Class NistSP800_108KDF


  • public class NistSP800_108KDF
    extends KDF
    • Method Detail

      • useThisKDF

        public static boolean useThisKDF​(byte nistSP800_108KDFonKeyVersion,
                                         byte requestedKeyVersion)
      • computeCardKeys

        public java.util.Map<java.lang.String,​org.mozilla.jss.crypto.SymmetricKey> computeCardKeys​(org.mozilla.jss.crypto.SymmetricKey masterKey,
                                                                                                         byte[] context,
                                                                                                         org.mozilla.jss.crypto.CryptoToken token)
                                                                                                  throws EBaseException
        Generates three PK11SymKey objects using the KDF_CM_SHA256HMAC_L384() function for key data. After calling KDF_CM_SHA256HMAC_L384, the function splits up the output, sets DES parity, and imports the keys into the token. Careful: This function currently generates the key data **IN RAM** using calls to NSS sha256. The key data is then "unwrapped" (imported) to the NSS token and then erased from RAM. (This means that a malicious actor on the box could steal the key data.) Note: Returned key material from the KDF is converted into keys according to the following: Bytes 0 - 15 : enc/auth key Bytes 16 - 31 : mac key Bytes 32 - 47 : kek key We chose this order to conform with the key order used by the PUT KEY command.
        Throws:
        EBaseException
      • kdf_AES_CMAC_SCP03

        public byte[] kdf_AES_CMAC_SCP03​(org.mozilla.jss.crypto.SymmetricKey masterKey,
                                         byte[] context,
                                         byte kdfConstant,
                                         int kdfOutputSizeBytes)
                                  throws EBaseException
        Throws:
        EBaseException
      • computeAES_CMAC

        public static byte[] computeAES_CMAC​(org.mozilla.jss.crypto.SymmetricKey aesKey,
                                             byte[] input)
                                      throws EBaseException
        Throws:
        EBaseException
      • main

        public static void main​(java.lang.String[] args)