[PATCH] Non server keygen issue in SCP03. Ticket 1663 Add SCP03 support: https://pagure.io/dogtagpki/issue/1663
We discovered a minor issue when trying to log values that don't exist when performing the non server side keygen case. For instance , we don't need to generate a kek session key in this case, and we were trying to print info about it to the logs. This fix allows this case to work without issue.
From d58e929de707ad5139c57cd493fae5485ca3acae Mon Sep 17 00:00:00 2001 From: Jack Magne <jma...@dhcp-16-206.sjc.redhat.com> Date: Fri, 5 May 2017 11:44:17 -0700 Subject: [PATCH] Non server keygen issue in SCP03. Ticket 1663 Add SCP03 support: https://pagure.io/dogtagpki/issue/1663 We discovered a minor issue when trying to log values that don't exist when performing the non server side keygen case. For instance , we don't need to generate a kek session key in this case, and we were trying to print info about it to the logs. This fix allows this case to work without issue. --- .../server/tps/channel/SecureChannel.java | 4 +- .../server/tps/processor/TPSProcessor.java | 51 +++++++++++++++------- 2 files changed, 37 insertions(+), 18 deletions(-) diff --git a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java index fc5472c..5e5646b 100644 --- a/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java +++ b/base/tps/src/org/dogtagpki/server/tps/channel/SecureChannel.java @@ -148,8 +148,8 @@ public class SecureChannel { CMS.debug("SecureChannel.SecureChannel: For SCP03. : "); - CMS.debug("kekDesKey: " + kekDesKey.toHexString()); - CMS.debug("keyCheck: " + keyCheck.toHexString()); + if (keyCheck != null) + CMS.debug("keyCheck: " + keyCheck.toHexString()); this.platProtInfo = platformInfo; this.processor = processor; diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 0cfac59..0f96915 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -33,6 +33,8 @@ import java.util.List; import java.util.Map; import java.util.Set; +import netscape.security.x509.RevocationReason; + import org.dogtagpki.server.tps.TPSSession; import org.dogtagpki.server.tps.TPSSubsystem; import org.dogtagpki.server.tps.authentication.AuthUIParameter; @@ -100,8 +102,6 @@ import com.netscape.cms.servlet.tks.SecureChannelProtocol; import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.symkey.SessionKey; -import netscape.security.x509.RevocationReason; - public class TPSProcessor { public static final int RESULT_NO_ERROR = 0; @@ -923,20 +923,39 @@ public class TPSProcessor { TPSBuffer drmDesKeyBuff = resp.getDRM_Trans_DesKey(); TPSBuffer kekDesKeyBuff = resp.getKekWrappedDesKey(); - CMS.debug(method + " encSessionKeyBuff: " + encSessionKeyBuff.toHexString()); - CMS.debug(method + " kekSessionKeyBuff: " + kekSessionKeyBuff.toHexString()); - CMS.debug(method + " macSessionKeyBuff: " + macSessionKeyBuff.toHexString()); - CMS.debug(method + " hostCryptogramBuff: " + hostCryptogramBuff.toHexString()); - CMS.debug(method + " keyCheckBuff: " + keyCheckBuff.toHexString()); - CMS.debug(method + " drmDessKeyBuff: " + drmDesKeyBuff.toHexString()); - CMS.debug(method + " kekDesKeyBuff: " + kekDesKeyBuff.toHexString()); - - encSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - encSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); - macSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - macSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); - kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, - kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + if (encSessionKeyBuff != null) + CMS.debug(method + " encSessionKeyBuff: " + encSessionKeyBuff.toHexString()); + + if (kekSessionKeyBuff != null) + CMS.debug(method + " kekSessionKeyBuff: " + kekSessionKeyBuff.toHexString()); + + if (macSessionKeyBuff != null) + CMS.debug(method + " macSessionKeyBuff: " + macSessionKeyBuff.toHexString()); + + if (hostCryptogramBuff != null) + CMS.debug(method + " hostCryptogramBuff: " + hostCryptogramBuff.toHexString()); + + if (keyCheckBuff != null) + CMS.debug(method + " keyCheckBuff: " + keyCheckBuff.toHexString()); + + if (drmDesKeyBuff != null) + CMS.debug(method + " drmDessKeyBuff: " + drmDesKeyBuff.toHexString()); + + if (kekDesKeyBuff != null) + CMS.debug(method + " kekDesKeyBuff: " + kekDesKeyBuff.toHexString()); + + + if (encSessionKeyBuff != null) + encSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + encSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + + if (macSessionKeyBuff != null) + macSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + macSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); + + if (kekSessionKeyBuff != null) + kekSessionKeySCP03 = (PK11SymKey) protocol.unwrapWrappedSymKeyOnToken(token, sharedSecret, + kekSessionKeyBuff.toBytesArray(), false, SymmetricKey.AES); channel = new SecureChannel(this, encSessionKeySCP03, macSessionKeySCP03, kekSessionKeySCP03, drmDesKeyBuff, kekDesKeyBuff, -- 2.5.0
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel