This means that a malicious actor on the box could steal the key data.) Note: Returned key material from the KDF is converted into keys according to the following: Bytes 0 - 15 : enc/auth key Bytes 16 - 31 : mac key Bytes 32 - 47 : kek key We chose this order to conform with the key order used by the PUT KEY command.- Throws:
EBaseException
-
kdf_AES_CMAC_SCP03
public byte[] kdf_AES_CMAC_SCP03(org.mozilla.jss.crypto.SymmetricKey masterKey, byte[] context, byte kdfConstant, int kdfOutputSizeBytes) throws EBaseException- Throws:
EBaseException
-
computeAES_CMAC
public static byte[] computeAES_CMAC(org.mozilla.jss.crypto.SymmetricKey aesKey, byte[] input) throws EBaseException- Throws:
EBaseException
-
main
public static void main(java.lang.String[] args)
-
-