The attached TPS patch is for GP Key checks as will be required by an upcoming DoD spec doc. Doc is currently in early draft stages.
attachment cuid.patch
question for the author: Does the applet need changing?
proposed Milestone: 10.2.1 - Per Dogtag 10.2.3 meeting of 09/25/2014
The TPS patch needs to be rewritten in JAVA. Tickets 864 and 866 have been made into patch-integration only tickets. In this ticket (865), when TPS code is written, the NIST SP800-108 KDF feature will then be able to be tested fully.
Per 10.2.2 Triage meeting of 02/24/2015: 10.2.2
Completed the feature as to the following:
Was able to for both scp01 token and scp02 token.
Create Secure channel using the KDD value and the nist derivation functions.
Code needs some cleanup to be reviewed by cfu on Monday if possible.
Closing with following checkin/history.
NISTSP8000 feature.
Implementation of the nistSP800 dervication feature. Works for both supported scp01 cards and scp02 cards. During the various session key and key upgrade functions, the nist dervication code is being called. Review comments addressed Cleanup of some input validation on the TKS. Added some sanity checking on the TPS side for key versions and token cuid's and kdd's. Final review comments. Fixed issue with extracting the kdd from the AppletInfo class. Fixed issue with sending the KDD to the encryptData TKS servlet. Added requested entries to the CS.cfg .
Metadata Update from @klamb: - Issue assigned to jmagne - Issue set to the milestone: 10.2.2
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1432
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.