support HmacSHA256, HmacSHA384, and HmacSHA512

RESOLVED FIXED in 4.3

Status

JSS
Library
RESOLVED FIXED
13 years ago
10 years ago

People

(Reporter: glen beasley, Assigned: glen beasley)

Tracking

Details

Attachments

(1 attachment, 2 obsolete attachments)

(Assignee)

Description

13 years ago
bug https://bugzilla.mozilla.org/show_bug.cgi?id=181540 added 
support for SHA256, SHA384, and SHA512 signature but Hmac support 
should be added as well.
(Assignee)

Updated

13 years ago
Summary: suport HmacSHA256, HmacSHA384, and HmacSHA512 → support HmacSHA256, HmacSHA384, and HmacSHA512
(Assignee)

Updated

12 years ago
Status: NEW → ASSIGNED
Depends on: 313196
(Assignee)

Comment 1

12 years ago
Created attachment 200569 [details]
Added HmacSHA256, HmacSHA384, and HmacSha512

Testing with the patch from bug 313196 which needs
to be checked in. 

Test results first using jdk 1.4, and then 1.5.

java org.mozilla.jss.tests.HMACTest situp_5084 passwords
main: jss library loaded
The Java version is: 1.4.2_05
Mozilla-JSS supports HmacMD2  and the output size is 16
SunJCE and Mozilla-JSS give same HmacMD5 HMACS
SunJCE and Mozilla-JSS give same HmacSHA1 HMACS
Mozilla-JSS supports HmacSHA256  and the output size is 32
Mozilla-JSS supports HmacSHA384  and the output size is 48
Mozilla-JSS supports HmacSHA512  and the output size is 64

java org.mozilla.jss.tests.HMACTest situp_5084 passwords
main: jss library loaded
The Java version is: 1.5.0_04
Mozilla-JSS supports HmacMD2  and the output size is 16
SunJCE and Mozilla-JSS give same HmacMD5 HMACS
SunJCE and Mozilla-JSS give same HmacSHA1 HMACS
SunJCE and Mozilla-JSS give same HmacSHA256 HMACS
SunJCE and Mozilla-JSS give same HmacSHA384 HMACS
SunJCE and Mozilla-JSS give same HmacSHA512 HMACS
Attachment #200569 - Flags: superreview?(wtchang)
Attachment #200569 - Flags: review?(Sandeep.Konchady)
(Assignee)

Comment 2

12 years ago
Comment on attachment 200569 [details]
Added HmacSHA256, HmacSHA384, and HmacSha512

I need to check that the OID's are correct in HMACAlgorithm.java. I will submit another patch.
Attachment #200569 - Attachment is obsolete: true
Attachment #200569 - Attachment is patch: false
Attachment #200569 - Flags: superreview?(wtchang)
Attachment #200569 - Flags: review?(Sandeep.Konchady)

Comment 3

12 years ago
Comment on attachment 200569 [details]
Added HmacSHA256, HmacSHA384, and HmacSha512

In crypto/Algorithm.java:

>     protected static final short SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION=41;
>     protected static final short SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION=42;
>     protected static final short SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION=43;
>+    protected static final short CKM_SHA256_HMAC=44;
>+    protected static final short CKM_SHA384_HMAC=45;
>+    protected static final short CKM_SHA512_HMAC=46;
>+    protected static final short CKM_MD2_HMAC=47;
>+    protected static final short CKM_MD5_HMAC=48;

I suggest you add a blank line between the existing constants
and the new constants because there is a comment "FIPS 180-2"
for the existing constants, and the new constants aren't (all)
covered by that FIPS.  At lease, the blank line should separate
CKM_MD2_HMAC and CKM_MD5_HMAC from the constants that involve
SHA256-512 (the topic of FIPS 180-2).

In tests/HMACTest.java, related variables should have similar
names.

>+        mozillaHmacOut = hmacJSS.doFinal(clearText.getBytes());

This line establishes the relation between mozillaHmacOut
and hmacJSS, so hmacJSS should be renamed mozillaHmac.
Don't you think this looks nicer?
    mozillaHmacOut = mozillaHmac.doFinal(clearText.getBytes());

>+            otherHmacOut = hmacProvider.doFinal(clearText.getBytes());

Similarly, hmacProvider should be renamed otherHmac.

Rename doHMACCompare as compareHMAC.
(Assignee)

Updated

11 years ago
Duplicate of this bug: 317045
QA Contact: libraries
QA Contact: libraries → jss-qa
(Assignee)

Comment 5

10 years ago
Created attachment 322285 [details]
add support for HmacSHA256, HmacSHA384, and HmacSHA512  


add support for HmacSHA256, HmacSHA384, and HmacSHA512  

for OID information used:
http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html

output from test program
/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/bin/java -Djava.library.path=/Users/b/tip/mozilla/dist/Darwin9.2.2_DBG.OBJ//lib -cp /Users/b/tip/mozilla/dist/Darwin9.2.2_DBG.OBJ//../xpclass_dbg.jar org.mozilla.jss.tests.HMACTest /Users/b/tip/mozilla/tests_results/jss/Macintosh-2.local.7 passwords
main: jss library loaded
Apple and Mozilla-JSS give same HmacSHA1
SunJCE and Mozilla-JSS give same HmacSHA1
SunJCE and Mozilla-JSS give same HmacSHA256
SunJCE and Mozilla-JSS give same HmacSHA384
SunJCE and Mozilla-JSS give same HmacSHA512
Attachment #322285 - Flags: review?(wtc)
(Assignee)

Comment 6

10 years ago
Created attachment 322286 [details] [diff] [review]
add support for HmacSHA256, HmacSHA384, and HmacSHA512
Attachment #322286 - Flags: review?(wtc)
(Assignee)

Updated

10 years ago
Attachment #322285 - Attachment is obsolete: true
Attachment #322285 - Flags: review?(wtc)

Comment 7

10 years ago
Comment on attachment 322286 [details] [diff] [review]
add support for HmacSHA256, HmacSHA384, and HmacSHA512  

r=wtc.

In org/mozilla/jss/tests/HMACTest.java

>-            if ( argv.length != 2 ) {
>+            if ( argv.length < 1 ) {

The test should be "argv.length != 1".

>+                if (hmacTest.compareHMAC(JSS_HMAC_Algs[i], sk, clearText) 
>+                    == false) {

You can use ! to test for false: if (!hmacTest.compareHMAC(...)) {
Attachment #322286 - Flags: review?(wtc) → review+
(Assignee)

Comment 8

10 years ago
Thanks for the review Wan-Teh. 

I also added to all.pl so that when FIPSMODE is enable 
the HMACTest.java is tested. 

Checking in org/mozilla/jss/JSSProvider.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/JSSProvider.java,v  <--  JSSProvider.java
new revision: 1.32; previous revision: 1.31
done
Checking in org/mozilla/jss/crypto/Algorithm.c;
/cvsroot/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c,v  <--  Algorithm.c
new revision: 1.14; previous revision: 1.13
done
Checking in org/mozilla/jss/crypto/Algorithm.h;
/cvsroot/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.h,v  <--  Algorithm.h
new revision: 1.13; previous revision: 1.12
done
Checking in org/mozilla/jss/crypto/Algorithm.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.java,v  <--  Algorithm.java
new revision: 1.12; previous revision: 1.11
done
Checking in org/mozilla/jss/crypto/HMACAlgorithm.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/crypto/HMACAlgorithm.java,v  <--  HMACAlgorithm.java
new revision: 1.4; previous revision: 1.3
done
Checking in org/mozilla/jss/provider/javax/crypto/JSSMacSpi.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/provider/javax/crypto/JSSMacSpi.java,v  <--  JSSMacSpi.java
new revision: 1.3; previous revision: 1.2
done
Checking in org/mozilla/jss/tests/HMACTest.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/tests/HMACTest.java,v  <--  HMACTest.java
new revision: 1.5; previous revision: 1.4
done
Checking in org/mozilla/jss/tests/all.pl;
/cvsroot/mozilla/security/jss/org/mozilla/jss/tests/all.pl,v  <--  all.pl
new revision: 1.51; previous revision: 1.50
done
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.3
You need to log in before you can comment on or make changes to this bug.