Closed
Bug 263544
Opened 20 years ago
Closed 16 years ago
support HmacSHA256, HmacSHA384, and HmacSHA512
Categories
(JSS Graveyard :: Library, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
4.3
People
(Reporter: glenbeasley, Assigned: glenbeasley)
References
Details
Attachments
(1 file, 2 obsolete files)
|
14.17 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
bug https://bugzilla.mozilla.org/show_bug.cgi?id=181540 added support for SHA256, SHA384, and SHA512 signature but Hmac support should be added as well.
|
Assignee | |
Updated•20 years ago
|
Summary: suport HmacSHA256, HmacSHA384, and HmacSHA512 → support HmacSHA256, HmacSHA384, and HmacSHA512
|
|
Assignee | |
Comment 1•19 years ago
|
||
Testing with the patch from bug 313196 which needs to be checked in. Test results first using jdk 1.4, and then 1.5. java org.mozilla.jss.tests.HMACTest situp_5084 passwords main: jss library loaded The Java version is: 1.4.2_05 Mozilla-JSS supports HmacMD2 and the output size is 16 SunJCE and Mozilla-JSS give same HmacMD5 HMACS SunJCE and Mozilla-JSS give same HmacSHA1 HMACS Mozilla-JSS supports HmacSHA256 and the output size is 32 Mozilla-JSS supports HmacSHA384 and the output size is 48 Mozilla-JSS supports HmacSHA512 and the output size is 64 java org.mozilla.jss.tests.HMACTest situp_5084 passwords main: jss library loaded The Java version is: 1.5.0_04 Mozilla-JSS supports HmacMD2 and the output size is 16 SunJCE and Mozilla-JSS give same HmacMD5 HMACS SunJCE and Mozilla-JSS give same HmacSHA1 HMACS SunJCE and Mozilla-JSS give same HmacSHA256 HMACS SunJCE and Mozilla-JSS give same HmacSHA384 HMACS SunJCE and Mozilla-JSS give same HmacSHA512 HMACS
Attachment #200569 -
Flags: superreview?(wtchang)
Attachment #200569 -
Flags: review?(Sandeep.Konchady)
|
|
Assignee | |
Comment 2•19 years ago
|
||
Comment on attachment 200569 [details]
Added HmacSHA256, HmacSHA384, and HmacSha512
I need to check that the OID's are correct in HMACAlgorithm.java. I will submit another patch.
Attachment #200569 -
Attachment is obsolete: true
Attachment #200569 -
Attachment is patch: false
Attachment #200569 -
Flags: superreview?(wtchang)
Attachment #200569 -
Flags: review?(Sandeep.Konchady)
|
||
Comment 3•19 years ago
|
||
Comment on attachment 200569 [details] Added HmacSHA256, HmacSHA384, and HmacSha512 In crypto/Algorithm.java: > protected static final short SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION=41; > protected static final short SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION=42; > protected static final short SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION=43; >+ protected static final short CKM_SHA256_HMAC=44; >+ protected static final short CKM_SHA384_HMAC=45; >+ protected static final short CKM_SHA512_HMAC=46; >+ protected static final short CKM_MD2_HMAC=47; >+ protected static final short CKM_MD5_HMAC=48; I suggest you add a blank line between the existing constants and the new constants because there is a comment "FIPS 180-2" for the existing constants, and the new constants aren't (all) covered by that FIPS. At lease, the blank line should separate CKM_MD2_HMAC and CKM_MD5_HMAC from the constants that involve SHA256-512 (the topic of FIPS 180-2). In tests/HMACTest.java, related variables should have similar names. >+ mozillaHmacOut = hmacJSS.doFinal(clearText.getBytes()); This line establishes the relation between mozillaHmacOut and hmacJSS, so hmacJSS should be renamed mozillaHmac. Don't you think this looks nicer? mozillaHmacOut = mozillaHmac.doFinal(clearText.getBytes()); >+ otherHmacOut = hmacProvider.doFinal(clearText.getBytes()); Similarly, hmacProvider should be renamed otherHmac. Rename doHMACCompare as compareHMAC.
|
||
Updated•18 years ago
|
QA Contact: libraries
|
|
||
Updated•17 years ago
|
QA Contact: libraries → jss-qa
|
|
Assignee | |
Comment 5•17 years ago
|
||
add support for HmacSHA256, HmacSHA384, and HmacSHA512 for OID information used: http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html output from test program /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/bin/java -Djava.library.path=/Users/b/tip/mozilla/dist/Darwin9.2.2_DBG.OBJ//lib -cp /Users/b/tip/mozilla/dist/Darwin9.2.2_DBG.OBJ//../xpclass_dbg.jar org.mozilla.jss.tests.HMACTest /Users/b/tip/mozilla/tests_results/jss/Macintosh-2.local.7 passwords main: jss library loaded Apple and Mozilla-JSS give same HmacSHA1 SunJCE and Mozilla-JSS give same HmacSHA1 SunJCE and Mozilla-JSS give same HmacSHA256 SunJCE and Mozilla-JSS give same HmacSHA384 SunJCE and Mozilla-JSS give same HmacSHA512
Attachment #322285 -
Flags: review?(wtc)
|
|
Assignee | |
Comment 6•17 years ago
|
||
Attachment #322286 -
Flags: review?(wtc)
|
|
Assignee | |
Updated•17 years ago
|
Attachment #322285 -
Attachment is obsolete: true
Attachment #322285 -
Flags: review?(wtc)
|
|
||
Comment 7•17 years ago
|
||
Comment on attachment 322286 [details] [diff] [review] add support for HmacSHA256, HmacSHA384, and HmacSHA512 r=wtc. In org/mozilla/jss/tests/HMACTest.java >- if ( argv.length != 2 ) { >+ if ( argv.length < 1 ) { The test should be "argv.length != 1". >+ if (hmacTest.compareHMAC(JSS_HMAC_Algs[i], sk, clearText) >+ == false) { You can use ! to test for false: if (!hmacTest.compareHMAC(...)) {
Attachment #322286 -
Flags: review?(wtc) → review+
|
|
Assignee | |
Comment 8•16 years ago
|
||
Thanks for the review Wan-Teh. I also added to all.pl so that when FIPSMODE is enable the HMACTest.java is tested. Checking in org/mozilla/jss/JSSProvider.java; /cvsroot/mozilla/security/jss/org/mozilla/jss/JSSProvider.java,v <-- JSSProvider.java new revision: 1.32; previous revision: 1.31 done Checking in org/mozilla/jss/crypto/Algorithm.c; /cvsroot/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c,v <-- Algorithm.c new revision: 1.14; previous revision: 1.13 done Checking in org/mozilla/jss/crypto/Algorithm.h; /cvsroot/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.h,v <-- Algorithm.h new revision: 1.13; previous revision: 1.12 done Checking in org/mozilla/jss/crypto/Algorithm.java; /cvsroot/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.java,v <-- Algorithm.java new revision: 1.12; previous revision: 1.11 done Checking in org/mozilla/jss/crypto/HMACAlgorithm.java; /cvsroot/mozilla/security/jss/org/mozilla/jss/crypto/HMACAlgorithm.java,v <-- HMACAlgorithm.java new revision: 1.4; previous revision: 1.3 done Checking in org/mozilla/jss/provider/javax/crypto/JSSMacSpi.java; /cvsroot/mozilla/security/jss/org/mozilla/jss/provider/javax/crypto/JSSMacSpi.java,v <-- JSSMacSpi.java new revision: 1.3; previous revision: 1.2 done Checking in org/mozilla/jss/tests/HMACTest.java; /cvsroot/mozilla/security/jss/org/mozilla/jss/tests/HMACTest.java,v <-- HMACTest.java new revision: 1.5; previous revision: 1.4 done Checking in org/mozilla/jss/tests/all.pl; /cvsroot/mozilla/security/jss/org/mozilla/jss/tests/all.pl,v <-- all.pl new revision: 1.51; previous revision: 1.50 done
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.3
You need to log in
before you can comment on or make changes to this bug.
Description
•