Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
JniDeriveKmip.java
package com.p6r.kmip;
import org.junit.*;
import javax.crypto.spec.SecretKeySpec;
import static org.junit.Assert.assertEquals;
public class JniDeriveKmip {
private static final String _hostName = "kmiptest01.p6r.com";
@BeforeClass
public static void oneTimeSetUp() {
// NOOP
System.out.println("@BeforeClass - oneTimeSetUp");
}
@AfterClass
public static void oneTimeTearDown() {
// NOOP
System.out.println("@AfterClass - oneTimeTearDown");
}
@Before
public void setUp() {
// NOOP
System.out.println("@Before - setUp");
}
@After
public void tearDown() {
// NOOP
System.out.println("@After - tearDown");
}
@Test
public void JNICall_deriveKMIP() {
System.out.println("@Test - JNICall-deriveKMIP");
String baseUID = null;
String deriveUID = null;
String[] attribute = null;
TransparentKey tk = null;
TransparentSymmetricKey symKey = null;
P6KMIPClient kc = new P6KMIPClient();
try {
kc.initializeLibrary(P6KMIPClient.FLAGS_NONE);
kc.open(_hostName, null);
// [A] Beginning cases all use this symmetric key as a base to derive other keys from
baseUID = kc.createSymmetricKey(KMIPConstants.ALG_AES, 128, (KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT | KMIPConstants.USAGE_MASK_DERIVEKEY));
System.out.println("\nA. UID of new AES key: " + baseUID);
// -> key must be in the activate state to use it to derive another key
kc.activate(baseUID);
attribute = kc.getAttribute(baseUID, "State");
assertEquals(attribute[0], "Active");
System.out.println("UID of new AES activated key: " + baseUID + ", State = " + attribute[0]);
// [B] Use the AES symmetric key to derive a new key via HMAC method
DeriveParams dp1 = new DeriveParams();
byte[] derivationData = new byte[2];
derivationData[0] = 0x01;
derivationData[1] = 0x02;
String[] UIDs = new String[1];
UIDs[0] = baseUID;
dp1.setDerivationMethod(KMIPConstants.DERIVE_HMAC);
dp1.setHashAlgorithm(KMIPConstants.HASH_SHA256);
dp1.setDerivationData(derivationData);
dp1.setUIDs(UIDs);
deriveUID = kc.deriveSymmetricKey(KMIPConstants.ALG_AES, 128, (KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT), dp1);
System.out.println("\nB. UID of new derived key using HMAC method: " + deriveUID);
// -> show that the newly derived key can be read
tk = kc.getSymmetricKey(deriveUID);
if (tk instanceof TransparentSymmetricKey) {
symKey = (TransparentSymmetricKey) tk;
SecretKeySpec sks = symKey.getSecretKeySpec();
System.out.println("Secret key, algorithm: " + sks.getAlgorithm() + ", format: " + sks.getFormat() + ", encoded: " + sks.getEncoded());
assertEquals(sks.getAlgorithm(), "AES");
} else assertEquals(0, 1);
kc.destroy(deriveUID);
// [C] Use the AES symmetric key to derive a new key via HASH method
DeriveParams dp2 = new DeriveParams();
dp2.setDerivationMethod(KMIPConstants.DERIVE_HASH);
dp2.setHashAlgorithm(KMIPConstants.HASH_SHA256);
dp2.setUIDs(UIDs);
deriveUID = kc.deriveSymmetricKey(KMIPConstants.ALG_AES, 128, (KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT), dp2);
System.out.println("\nC. UID of new derived key using Hash method: " + deriveUID);
// -> show that the newly derived key can be read
tk = kc.getSymmetricKey(deriveUID);
if (tk instanceof TransparentSymmetricKey) {
symKey = (TransparentSymmetricKey) tk;
SecretKeySpec sks = symKey.getSecretKeySpec();
System.out.println("Secret key, algorithm: " + sks.getAlgorithm() + ", format: " + sks.getFormat() + ", encoded: " + sks.getEncoded());
assertEquals(sks.getAlgorithm(), "AES");
} else assertEquals(0, 1);
kc.destroy(deriveUID);
// [D] Use the AES symmetric key to derive a new key via PBKDF2 method with salt
DeriveParams dp3 = new DeriveParams();
byte[] salt = new byte[4];
salt[0] = 0x73;
salt[1] = 0x61;
salt[2] = 0x6c;
salt[3] = 0x74;
dp3.setDerivationMethod(KMIPConstants.DERIVE_PBKDF2);
dp3.setSalt(salt);
dp3.setIterationCount(4096);
dp3.setUIDs(UIDs);
deriveUID = kc.deriveSymmetricKey(KMIPConstants.ALG_AES, 128, (KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT), dp3);
System.out.println("\nD. UID of new derived key using PBKDF2 method: " + deriveUID);
// -> show that the newly derived key can be read
tk = kc.getSymmetricKey(deriveUID);
if (tk instanceof TransparentSymmetricKey) {
symKey = (TransparentSymmetricKey) tk;
SecretKeySpec sks = symKey.getSecretKeySpec();
System.out.println("Secret key, algorithm: " + sks.getAlgorithm() + ", format: " + sks.getFormat() + ", encoded: " + sks.getEncoded());
assertEquals(sks.getAlgorithm(), "AES");
} else assertEquals(0, 1);
kc.destroy(deriveUID);
// [E] Uses asymmetric keys to derive a key
DomainParams dpp = new DomainParams();
dpp.setQlength(256);
dpp.setRecommendedCurve(KMIPConstants.CURVE_SECP256K1);
KeyPairIds pi1 = kc.createKeyPairWithParams(KMIPConstants.ALG_EC, dpp, (KMIPConstants.USAGE_MASK_DERIVEKEY | KMIPConstants.USAGE_MASK_VERIFY), (KMIPConstants.USAGE_MASK_DERIVEKEY | KMIPConstants.USAGE_MASK_SIGN));
System.out.println("\nUID of new public key 1 with params: " + pi1.getPublicKeyUID());
System.out.println("UID of new private key 1 with params: " + pi1.getPrivateKeyUID());
KeyPairIds pi2 = kc.createKeyPairWithParams(KMIPConstants.ALG_EC, dpp, (KMIPConstants.USAGE_MASK_DERIVEKEY | KMIPConstants.USAGE_MASK_VERIFY), (KMIPConstants.USAGE_MASK_DERIVEKEY | KMIPConstants.USAGE_MASK_SIGN));
System.out.println("UID of new public key 2 with params: " + pi2.getPublicKeyUID());
System.out.println("UID of new private key 2 with params: " + pi2.getPrivateKeyUID());
// -> both keys must be in the activate state to use it to derive another key
kc.activate(pi1.getPrivateKeyUID());
attribute = kc.getAttribute(pi1.getPrivateKeyUID(), "State");
assertEquals(attribute[0], "Active");
System.out.println("UID of new activated private key 1: " + pi1.getPrivateKeyUID() + ", State = " + attribute[0]);
kc.activate(pi2.getPublicKeyUID());
attribute = kc.getAttribute(pi2.getPublicKeyUID(), "State");
assertEquals(attribute[0], "Active");
System.out.println("UID of new activated public key 2: " + pi2.getPublicKeyUID() + ", State = " + attribute[0]);
DeriveParams dp4 = new DeriveParams();
String[] asymUIDs = new String[2];
asymUIDs[0] = pi1.getPrivateKeyUID();
asymUIDs[1] = pi2.getPublicKeyUID();
dp4.setDerivationMethod(KMIPConstants.DERIVE_ASYMMETRICKEY);
dp4.setCryptoAlgorithm(KMIPConstants.ALG_ECDH);
dp4.setUIDs(asymUIDs);
deriveUID = kc.deriveSymmetricKey(KMIPConstants.ALG_AES, 256, (KMIPConstants.USAGE_MASK_ENCRYPT | KMIPConstants.USAGE_MASK_DECRYPT), dp4);
System.out.println("\nE. UID of new derived key using Asymmetric method: " + deriveUID);
// -> show that the newly derived key can be read
tk = kc.getSymmetricKey(deriveUID);
if (tk instanceof TransparentSymmetricKey) {
symKey = (TransparentSymmetricKey) tk;
SecretKeySpec sks = symKey.getSecretKeySpec();
System.out.println("Secret key, algorithm: " + sks.getAlgorithm() + ", format: " + sks.getFormat() + ", encoded: " + sks.getEncoded() + "\n\n");
assertEquals(sks.getAlgorithm(), "AES");
} else assertEquals(0, 1);
kc.destroy(deriveUID);
// -> clean up all keys used for derivations
kc.revoke(pi1.getPrivateKeyUID(), KMIPConstants.REVOCATION_CESSATION_OF_OPERATION, "Done with test derive private key");
kc.destroy(pi1.getPublicKeyUID());
kc.destroy(pi1.getPrivateKeyUID());
kc.revoke(pi2.getPublicKeyUID(), KMIPConstants.REVOCATION_CESSATION_OF_OPERATION, "Done with test derive public key");
kc.destroy(pi2.getPublicKeyUID());
kc.destroy(pi2.getPrivateKeyUID());
kc.revoke(baseUID, KMIPConstants.REVOCATION_CESSATION_OF_OPERATION, "Done with test derive symmetric key");
kc.destroy(baseUID);
kc.close();
kc.freeLibrary();
} catch (Exception e) {
// -> we shoud not get here
System.out.println(e.toString());
assertEquals(0, 1);
}
}
}